Safe use of social media.
How Deutsche Telekom is adjusting its security strategy in response to new media.

For many of us, checking our social networks when we wake up in the morning, be it Facebook, Twitter or the like, has become a normal part of our daily lives. We live in an age in which communication is transforming. I myself am part of a generation that can still remember life before social networks. You could say I am a "digital immigrant", whereas my children were born into this digital age and cannot remember a time when social networks were not a perfectly normal part of our day-to-day lives.

Deutsche Telekom has significantly expanded its activities on social networks over the past few years and is now leading the way. The study "Dax-30 Konzerne im Social Web" (DAX-30 companies on the social Web) conducted by consulting agency Vierpartner in 2011 showed that "in comparison with other DAX companies, Deutsche Telekom has taken the lead in its use of the social Web." There are already over 200 Group initiatives on Twitter, Youtube, Facebook and on the company blog, as well as a range of internal initiatives. For example, the "Telekom-hilft" (Telekom helps) customer service site (http://www.telekom-hilft.de/) is proving very successful. Because the Group makes targeted use of social media in its dialog with employees, customers and other target groups, employees are allowed to use social networks as part of their work.

Social media offer major opportunities to companies, allowing them to communicate directly with customers and promote themselves as attractive employers, yet most German companies did not have a proper strategy for social networks and barely had any employees qualified in this field until recently. Of course, there are risks attached to the use of social media. Deutsche Telekom has defined four critical topic areas: information security, compliance, productivity and reputation. It is the job of security experts to develop suitable measures for managing these risks.

Deutsche Telekom does not aim to ban social media. On the contrary, employees should use new media, but they must also be aware of the risks. Most importantly of all, employees need to be aware that what they write on social networks could become accessible around the world, indefinitely.

Deutsche Telekom's initiatives are arranged into three action areas: incident management, prevention and permanent raising of awareness.

Incident management

• This involves recording and classifying all critical messages relating to social media. Where possible, non-criminal incidents (e.g., where the line between expressing an option and bullying is blurred) are dealt with on a case-by-case basis in personal meetings with those involved.
• Criminal cases (e.g., violation of information protection provisions) are thankfully rare, but are investigated when they do arise.
• The progress of each case is documented. Analysis is carried out subsequently into the way the case was processed and resolved, with the aim of identifying where improvements can be made. The findings are communicated within the company.

Prevention

• Employees are offered up-to-date support. For example, Deutsche Telekom has developed the Social Media Guidelines and provides FAQ lists on data privacy and legal issues (e.g., labor law, information protection, etc.).
• The company also maintains blogs on security topics aimed at facilitating discussion of controversial matters.
• A guide to security settings for Facebook and other platforms is available to employees.
• A security ticker is currently being prepared for the Telekom Social Network. It is being worked on by Security, Legal Affairs, HR, and social-media-savvy career starters (trainees, students on cooperative study programs).

Permanent raising of awareness

• Company employees are informed about focus topics in articles in internal Deutsche Telekom magazines and through intensive security campaigns. This year, there is a Group-wide campaign focusing on social engineering (leveraging negative social influence to gain information) and a campaign in Germany about social media.
• Due to the affinity that young people have for social media, we are using reverse mentoring, which involves young company employees teaching older managers how to use social media.
• We are one of the many departments that attend internal barcamps (open conferences) in order to inform others about social media security and to learn about new social media ideas and products.
• Part of our awareness-raising work also involves working with young talents at Deutsche Telekom on security matters. A workshop on "Secure social networks" was recently held with young IT talents.
• Teams and departments at Deutsche Telekom can invite security experts to come to their meetings and give presentations about security in social networks.

Enterprise 2.0 is developing dynamically and the approach of security-oriented explanation and protection remains unchanged. We have the challenge of providing the appropriate security input on new social media developments as early as possible. Deutsche Telekom's security initiatives are as creative and user-friendly as social media are diverse and innovative.