MGNT309 BSBRES401

Analyse and Present Research Informati on

CIT
Student Name
Number

Competency Title, Code Analyse and Present Research Information

and Banner Code
BSBRES401
CRN

Assessment Type ☒ Written ☐ Case Study ☐ Project ☐ Assignment ☐ Other

Assessment Name Research Report Plan
Assessment Date
Student Statement: This assessment is my own work. Any ideas and comments made by other people have been
acknowledged. I understand that by emailing or submitting this assessment electronically, I agree to this statement.

Student Signature Date

PRIVACY DISCLAIMER: CIT is collecting your personal information for assessment purposes. The information will only be
used in accordance with the CIT Privacy Policy.

Assessor Feedback

 Student provided with feedback

Attempt 1 ☒ Satisfactory ☐ Not Yet Satisfactory Date / /
Attempt 2 ☐ Satisfactory ☐ Not Yet Satisfactory Date / /
Assessor Name Assessor Signature
Note from Assessor: Please record any reasonable adjustment that has occurred for this assessment.

Student Name: Page 1 of 11

Create date: Revised date: 2 August 2020
 UNCLASSIFIED

Evaluation of the pros and

cons of Facebook and Twitter
in a business and cyber
security context
*Document is uncontrolled unless viewed on-line from G Drive Link *

Prepared by: Student

Document Owner Organisational Role

Student Senior Analyst, Cyber Security Advisory Office

Versio Date Author Change Description

n
0.1 15/6/2018 Student Draft for comment
1.0 17/6/2018 Student Final incorporating draft comments

Security Classification Date Authorised by

Unclassified (v0.1) 15/6/2018 Student
Unclassified (v1.0) 17/6/2018 Student

Student Name: Page 2 of 11

Create date: Revised date: 2 August 2020
Distribution List
Date Name (please print) Signature

Student Name: Page 3 of 11

Create date: Revised date: 2 August 2020
Table of contents

Table of contents...................................................................................................................................5
Executive Summary...............................................................................................................................6
Introduction...........................................................................................................................................7
Social Media and Cyber Security...........................................................................................................8
Table 1. Social Media Challenge Types and Information Security Risks.............................................8
Table 2: Estimated ROI of Social Media Protection Investments Based on Incident Reduction........9
Strengths and Weaknesses of Social Media for Business in a Cyber Security context.........................10
Table 3: SWOT Analysis: Facebook/Twitter for business use...........................................................10
Conclusion...........................................................................................................................................11
Recommendations...............................................................................................................................11
References...........................................................................................................................................12

Student Name: Page 4 of 11

Create date: Revised date: 2 August 2020
Executive Summary

Social media is everywhere and has billions of users globally.

Participating in social media comes with advantages and disadvantages (and associated
costs).

This report evaluates the pros and cons of Facebook and Twitter in a business and cyber
security context.

The report, after considering the risk, return on investment, and given the current adverse
media attention directed toward these platforms not meeting community expectations or
legislative requirements on practices, security or integrity, recommends business, at this
time, monitor, but not actively participate in social media.

Student Name: Page 5 of 11

Create date: Revised date: 2 August 2020
Introduction

Today social media is everywhere.

To date, social network sites have become an important and crucial part of daily
communication practices for millions of people (Hekkala et al., 2012).

As of the first quarter of 2018, Facebook and Twitter had 2.19 billion (Statista, 2018) and
327 million (Statista, 2018) monthly active users respectively.

With this global proliferation, it is not unreasonable to expect business to be ‘connected’

through either/or.

With more businesses taking advantage of social media to reach the masses and connect
globally comes increasing security challenges and risks (Punjabi, 2014).

The question then becomes ‘is social media an opportunity or a risk’?

Not every business needs to participate.

Risk tolerance and appetite should drive participation.

This report:
 Evaluates the cyber security context of Facebook and Twitter;
 Compares usage on how business can benefit or be damaged by ‘connecting’, viewed
through a cyber security lens; and
 Makes recommendations to assist the Board of Directors in determine if business
should engage in social media, and if so, to what degree.

Student Name: Page 6 of 11

Create date: Revised date: 2 August 2020
Social Media and Cyber Security

In an employment context, under the doctrine of vicarious liability, social media presents a
risk to employers who may be obligated to prevent employees from disseminating
defamatory, confidential or unlawful information connected with their employment
(Kettles, 2014).

With social media becoming rampant, business needs to guard against social media security
threats like social engineering, targeted phishing attacks, and misuse of fake accounts
(Ghosh, 2011).

The most prevalent challenges for social media information security relate to data integrity
and confidentiality (leaking information by accident, phishing, identity theft, scams, spam,
malware, reputation damage) and the different roles of social media in the company
(private vs. professional identity, networking, marketing tool) (Hekkala et al., 2012) (see
Table 1). 

Table 1. Social Media Challenge Types and Information Security Risks

Challenge type Information security risks
Outside attacks on Malware, Spam, Untrusted applications, Unsafe Internet
employees / company connection (remote work)
Challenges arising from Scams, Phishing, Identity theft, leaking information
employees’ actions / (intentionally or by accident), Audience is blurring, Reputation
unawareness damage
Challenges related to Social media as networking tool (customer communication or
roles keeping network of professional peers), Confusion of private
and professional identity, Social media as ‘the next media’

The openness and speed of communication available through enterprise social media
creates attendant security, reputational, and legal and compliance exposures. The scope of
exposure continues to grow (Houlihan, 2016). No surprises then to learn that more than one
in eight enterprises have suffered security breaches related to a social media-related
cyberattack (Cooper, 2017). 

Many technology solutions have emerged to help organisations address the information
management, monitoring, policy application, and data analysis required to manage social
media risk.

Key solution functionality includes:

 Social Media Threat Surveillance;
 Policy Monitoring;
 Automated Controls;
 Compliance Workflow Management; and
 Social Media Archiving.

Student Name: Page 7 of 11

Create date: Revised date: 2 August 2020
As a solution stack focused on compliance and risk mitigation, the value propositions
presented by social media protection solutions largely relate to the reduction in costs
presented by social media risk.

Solutions do come at a cost, as outlined by Blue Hill (Houlihan, 2016) (see Table 2).

Table 2: Estimated ROI of Social Media Protection Investments Based on

Incident Reduction

Better practice cyber hygiene (Ghosh, 2011) would suggest business consider:
Develop a social media security policy;
Have a multidimensional, risk-based approach;
Identify safe social networking sites;
Enhance enterprise network visibility;
Classify sensitive data;
Protect endpoints; and
Educate employees.

Student Name: Page 8 of 11

Create date: Revised date: 2 August 2020
Strengths and Weaknesses of Social Media for Business in a Cyber Security
context

Apart from the number of users, and that Facebook networks people while Twitter networks
ideas and topics (webTEGRITY, 2018), they are similar in nature and have been evaluated as
one item for the SWOT analysis.

Table 3: SWOT Analysis: Facebook/Twitter for business use

Strengths
 Well recognised brand name for usage
 Global reach
 Used daily by millions/billions of users
 Can push messages out quickly
 Users will generally search these platforms if they are interested in the business
 Can push messages into specific interest groups by going to their sites (not ours)

Weaknesses
 Messages are not targeted
 No control of users or how they use the medium
 Specific interest groups are difficult to reach without participating on their sites
(not ours)
 Users need to have an interest in the business to search for us
 Sites are subject to abuse, scams and misinformation (intentional or otherwise)
 Need to maintain an active presence to maintain/retain external interest

Opportunities
 Can reach a new audience very quickly
 Can create new business and networks with the right marketing strategy

Threats
 Current public opinion and media attention is trending towards a lack of trust in
the platform/s, use, content and management
 Platforms have been compromised, and continue to be so
 Audience attention needs to be maintained to warrant the investment
 Business brand can be easily tarnished through malicious or otherwise user action
 Business could suffer financial loss if platform opinion is negative
 Business will need to invest in people, controls and resources to avoid vicarious
liability. This is of an unknown magnitude that the business may not be able to
afford
 Business will need to develop policies for social media usage and security
 Even passive monitoring is a cost the business may not be able to afford

Student Name: Page 9 of 11

Create date: Revised date: 2 August 2020
Conclusion

Connecting comes with advantages, risks and costs.

The changing nature of social media and its lack of integrity creates an additional layer of
risk for business sustainability.

While systems and processes can protect applications from most instances, human activity
presents the highest risk that is most difficult and resource intensive to mitigate against.

At this point, SWOT analysis indicators are that risk, and costs outweigh benefits.

Recommendations

1. Given the limited locus of control business has of external users/usage of the
platforms and the inherent risks associated with intentional/unintentional incidents,
it is recommended the business only passively interacts with Facebook and Twitter
i.e. the business monitors social media sentiment towards it but does not actively
maintain sites or provide comment.

2. If the business were to ‘connect’, it will come at a cost. A budget will need to be
allocated to provide the necessary resources to participate, as well as prevent, detect
and respond to social media incidents.

3. Interaction/connection policy should be reviewed at least annually to allow for the

rapidly changing nature, influence and perceived community value/s of social media
on business activities.

Student Name: Page 10 of 11

Create date: Revised date: 2 August 2020
References

Cooper, C. (2017). Social media is a cybersecurity risk for business. Retrieved from
https://www.csoonline.com/article/3198715/data-breach/social-media-is-a-
cybersecurity-risk-for-business.html

Ghosh, S. (2011). Seven social media security best practices. Retrieved from
https://www.computerweekly.com/tip/Seven-social-media-security-best-practices

Hekkala, R., Väyrynen, K. & Wianda, T. (2012), Information Security challenge of social
media for companies. Retrieved from
https://pdfs.semanticscholar.org/3de6/f912cf379f0ff82e33b20e0776b31bfe0d7d.pd
f

Houlihan, Esq, D. (2016). Estimating the ROI of social media risk prevention investments.
Retrieved from https://www.proofpoint.com/sites/default/files/blue-hill-roi-social-
media-risk-protection.pdf

Kettles, B. (2014). The growing threat of vicarious lability. Retrieved from

http://digitalcommons.osgoode.yorku.ca/cgi/viewcontent.cgi?
article=1273&context=media_mentions

Punjabi, V. (2014). Security risks/threats & rewards in social media. Retrieved from
http://jultika.oulu.fi/files/nbnfioulu-201502111069.pdf

Statista. (2018). Number of monthly active Facebook users worldwide as of 1st quarter 2018
(in millions). Retrieved from https://www.statista.com/statistics/264810/number-of-
monthly-active-facebook-users-worldwide/

Statista. (2018). Number of monthly active Twitter users worldwide from 1st quarter 2010 to
1st quarter 2018 (in millions). Retrieved from
https://www.statista.com/statistics/282087/number-of-monthly-active-twitter-
users/

webTEGRITY, (2018). What’s the difference between Facebook and Twitter. Retrieved from
https://webtegrity.com/our-blog/social-media-marketing/whats-difference-
between-facebook-and-twitter/

Student Name: Page 11 of 11

Create date: Revised date: 2 August 2020