Are Blogs a Security Risk?

By Paul Kerstein

Ask most military public relations specialists and they'll have strong opinions about blogs. In a few cases, however, they will approve of soldiers' blogging about their experiences, so long as the soldier is not giving up any top secret information--strategic, tactical or otherwise. If that happens, people can die.

An editorial from the Salt Lake City Weekly brought this to my attention and I wondered how blogs are affecting security executives.

While not so extreme, common sense would dictate that the same caution should be applied to company bloggers, from the executive level on down. If not, intellectual property such as the secret formula to Coca Cola could be compromised or confidential company data about an enterprise's network security could be at risk. These risks are all too real for CSOs.

Heck, even this blog could be seen as a risk by my editorial director. I may say something that's off-color, offending our readership. Or, I might release any editorial secrets we may have cooking.

But I think the key is to remain cautious when it comes to allowing your staff to blog. One rule of thumb that I see quite often in the blogosphere is, as a blogger, to ask yourself, will I be ashamed of writing that in the future or will it come back to bite me in the behind? Even better, if I write this, will I get fired?

As a security executive, if you dispense this kind of advice to your colleagues, you've made a great first step in a secure blogging policy.