Tuesday, October 29, 2013

Employees and Social Media: If You Can’t Beat ‘Em, Then Train ‘Em.

With the exception of few stodgy holdouts, pretty much everyone has a social media account or two—or maybe five. I mean, why share everything on Facebook? Why not open up the fascinating details of your suburban, middle-class life to a wider audience? There are life-changing food photos to post to Instagram, quippy thoughts to share on Twitter, and that hilarious meme you whipped up last week that’s begging to get posted on Reddit. More exposure! More, more, more!

security awareness, social media, threats, training, policyAn awful lot of us have this attitude now—and if your supervisors are aware of your tendency to tweet first and apologize later, then they may be freaking out. In fact, according to a Javelin Research report from earlier this year, 69% of companies are concerned about employees’ social media use. While a half hour here or there may not seem like much, even on the company clock, it can add up to a lot of lost revenue, thousands of security threats, and plenty of potential bad press if you can’t keep it in check.

Fortunately, according to CSIdentity, businesses have two good options to keep their employees’ social media usage from causing harm to the business: create clear policies and keep employees educated.

What are the Social Media Security Threats? 

Here are a few:

  • Downloaded malware from clicking links 
  • Social engineering threats, like network breaches or hijacked accounts. 
  • Inside dangers, like leakage of sensitive business information or even negative or embarrassing information posted by a disgruntled employee.
Because of these threats and others, social media users should get comfortable with scrutiny. Businesses have to protect their online reputation. But a few rules of thumb can transform social media from a risky liability to a helpful tool.

What Should Managers Do? 

  • Be Clear: Create social media policies that define what information is considered sensitive or classified, and is therefore off-limits for social media sites. 
  • Train and Retrain: Be proactive and train employees on your company’s corporate approach to and concerns about social media, the threat of social engineering through social media sites, and the dangers of malware.

What Should Employees Do? 

  • Think First: You never know what a social engineer might find helpful. Even seemingly benign information like your job title, the systems you use, or a new project you’re working on. Keep corporate info off your personal Internet. 
  • Keep it Clean: This should really go without saying, but do not post anything negative about your employer on a social media site or personal profile. Use this rule of thumb: if you could not say to your manager’s face, then don’t post it. Chances are, your manager is reading it anyway—so don’t be an idiot. 
  • Don’t Take the Bait: This is a good rule whether you access social media at home or at work. Avoid tempting videos, articles, and offers that seem too good to be true. It might save you from a costly breach of sensitive personal or business information.
And maybe most importantly: remember that, right now, almost all communication is marketing. Hundreds, thousands, millions of people can see what you post. So, just as we think carefully before opening our mouth to speak, we should pause before we let our fingers fly across the keyboard and cost our company its money and reputation.

More About Security Awareness