By Mike Meikle, CEO at Hawkthorne Group

12 Dec 2009 - Social Media (Web 2.0) is on everyone's lips these days. A million gurus have sprung up nearly overnight to cash in on the phenomena. Social Media has been promoted as the next big trend in productivity enhancement and a key to opening the coffers of customers everywhere.

Many companies are scrambling to craft a Social Media implementation plan and one facet they will need to consider is information security. Data is at the heart of a company's value and social media is all about making more data available to the general public.

Corporate management must consider that previously private data may be released onto the Internet. Also, applications like Facebook are rife with malware and phishers attempting social engineering. A standardized communications policy is a must in order to manage outbound, inbound sharing of data.

The Federal government has recently posted some preliminary guidelines regarding social media out on CIO.gov.

Gartner group has published a critique of those guidelines, stating they lack implementation best practices. However, the Fed document will be a good starting framework for an effective policy and implementation.

Social engineering is the top method of phishers and hackers to gain access to sensitive data. One of the most effective was to combat social engineering is training.

Training people not to post sensitive data about themselves (birth dates, full addresses, corporate email, etc.) is crucial.

If the company wants to have a social media presence, then the people involved in the usage will need to have the training to understand what to and not to post and what is acceptable use (no Facebook apps).

The Internet is full of regrettable stories of CEOs and other high-ranking employees discussing inappropriate topics that immediately plunge themselves and their firm into hot water.

When drawing up the corporate social media implementation plan, user requirements gathering will be paramount.