10 Ways to Improve Your Business' Facebook Security
used with permission from the Cisco Innovators Program

Small businesses are a growing fan base for Facebook.

Seventy percent of U.S. local small businesses interested in online marketing now use Facebook for marketing, up from 50 percent one year ago, according to a February report by MerchantCircle.  Many businesses consider Facebook their best friend for low-cost brand marketing. Some also enable shopping on their pages, using Storefront, Payvment, or another ecommerce application.

A Cybercriminal Fan Club
Facebook is also a favorite of Internet criminals, says the Cisco 2010 Annual Security Report. It's a big target, with more than 500 million active users. Even CEO Mark Zuckerberg's Facebook account was recently hacked.  Facebook does offer its account administrators some privacy tools; it also provides general security tips.  The risks to Facebook visitors are widely publicized—the dangers lie in what links people click, what invitations they accept, and what private information they enter.

The risks to Facebook business accounts are not as obvious.

Security Risks to a Business
Security breaches of a company's Facebook account can expose the business's confidential information, violate its privacy contracts with users, erode customer confidence, and damage its brand.  The security risks most likely for a business Facebook account include:

►Malware that infects the administrator's account. Intrusion may be accomplished by password cracking, phishing, or an insecure Internet connection, and can enable a hacker to take over the administrator's account.
►Malware that infects the advertisements or other links on a Facebook page.
►Misuse of information in visitors' postings by the business's account administrator or other employees.
►Employee posts that leak confidential business information.

There's no magic bullet that will protect your account. Just as you protect your business network by integrating a variety of security technologies, you need several strategies to protect your business's Facebook account.

Following are general best practices and 10 specific tips.

Post and Enforce Your Usage and Privacy Policies
Help protect users from themselves.

1. State on your Facebook pages your policies on visitors' use and the privacy they can expect for their posts and clicks.

2. Monitor visitors' activity. Enforce your policies. Include links on your pages to report spam, scams, and other inappropriate activity.

Strengthen Account Administration
This is the linchpin for protecting social media pages.

3. Assign at least two administrators (admins) for your account. The admins should continually monitor and promptly respond to new Facebook policy changes and features, always considering the impact on the business.

4. Use an Internet firewall with web threat protection, such as Cisco ProtectLink Web, to authenticate admin access by IP address, and to disallow ads with malware.

5. Enable the Facebook security feature that will alert you whenever an admin accesses your account.

6. Select strong admin passwords and update them at least every three to six months.

7. Require that remote access to your Facebook account by admins be done in a VPN session. Alternatively, Facebook offers a security setting that allows connections via HTTPS. Admins may also use Facebook's one-time password feature to receive a temporary password on their mobile phone, which can be useful for remotely accessing the account from a nonsecured device.

8. Regularly review the admins' activity, and remove inactive or unnecessary admins.

Educate and Enlist Employees
Unfortunately, employees do—intentionally or inadvertently—share confidential business information.

9. Create, update, communicate, and enforce a company use policy that specifies Facebook do's and don'ts, including how employees may interact with visitors and use visitors' information.

 10. Encourage employees to report information that has been incorrectly shared, or when they think that there may be a security issue.

Can you imagine running your business without email? Probably not, and even if you can, you surely can't picture going back to those bygone days of telephone tag, snail mail, and scribbled notes left on colleagues' desks. Not to mention the frustration of trying to schedule meetings without access to your coworkers' calendars, or fumbling through a stack of business cards to find a client's phone number.

Whether you're contacting customers or suppliers, scheduling a staff meeting or tracking down a critical message, email has become the backbone of business communication. But a growing mountain of email has made it increasingly difficult for users to organize and manage their mailboxes and has turned up the heat on IT to protect and maintain critical business communications. Now is a good time to ask yourself: Has your email solution kept up with demands for larger mailboxes and easy access for mobile workers? Does it provide the security, reliability and ease of use you need to be safe, competitive and productive?

These are the sorts of questions that Brian Leitner of Van Scoyoc Associates had begun to ponder. As IT director for an 80-person lobbying firm in Washington, D.C., Leitner was responsible for an email solution that used Microsoft Exchange Server 2003 and Avaya Modular Messaging. With the hardware nearing its end of life in 2010, it seemed like the ideal time to explore communications solutions that would resolve simmering problems with reliability and user experience.

"With about one day of unplanned downtime per year, the messaging system was no longer as reliable as we wanted," says Leitner, who further notes that "users weren't getting the same experience when checking their messages from home as they were in the office." In addition, employees were requesting voice-to-text conversion of messages and asking for expanded capabilities for sending and receiving email over the Web. Leitner was also concerned with improved security and disaster-recovery capabilities.

After considering various options, Van Scoyoc chose a solution based on Microsoft Exchange Server 2010 with Unified Messaging for email and voice mail. With Exchange Server 2010, users gained access to several new features that make communication easier and more efficient. Voice Mail Preview creates speech-to-text previews of voice-mail messages that can be viewed in users' unified inboxes. Conversation View groups email messages from a single conversation together, even if individual messages are stored in separate folders, and users can manage each group of messages as a whole. Searches are fast because mailboxes on the user's computers and devices are fully indexed by default. And to ease meeting planning, Van Scoyoc employees can share their calendars with colleagues, including free/busy information.

What's more, the Exchange Server 2010 solution helped Van Scoyoc reduce storage costs, allowing it to double the size users' mailboxes from 500 MB to 1 GB. And it improved failover and disaster recovery capabilities . "With our Exchange Server 2010 Database Availability Group, I have a primary database in one location and a secondary database in another location," Leitner explains. "If our primary network room is damaged, I can switch to the secondary database in just a few minutes, as opposed to the two days it would have taken me to restore from a backup."

Capstone Real Estate Services, based on Austin, Texas, confronted a similar situation. It, too, had been using an on-premise email solution based on Microsoft Exchange Server 2003, which was managed by a network administration company at a cost of $2,400 a month. But what had been state of the art years earlier was now becoming costly and under-featured. Capstone was paying an extra $1,700 a year for an email security solution that didn't perform up to expectations. Also, the network administration company's archiving solution only saved emails for 60 days. Finding an email older than 60 days required a manual search through the company's backup tapes.

"The cost of maintaining email had grown to the point where we had to put strategic IT projects on hold," says Mike Boone, Capstone's director of program development. "With a stringent IT budget, I wanted to allocate funds where they would generate the best value to the business. That doesn't include paying for administering email servers."

Looking for a cost-effective way to update and enhance his email solution, Boone explored hosted email options, including Google Apps. In the end, he turned to Exchange Online , Microsoft's hosted email offering based on Exchange Server. Boone chose Exchange Online because, unlike Google Apps, "it had all the familiar features we needed, it offered a painless upgrade, and it required zero training."

"Instead of paying $18,000 for upgrading our on-premises email solution and a further $5,700 in monthly maintenance, with Microsoft Exchange Online we are only paying a fraction of this per month," says Boone. "We have an all-in-one email, archiving, and virus-filtering solution at a 70 percent monthly savings." Moreover, Microsoft Exchange Online provides Capstone with an email archiving solution that could save a lot of time and money in the event of a legal issue.. "I have tested the indexed storage and rapid search and retrieval-and it's working great," Boone reports.

Boone is also pleased with the way Microsoft Exchange Online has helped Capstone's far-flung employees. Of the 620 Capstone employees who use email, about are 480 remote workers who use only the browser-based email client, Microsoft Outlook Web App (OWA). Remote employees are using the improved calendaring and search functionality in OWA to work more productively. Boone also notes that "because a Microsoft-hosted email solution offers support for the BlackBerry Enterprise Server, our BlackBerry users can access contacts and calendaring functionality as well as email."

As these two tales demonstrate, you can deploy the Microsoft Exchange email solution either on-premise or via the cloud-or you can select a hybrid solution that combines on-premise and hosted components. You decide on the deployment that best suits your needs. Whichever option you choose, you'll get the reliability, security and control you need.

In fact, InfoWorld named Exchange 2010 "Best Mail Server" in the 2011 Technology of the Year Awards, citing "improved management, administration and reliability features plus an enhanced experience for users that includes automatic transcription of voicemails, delivery reports for messages and extensive self-service options."

With Exchange 2010, you get Outlook on the desktop, OWA in the Web browser and Exchange ActiveSync for mobile devices . This means your employees can access all their communications-including email, voice mail and instant messaging-from almost any platform, Web browser or smartphone. And Exchange 2010's enhanced calendar features and presence information boost collaboration, while Conversation View saves time by automatically arranging messages into threads, regardless of their location in the inbox.

At the same time you're delighting employees with virtually anywhere access and time-saving communication management tools, you'll get outstanding capabilities designed to help protect and archive mission-critical email. New integrated, out-of-the-box email archiving gives you tools to preserve email data without changing the experience for your users or IT staff. And thanks to a new retention policy framework in Exchange 2010, your IT staff can define, deploy and automate the archiving of email. In the area of compliance, you'll appreciate the new legal hold policy, which retains any user edits or deletions of email data, and the simplified e-Discovery process, which features a Web-based multi-mailbox search feature.

With the release of Service Pack 1 (SP1) in August 2010, Exchange 2010 got even better. Among the several new features in SP1 are improvements in the way Personal Archive mailboxes are handled and enhancements to Exchange ActiveSync. The former allows users to provision a Personal Archive to a mailbox database different from that of their primary mailbox. The ActiveSync changes enable users to send and receive IRM-protected mail without having previously connected their device to Windows Mobile Device Center to provision IRM-essentially giving users anytime mobile access.

OWA has been enhanced in SP1 with "pre-fetched" message content, which makes the reading experience faster. OWA also boasts nearly instantaneous delete, mark as read and categorize operations, and is no longer subject to UI hang-ups when attaching very large files. In addition, OWA in SP1 support themes, which means that you can customize OWA with your company brand.

For those considering a hosted solution, Exchange Online provides the security features and reliability of Microsoft Online Services, backed by a 99.9% uptime guarantee. Exchange Online helps safeguard your data by hosting it in geographically separated datacenters, with continuous data backups. What's more, it relieves you from the burden of routine patching and security updates. You'll have the reassurance of knowing that anti-virus and spam-filtering protections that address new threats as soon as they appear are helping protect your data.

You're in control with Exchange Online, thanks to an easy-to-use Web interface that lets you manage your online environment from virtually anywhere. Email archiving, multi-mailbox search and retention policies, help protect your mission-critical emails and help meet compliance demands. Moreover, you can boost security by creating approved mobile device lists, enforcing PIN lock and remotely wiping data from lost phones. And with a 25-GB mailbox standard for every user, Exchange Online gives employees all the space they need in today's communications-rich environment.

Still on the fence? Then why not take Exchange 2010 for a test drive via the Microsoft Office 365 beta ? That's right-the power of Exchange Server 2010 is now available in Exchange Online as part of the Office 365 beta. Alternatively, you can download a 120-day free trial of Exchange Server 2010 SP1 or a 30-day trail of Exchange Online for up to five users. With these free trials, there's never been a better time to experience the difference a state-of-the-art communications solution can make for your business.