A review of social media security
risks and mitigation techniques
Wu He
Department of Information Technology and Decision Sciences,
Old Dominion University, Norfolk, Virginia, USA
AbstractPurpose– The purpose of this paper is to examine social media security risks and existing mitigation techniques in order to gather insights and develop best practices to help organizations address social media security risks more effectively.
Design/methodology/approach– This paper begins by reviewing the disparate discussions in literature on social media security risks and mitigation techniques. Based on an extensive review, some key insights were identified and summarized to help organizations more effectively address social media security risks.
Findings– Many organizations do not have effective social media security policy in place and are unsure of how to develop effective social media security strategies to mitigate social media security risks. This paper provides guidance to organizations to mitigate social media security risks that may threaten the organizations.
Originality/value– The paper consolidates the fragmented discussion in literature and provides an in-depth review of social media security risks and mitigation techniques. Practical insights are identified and summarized from an extensive literature review. Sharing these insights has the potential to encourage more discussion on best practices for reducing the risks of social media to organizations.
KeywordsSocial media, Security risks, Security strategy, Security policy, Data security,
User education and training, Secure online behaviour, Risk mitigation techniques, Risk management
Paper typeGeneral review
1. Introduction
Social media offers companies and organizations a variety of attractive business opportunities and benefits. As a result, the use of social media has expanded rapidly over the past several years. The adoption and participation of social media continues to grow in a variety of industries worldwide (Kaplan and Haenlein, 2010; Qualman, 2009; Safko and Brake, 2009). On the other hand, it is unfortunate to note that social media sites such as Blog, Facebook, MySpace, Twitter and LinkedIn can pose a variety of serious security risks and threats to unwary users and their organizations. A recent global study (Ponemon, 2011) surveyed 4,640 IT and IT security practitioners in 12 countries regarding social media security issues. More than 50 percent of respondents reported an increase in malware to their systems, due to their use of social media. About 63 percent of respondents said that social media in the workplace represents a serious security risk to their organizations. A recent study by leading security vendor Kaspersky Labs (2009) shows that social media sites are ten times more effective at delivering malware than the previous popular methods of e-mail delivery. By the end of 2008, the Kaspersky Lab collection contained more than 43,000 malicious files relating to social networking sites. The number of malicious programs received by the Kaspersky Labs which target popular social networking sites demonstrates that users of social networking sites are an increasingly popular target.
The current issue and full text archive of this journal is available at
www.emeraldinsight.com/1328-7265.htm
Social media
security risks
171
Journal of Systems and Information Technology Vol. 14 No. 2, 2012 pp. 171-180 qEmerald Group Publishing Limited 1328-7265 DOI 10.1108/13287261211232180
However, it is unrealistic to bar the use of social media tools such as Facebook, Twitter and LinkedIn by employees, because many employees (such as marketing staffs) need to utilize social media for work-related activities. Furthermore, despite the social media risks, Ponemon’s (2011) study found that many organizations do not have the necessary security controls and enforceable policies to address the risks and information security issues brought upon them by social media use. Only 29 percent of the respondents report that their organizations have the necessary social media security controls in place to be able to mitigate these risks and security issues.
As more and more organizations become increasingly concerned about the potential information security implications of using social media in the workplace, many organizations are looking to implement their social media security policy effectively. However, a global security study by Cisco Systems (2008a, b) revealed that security policies do not always work effectively for employees. About 34 percent of IT professionals report that some employees in their organizations do not understand security policies and underestimate security risks even though these employees receive a written security policy and have been briefed. Furthermore, studies (Son, 2011; Davinson and Sillence, 2010; Stantonet al., 2005) revealed that even when users are aware of security policies, they often disregard them in order to accomplish what they want due to time pressures, insufficient knowledge or motivation. Encouraging users to engage in secure online behavior is also difficult because of some people’s mentality and way of thinking relating to the perception of risk. Some people have thoughts like “quite unlikely to happen” and “it won’t happen to me” (Aytes and Connolly, 2003; Davinson and Sillence, 2010; Hayden, 2009). Thus, more research is needed to develop more effective strategies to minimize security risks posed by social media. So far little attention has been paid to guide organizations to develop social media security policy strategies in journal publications. The discussion of social media security risks is often disparate, fragmented and distributed in different outlets such as white papers, technical reports, news articles and corporate web sites. In an effort to consolidate the fragmented discussions that are available in the literature and help these organizations address social media security risks more effectively, the author conducted an extensive literature review including newspaper articles, blog posts, white papers, technical reports and existing corporate social media security policy documents. As a result of this literature review, the author provides some insights to help organizations to more effectively mitigate social media security risks.
This paper is organized as follows: Section 2 is a review of the main security risks with the use of social media. Section 3 summarizes common mitigation techniques to address the social media security risks. Section 4 describes some insights to help organizations to more effectively mitigate social media security risks. Finally, Section 5 presents conclusions and suggestions for future research.
2. Social media security risks
In 2009, the Secure Enterprise 2.0 Forum identified eight main threats (Perez, 2009; Chi, 2011): insufficient authentication controls, cross site scripting, cross site request forgery, phishing, information leakage, injection flaws, information integrity and insufficient anti-automation. In the same year, the Federal CIO Council (2009) points out that social media are vulnerable to the following methods/techniques of cyber attacks: Spear Phishing, Social Engineering and Web Application Attacks. Spear Phishing is an attack which targets a specific user or group of users, and attempts to deceive the user
JSIT
14,2
into performing an action, such as opening a document or clicking a link, that launches an attack ( Jakobsson and Myers, 2006). The use of abbreviated URLs on sites like Twitter makes it easy for cybercriminals to mask and direct users to malicious web sites. Social Engineering, which relies on exploiting the human element of trust (Granger, 2002), obtain or compromise information about an organization or its computer systems (Abraham and Chengalur-Smith, 2010; Ivaturi and Janczewski, 2011; Peltier, 2006). Social media sites such as Facebook provide the ability for a user to maintain his or her own web page and share content with their personal connections. By breaching the trust a user has with his or her online network, hackers are able to embed malware into friends’ content and cause yet more people to fall victim to the malicious link (Huberet al., 2009; Zhang, 2011). Recent advances in web application technologies allow attackers to use new techniques to target users (CDC, 2009). For example, a user may grant a malicious web application access to his or her Facebook account, which may compromise the account or may download unauthorized software to the user’s computer. Another example is that a social phishing attack experiment ( Jagatic et al., 2006) harvested personal data from a social networking site by screen scraping and used it to construct well-disguised phishing e-mails. As a result, 72 percent of students in the social networking group clicked on the link in the e-mail and authenticated with his or her valid university username and password to the simulated phishing site.
ISACA (2010), a leading global knowledge and education organization on information systems assurance and security, has identified top five risks caused by social media: viruses/malware, brand hijacking, lack of control over content, unrealistic customer expectations of “internet-speed” service, and non-compliance with record management regulations.
In 2011, Symantec, a leading security solution provider, has published the findings of its 2011 social media protection flash poll which examined how organizations protect themselves from negative consequences of using social media. The poll results (Symantec, 2011a) show that the top three social media incidents the typical enterprise experienced over the last year were:
(1) employees sharing too much information in public forums (46 percent); (2) the loss or exposure of confidential information (41 percent); and (3) increased exposure to litigation (37 percent).
More than 90 percent of respondents who experienced a social media incident also suffered negative consequences as a result, including: reduced stock price (average cost: US$1,038,401), litigation costs (average cost: US$650,361), direct financial costs (average cost: US$641,993), damaged brand reputation/loss of customer trust (average cost: US$638,496) and lost revenue (average cost: US$619,360).
At the end of 2010, McAfee (2010) released a 2011 threat predictions report which reveals two top threats with social media: short URLs and locative technologies. The use of abbreviated URLs on sites like Twitter makes it easy for cybercriminals to mask and direct users to malicious web sites. With locative services such as foursquare, Gowalla, and Facebook Places cybercriminals can easily search, track and plot the whereabouts of an internet user.
The above literatures clearly show that there are various security risks with the use of social media. To clarify the understanding of social media security risks, the US Centers
Social media
security risks
for Disease Control and Prevention (CDC) classified various social media risks into two main types:
(1) risks associated with content hosted on social media sites such as information leakage; and
(2) risks to the networks and computers such as malicious applications and viruses/malware from staff using these sites for official or personal reasons (CDC, 2009).
To better protect organizations from these social media security risks, MWR InfoSecurity (2011), a leading information security research consultancy company in Europe, identified a list of threat agent risks to corporate social media assets. A threat agent is person who originates attacks, either with malice or by accident, taking advantage of vulnerabilities to create loss (Intel, 2009). Possible threat agents include employees, malware distributors, hacktivists, opportunists and competitors. Different threat agents have different motivations and objectives which underpin action. Intel (2009) identifies some examples of threat agent objectives. An understanding of threat agent objectives can help prevent and mitigate social media security risks.
3. Mitigation techniques to address social media security risks
As there are many security risks with the use of social media in organizations, it is critical for organizations to be aware of these risks and take steps to mitigate the risks. The author’s literature review indicates that a number of techniques have been used to mitigate social media security risks. The following summarizes the main techniques used for preventing and reducing social media security risks.
Developing a social media acceptable use and security policy
To reduce social media security risks, many organizations have developed a formal policy to guide how employees can use social media sites. A formal policy usually contains guidelines that specify what is acceptable use of social media and what is not acceptable, what information employees can share and cannot share, consequences of non-compliance, legal or regulatory requirements related to social media content, corporate support browsers and configurations, privacy settings, password policy, etc. (Chi, 2011; Sophos, 2011; Clavetteet al., 2009). For example, the guideline may ask the employees to use a corporate support browser and use strong passwords for social media sites that are not the same as any credentials used within the enterprise. The employees should also separate professional profiles and personal profiles and update their password regularly. Password must be different for each social media platform (SANS Institute, 2011).
Routine social media site monitoring
Monitoring organizations’ social media presence is important. Organizations need to know what people are talking about their organizations on the internet and then respond accordingly. For example, organizations should scan the internet and search out misuse of the enterprise brand on a regular basis (CDC, 2009). Social media site monitoring tools such as Google Alerts and Social Mention can help organizations keep track of malicious activities and threats against the organizations that attackers sometimes discuss publicly (Zeltser, 2011). These tools often provide e-mail alerts and RSS feeds to keep organizations updated if the organizations’ names are mentioned on social media.
JSIT
14,2
Monitoring employee’s internet activity
To enforce the social media acceptable use and security policy, many organizations choose to monitor and log employee internet activity. A recent research report by Clearswift (2011) reveals that 68 percent of companies now monitor employee internet activity and 56 percent block access to some sites. Some companies also restrict login to popular social media sites in the workplace. Web security technologies such as deep content inspection-based security solutions (Zhang, 2011), intrusion detection systems and intrusion prevention systems can be used to provide filtering for malicious content, block known bad social media sites, monitor the upload of data to social media sites, prevent the leak of confidential information, safeguard policies and compliance, and defend against a wide array of attacks.
User education and training program
Studies show that the weakest link in security is the human link (Curry, 2011; Vroom and von Solms, 2004). Proper user education and training must be in place to raise security awareness and personal responsibility in order to help prevent social media security incidents such as malware and data breaches (Chi, 2011; Federal CIO Council, 2009). Organizations need to provide effective security awareness training to employees on a regular basis. Security awareness training should provide detailed explanations of the organization’s social media acceptable use and security policy, examples of various social media attacks, and emphasize proper precautions to mitigate the security threats and risks as well as the reporting of security incidents. Both personal use and business use of social media in the workplace and outside the workplace also need to be discussed in the user education and training. The user education and training needs to make sure that employees understand why they are being asked to comply with security policies and what acceptable behaviors are related to the use of such tools both internally and in the public environment (ISACA, 2010; Cisco Systems, 2008a).
Software update
Organizations should ensure that up-to-date firewall, antivirus and antispyware software are installed on employees’ computers and other devices they use (Chi, 2011). It is important for employees to understand the importance of performing regular scans not only of their computers/devices, but also of any file they download from a web site, e-mail, or flash drive. Updating both the operating system and associated applications like Flash or PDF applications is also needed (Blue Ocean, 2011).
Archiving social media content
As so many employees are accessing and sharing information on social media such as Facebook, Twitter and LinkedIn, some organizations are working to capture and preserve the related social media content and information for legal and compliance purposes. Certain automated tools such as Symantec’s Enterprise Vault archiving software have been created to help organizations to capture, extract and store social media information posted by employees. Archiving social media content can significantly reduce risks for organizations in highly litigious or regulated industries such as health care and finance industries (Symantec, 2011b).
Social media
security risks
Develop a social media incident notification and response plan
Social media incidents may still occur regardless of the security efforts. Thus, it is necessary for organizations to develop a social media incident notification and response plan to reduce or minimize negative effects of an incident. A good social media incident notification and response plan should include a process and steps to report incidents, handle possible compromises of passwords, information leak, data breaches, viruses/malware and others. The incident notification and response plan also needs to state what to do, who to contact internally and externally as well as having prepared media inquiry responses for what we do to mitigate the risks, how we are working to get the problem resolved and so on (CDC, 2009; Federal CIO Council, 2009). A good example is the US Air Force blog response process flowchart (Scott, 2008).
4. Key insights
Based on the literature review and personal experience in this area, this paper identifies several key insights to help organizations more effectively mitigate security risks with the use of social media. The author hopes that sharing of these insights can generate more discussion and sharing of best practices for addressing social media security risks:
. Involve all relevant stakeholders. To determine and document strategies for
addressing social media security risks, organizations need to include representatives from the business units, sales and marketing, risk management, information technology, human resource and legal departments as well as random selected employees to ensure that security risks are being sufficiently considered and social media security policies are being developed in the context of broader business goals and objectives (ISACA, 2010).
. Enforce social media security policy.Although many organizations have implemented
a social media security policy to minimize the security issue and risks from social media, getting employees to follow the policy is not easy (Ponemon, 2011; Chi, 2011). According to a global study, 56 percent of IT staff reported that security policies were briefed to new employees at the time of hire, but only 32 percent of employees reported having been briefed (Cisco Systems, 2008b). Additionally, even when users are aware of security policies, they often disregard them in order to accomplish what they want. Thus, organizations must enforce social media security polices and make compliance with security policy to be part of the job requirements and performance review. A strong social media security policy must have a clear and unambiguous warning about sharing confidential corporate information. To ensure compliance with organizations’ security policies and promote safe secure online behavior, employees must be educated to fully comprehend the social media security risks and the consequences of non-compliance. Disciplining personnel is necessary if the security policy is abused. Social media security policy can be enforced either through analysis of web logs, which will detail use during business time (if not allowed), or through automated searches of web sites for corporate information (Sherry, 2008).
. Update and communicate your social media policy regularly.Social networking
technology evolves on a daily basis, so it is important for organization to involve all the stakeholders to review the social media security policy and make changes as appropriate on a regular basis (Federal CIO Council, 2009; ISACA, 2010). A good security policy must consider and reflect an integration of modern
JSIT
14,2
technologies and business processes in order to support the job performance of employees. Thus, ongoing input from all stakeholders is needed to update and improve the social media security policy. Organizations also need to clearly communicate any changes of the security policy to employees using multiple methods including newsletter, e-mails, training workshops, web site, meetings, etc. (Cisco Systems, 2008a; Chi, 2011).
. Make security policies understandable for employees.According to a survey by
Cisco Systems (2008a) in 2008, 34 percent of IT professionals report that employees do not know about or understand the policy. Thus, in addition to using plain language for the social media security policy, organizations are recommended to use multimedia (e.g. videos) and examples to help employees understand the security policy. A good example is a social media policy video made by the Victoria (Australia) Department of Justice for their employees.
. Protect multiple endpoints.Social media sites are now accessed through multiple
endpoints including desktop, laptops, tablet devices, mobile phones, etc. There are increasing numbers of cyber attack from mobile devices (McAfee, 2010). Thus, organizations need to work with security solution providers to ensure that they have the right endpoint protection solutions and tools for each of these devices (Ghosh, 2011). For example, appropriate controls should be installed and continuously updated on mobile devices such as smartphones (ISACA, 2010). Social media security policies also need to provide guidelines on what devices are acceptable for employees to use on the corporate network.
5. Conclusion
Social media brings a lot of business benefits to organizations. However, as organizations increasingly use social media to communicate with customers, partners and employees, the risk of publishing confidential information and downloading malwares also increases (Chi, 2011). Social media technology adoption is being hampered by security concerns due to numerous security incidents such as confidential data loss and malwares. To reduce the potential risk caused by employees’ use of social media in the workplace, ISACA (2010) suggests that strategies for addressing social media risks need to focus on the usage behavior of employees. Thus, an in-depth investigation of employees’ behavior with the use of social media in organizations is needed to help develop more effective social media security strategy. As each organization has different business needs, processes and culture, each organization needs to take time to survey employees at different levels, monitor employees’ use of social media, and use multiple mitigation techniques to reduce or minimize social media security risks. The author hopes that this paper will help these organizations to think proactively about their social media security strategy, and thus to engage in more productive discussions, development and sharing of best practices to mitigate social media security risks.
References
Abraham, S. and Chengalur-Smith, I. (2010), “An overview of social engineering malware: trends, tactics, and implications”,Technology in Society, Vol. 32 No. 3, pp. 183-96.
Aytes, K. and Connolly, T. (2003), “A research model for investigating human behavior related to computer security”,AMCIS 2003 Proceedings, pp. 2027-31.
Social media
security risks
Blue Ocean (2011),Social Media Security Policy, available at: www.blueoceantechnologies.net/ BlueOceanTechnologiesSocialMediaSecurityPolicy.pdf (accessed 12 November).
CDC (2009), Social Media Security Mitigations, available at: www.cdc.gov/socialmedia/tools/ guidelines/pdf/securitymitigations.pdf (accessed 12 October 2011).
Chi, M. (2011), “Security policy and social media use”, available at: www.sans.org/reading_room/ whitepapers/policyissues/reducing-risks-social-media-organization_33749 (accessed 9 November).
Cisco Systems (2008a), “Data leakage worldwide: the effectiveness of corporate security policies”, available at: www.cisco.com/en/US/solutions/collateral/ns170/ns896/ns895/Cisco_STL_ Data_Leakage_2008_.pdf (accessed 16 November 2011).
Cisco Systems (2008b), “Data leakage worldwide: the effectiveness of security policies”, available at: www.cisco.com/en/US/solutions/collateral/ns170/ns896/ns895/white_paper_c11-503131.pdf (accessed 9 November 2011).
Clavette, L., Faggard, D., Bove, P. and Fordham, J. (2009), New Media and the Air Force, United States Air Force, available at: www.af.mil/shared/media/document/AFD-090406-036.pdf (accessed 26 November 2011).
Clearswift (2011), “Work life web 2011”, available at: https://info.clearswift.com/express/clients/ clearhq/papers/Clearswift_report_WorkLifeWeb_2011.pdf (accessed 12 November). Curry, S. (2011), “The weakest link is the human link”, available at: www.securityweek.com/
weakest-link-human-link (accessed 16 November).
Davinson, N. and Sillence, E. (2010), “It won’t happen to me: promoting secure behaviour among internet users”,Computers in Human Behavior, Vol. 26 No. 6, pp. 1739-47.
Federal CIO Council (2009),Guidelines for Secure Use of Social Media by Federal Departments and Agencies, available at: www.cio.gov/Documents/Guidelines_for_Secure_Use_Social_ Media_v01-0.pdf (accessed 20 November 2011).
Ghosh, S. (2011), “Seven social media security best practices”, available at: http://searchsecurity. techtarget.in/tip/Seven-social-media-security-best-practices (accessed 16 November). Granger, S. (2002),Social Engineering Fundamentals, Part II: Combat Strategies, available at:
www.securityfocus.com/infocus/1533 (accessed 17 November 2011).
Hayden, L. (2009), “Human information security behaviors: differences across geographies and cultures in a global user survey”,Proceedings of the American Society for Information Science and Technology Annual Meeting, Vancouver, BC, available at: www.asis.org/ Conferences/AM09/open-proceedings/papers/2.xml (accessed 16 November 2011). Huber, M., Kowalskiy, S., Nohlbergz, M. and Tjoa, S. (2009), “Towards automating social
engineering using social networking sites”,Proceedings of International Conference on Computational Science and Engineering.
Intel (2009),Prioritizing Information Security Risks with Threat Agent Risk, available at: ftp:// download.intel.com/it/pdf/Prioritizing_Info_Security_Risks_with_TARA.pdf (accessed 16 November 2011).
ISACA (2010), “Top five social media risks for business: new ISACA white paper”, available at: www.isaca.org/About-ISACA/Press-room/News-Releases/2010/Pages/Top-Five-Social-Media-Risks-for-Business-New-ISACA-White-Paper.aspx (accessed 16 November 2011). Ivaturi, K. and Janczewski, L. (2011), “A taxonomy for social engineering attacks”,
CONF-IRM 2011 Proceedings, Paper 15, available at: http://aisel.aisnet.org/confirm2011/ 15 (accessed 16 November).
Jagatic, T., Johnson, N., Jakobsson, M. and Menczer, F. (2006), “Social phishing”,
Communications of the ACM, Vol. 50 No. 10.
JSIT
14,2
Jakobsson, M. and Myers, S. (2006), Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft, Wiley, Hoboken, NJ.
Kaplan, M. and Haenlein, M. (2010), “Users of the world, unite! The challenges and opportunities of social media”,Business Horizons, Vol. 53 No. 1, pp. 59-68.
Kaspersky Labs (2009),Kaspersky Security Bulletin: Malware Evolution 2008, available at: www. securelist.com/en/analysis?pubid¼204792051 (accessed 16 November 2011).
McAfee (2010),2011 Threats Predictions, available at: http://161.69.13.40/us/resources/reports/ rp-threat-predictions-2011.pdf (accessed 16 November 2011).
MWR InfoSecurity (2011), Is Social Media One of Your Vulnerabilities?, available at: www.mwrinfosecurity.com/files/Events/mwri_social-media-security_2011-01-28.pdf (accessed 23 November).
Peltier, T.R. (2006), “Social engineering: concepts and solutions”,Information Systems Security, Vol. 15 No. 5, pp. 13-21.
Perez, S. (2009), “Top 8 web 2.0 security threats”, available at: www.readwriteweb.com/ enterprise/2009/02/top-8-web-20-security-threats.php (accessed 25 November 2011). Ponemon (2011),Ponemon Institute Research Report: Global Survey on Social Media Risks Survey
of IT & IT Security Practitioners, available at: www.websense.com/content/ponemon-institute-research-report-2011.aspx (accessed 23 November).
Qualman, E. (2009), Socialnomics: How Social Media Transforms the Way We Live and Do Business, Wiley, Hoboken, NJ.
Safko, L. and Brake, D. (2009),The Social Media Bible: Tactics, Tools, and Strategies for Business Success, Wiley, Hoboken, NJ.
SANS Institute (2011),Password Policy, available at: www.sans.org/security-resources/policies/ Password_Policy.pdf (accessed 23 November).
Scott, D.M. (2008), “The US air force: armed with social media”, available at: www.webinknow. com/2008/12/the-us-air-force-armed-with-social-media.html (accessed 23 November 2011). Sherry, D. (2008), “How to implement and enforce a social networking security policy”, available at: http://searchsecurity.techtarget.com/tip/How-to-implement-and-enforce-a-social-networking-security-policy (accessed 23 November 2011).
Son, J.Y. (2011), “Out of fear or desire? Toward a better understanding of employees’ motivation to follow IS security policies”,Information & Management, Vol. 48 No. 7, pp. 296-302.
Sophos (2011), “Example social media security policy”, available at: www.sophos.com/sophos/docs/ eng/smst/sophos-example-social-media-security-policy.pdf (accessed 23 November). Stanton, J.M., Stam, K.R., Mastrangelo, P. and Jolton, J. (2005), “Analysis of end user security
behaviors”,Computers and Security, Vol. 24 No. 2, pp. 124-33.
Symantec (2011a), “Social media protection flash poll global results”, available at: www. slideshare.net/symantec/symantec-2011-social-media-protection-flash-poll-global-results (accessed 23 November).
Symantec (2011b), “Symantec enterprise vault 10 reduces the risks of using social media tools for
business”, available at: www.symantec.com/about/news/release/article.jsp?
prid¼20110801_02 (accessed 23 November).
Vroom, C. and von Solms, R. (2004), “Towards information security behavioral compliance”,
Information Management & Computer Security, Vol. 6 No. 4, pp. 167-73.
Zeltser, L. (2011), “Monitoring social media for security references to your organization”, available at: http://isc.sans.edu/diary.html?storyid¼10921 (accessed 23 November).
Social media
security risks
Zhang, H. (2011), “Social media: a hacker’s secret weapon for accessing your network”, available at: http://esj.com/Articles/2011/10/31/Social-Media-Hackers-Secret-Weapon. aspx?Page¼1 (accessed 23 November).
About the author
Wu He is an Assistant Professor in the Department of Information Technology and Decision Sciences at Old Dominion University, USA. He holds a PhD in Information Science (University of Missouri-Columbia, USA). His research interests include social media, data mining, databases, case-based reasoning, knowledge management and information technology education. Wu He can be contacted at: whe@odu.edu
JSIT
14,2
180
To purchase reprints of this article please e-mail:reprints@emeraldinsight.com
