Oh; and, by the way, what the heck are virtual worlds? Aren’t they something that only kids use?
In the (in)famous words of Alfred E. Neuman, “What, me worry?”
Yes; if you are a business leader you need to know about virtual worlds and how they are being used in your organization. The chances are good that they are being used.
Before you make assumptions that virtual worlds are not being used in your business, consider that a large percentage of 20- and 30- somethings, along with growing numbers of those in older demographics, are participating in virtual worlds such as Second Life, Maple Story and others.
For some, these worlds represent a very real and compelling part of their lives; almost taking over the lives of some. An April 6, 2009 mainstream news story even described how a real-world musician started performing in the virtual world Second Life and began making real world money.
Virtual worlds often start blending in with real world life in many ways. Chances are you have personnel who are participating in virtual worlds from their work computers. Does this present information security and privacy risks to your business? It’s worth thinking about.
Perhaps virtual worlds are already being used within your business to conduct meetings. Growing number of companies are using virtual worlds for this purpose.
Some schools are also conducting classes and meetings in virtual worlds.
I’m willing to bet that, in most organizations, the information security and/or privacy folks did not know about the use of virtual worlds for meetings within their business until after they were rolled out.
What issues are involved? Several, a few of which include:
- What real-world information is being shared in virtual worlds? Does it include real business information? Customer information?
- Are real business names, addresses and phone numbers being posted to virtual worlds?
- Are virtual worlds being played over your business network?
- Are the e-discovery issues being addressed?
- Where is the information shared being archived?
- Are backups being made?
- Is information shared in virtual worlds being piped out to other real-world storage locations via stealthy communications routes?
- Is actual personally identifiable information (PII) being sent across country borders? If so, are any cross border data protection laws being violated?
- What are the conditions of use for the virtual world you are using? Does it have a privacy policy that coincides with your organization’s, or does it conlflict with your privacy policies in important, risky ways?
- Are your business emails being forwarded to virtual world email accounts? Think of the ediscovery, archiving and compliance issues involved with this.
- Are you actually managing customer information within virtual worlds?
Some companies are also turning to virtual worlds to cut costs.
Discussions of virtual worlds within businesses and their related information security, privacy and compliance concerns are just one of several topics I’ll be including in the April Cutter IT Journal I’m putting together, “The Convergence of Information Security, Privacy and Compliance”
On the virtual stands soon! 🙂
Oh, and yes, if you’re wondering, I’m a long-time MAD magazine fan…especially Spy vs. Spy. 🙂
Tags: awareness and training, Information Security, IT compliance, IT training, policies and procedures, privacy awareness, privacy training, risk management, security awareness, security training, virtual worlds