Stonesoft shares ten tips for utilizing social media services in a safe way

Helsinki, Finland – 06 July 2010- Social media is growing in importance. According to
Gartner, Inc.*, around 20 percent of business users will be using the so-called social
networking services as their most important communication tools by 2014. However, at the
same time, IT and company managers are expressing growing concerns about security.

Recent studies show that as many as 25% of companies have banned the use of social
networks; whereas other sources set this figure as high as nearly 50 percent. Yet
security concerns simultaneously limit the enormous potential that social media offers
for marketing, sales and corporate communication. Stonesoft Corporation, a provider of
integrated network security and business continuity solutions, shares ten tips that help
organizations to use social media without compromising security.

Ten tips for the safe use of social media

1Increase employee awareness – People can change the way they behave in social networks
only if they are aware of the security risks. Therefore, organizations should inform
their employees about the risks present in the social media and raise their awareness of
the fact that even seemingly harmless information can reveal too much about the company
or the person’s private life. Providing continuous information about new threats and
maintaining rules of conduct can further help with employee awareness. It is helpful to
appoint a social media expert within the company who acts as a permanent contact for
employees.

1Establish firm processes – Administrators need to remain up-to-date about the most
recent risks on the Web. It is therefore advisable to establish firm processes that are
systematically linked to daily workflows. For example, administrators should make sure
to download the latest security updates. These seemingly mundane mechanisms enable IT
administrators to identify network attacks in time or to avoid them altogether.

1Maintain a strong set of rules – With in-house guidelines, network administrators can
define the network areas and applications that can be accessed by specific people at
specific times. This makes it possible to control and monitor access to critical data,
and to track such access at any time, which reduces the risk of information falling into
wrong hands through unauthorised channels. Companies should also take compliance
requirements into account. The important thing is to keep the policies up to date and
adapt them to changing circumstances.

1Block infected websites – Someone clicks on an infected website and downloads a Trojan
- this can easily happen despite regular employee training. URL filters enable companies
to block access to known malware and phishing websites, and this can also be applied to
any other suspicious site on the Internet. The filter function is kept continuously
up-to-date by maintaining so-called blacklists and whitelists.

1Use next-generation firewalls – Organizations should always keep their security
technology up to date. For example, modern firewalls provide a comprehensive analysis of
all data traffic. Deep traffic inspection makes it possible to monitor any type of data
traffic, from Web browsing and peer-to-peer applications to encrypted data traffic in an
SSL tunnel. In a process known as SSL inspection, the firewall decrypts the SSL data
stream for inspection and encrypts it again before forwarding the data to the network.
This effectively protects workstations, internal networks, hosts and servers against
attacks within SSL tunnels.

1Define access to business applications – Mobile users, partners and distributors often
need to access a corporate network from the outside. Within this group, the use of
social media can be monitored only on a very limited basis or not at all. This makes it
even more important to assign the rights for defining all network access centrally, for
example using an SSL VPN portal. At the same time, on the user level strong
authentication via single sign-on makes the administrator’s work easier. As a result, a
single login enables users to access only the network areas and services for which they
are authorised.

1Protect against vulnerability – Vulnerabilities present a special challenge to any
network. In addition, attacks on vulnerabilities via the social Web services are
increasing. An Intrusion Prevention System (IPS), such as StoneGate IPS from Stonesoft,
can act as a protective barrier. An IPS automatically prevents attacks by worms, viruses
or other malware. Once an attack has been identified, the IPS immediately stops it and
prevents it from spreading in the network. The system also enables virtual patching of
servers and services by securing threatened servers, which will then be patched during
the next maintenance window.

1Securing the intranet – The intranet of every company contains highly sensitive
information. These areas need to be isolated from the rest of the internal network by
segmenting the intranet with firewalls. This enables the company to separate departments
such as Finance or Accounting from the rest of the intranet and thereby prevent
infections from penetrating these critical segments of the corporate network.

1Include mobile devices in the security policy – Many users navigate social web services
with mobile devices such as laptops, PDAs and smart phones – the same devices they use
to log into the corporate network. Administrators therefore need to include mobile
devices in their security policies. This can be done, for example, with the assessment
function, which checks the log-in device for the required security settings and for the
presence of security-relevant software packages. This function checks, for example,
whether the proper and latest host firewall is installed and whether both the operating
system and antivirus software are up to date, as well as all patches. If one of these
criteria is not met, the device is automatically denied access, or access may be
limited. If necessary, mobile devices can be forwarded directly to a website containing
the required updates.

1Use centralized management -Centralized management allows the administrators to manage,
monitor and configure the entire network and all devices using a single management
console. They can also view reports, for example about who has accessed which data at
which time. This helps administrators to prevent attacks more effectively and to provide
more efficient protection for applications at risk. At the same time, a central
management console makes it possible to roll out and maintain standard security
guidelines for the entire corporate network.

“The increasing use of social media presents additional risks for corporate networks.
Continuous employee training is limited in its ability to avoid new risks. On the other
hand, internal network protection mechanisms that identify and terminate attacks in time
are becoming more and more important. With a proper security strategy that combines
employee training with the newest technologies, organizations of all sizes can benefit
from the advantages of social networking,” says Klaus Majewski, Vice President of
Marketing at Stonesoft.

* Gartner, Inc. “Predicts 2010: Social Software Is an Enterprise Reality”, December 2009

About Stonesoft
Stonesoft Corporation (NASDAQ OMX: SFT1V) is an innovative provider of integrated
network security solutions to secure the information flow of distributed organizations.
Stonesoft customers include enterprises with growing business needs requiring advanced
network security and always-on business connectivity.

StoneGate(TM) Secure Connectivity Solution unifies firewall, VPN, IPS and SSL VPN
http://www.stonesoft.com/en/products_and_solutions/index.html blending network
security, end-to-end availability and award-winning load balancing into a unified and
centrally managed system. The key benefits of the StoneGate solution include low TCO,
excellent price-performance ratio and high ROI. The StoneGate Virtual Security Solutions

http://www.stonesoft.com/en/products_and_solutions/solutions/technology_solutions/virtual_environments/

protect the network and ensure business continuity in both virtual and physical
network environments.

StoneGate Management Center
http://www.stonesoft.com/en/products_and_solutions/products/smc/index.html provides
unified management for StoneGate Firewall with VPN
http://www.stonesoft.com/en/products_and_solutions/products/fw/index.html , IPS
http://www.stonesoft.com/en/products_and_solutions/products/ips/index.html and SSL
VPN. http://www.stonesoft.com/en/products_and_solutions/products/ssl_vpn/index.html
StoneGate Firewall and IPS work together to provide intelligent defense all over the
enterprise network while StoneGate SSL VPN provides enhanced security for mobile and
remote use.

Founded in 1990, Stonesoft Corporation is a global company with corporate headquarters
in Helsinki, Finland and Americas headquarters in Atlanta, Georgia. For more
information, visit www.stonesoft.com http://www.stonesoft.com/ and the corporate blog
http://stoneblog.stonesoft.com http://stoneblog.stonesoft.com/ .

For more details, please contact:
Klaus Majewski
VP, Marketing
Stonesoft Corporation
Tel. +358 9 476 711
E-mail: klaus.majewski@stonesoft.com mailto:klaus.majewski@stonesoft.com