Uwe B. Meding » Get the PDF

Twitter, Facebook etc. are every day communication means, in particular for the generation of people that grew up around the Internet. Social networking platforms are also commonly used in the workplace. Companies need to be aware about the inherent security risks. Clear policies and responsible usage of social media and helps reduce security risks.

A few years ago it seemed inconceivable that Facebook would be used by more than a billion users worldwide by the 2012. A similar raise was experienced by Twitter or Google+ which garnered 100 million user within a few months.

These numbers alone are reason enough for companies to have clear policies regarding social network usage. Apart from using valuable working time for this, there is a risk that ill-considered statements disclose internal information to the public or create security risks.

In a poll by the Ponemon Institute in Michigan finds that 63% view the usage of social media in the workplace a risk. However only 29% of the companies have corresponding IT security systems and implement policies that allow save use of social media. In general, if you adhere to certain rules, the benefit of using social media far outweighs any risks.

Create corporate policies: Companies should create policies for social media platform usage. For example,

  • if and when an employee can use social media during work hours.
  • if and what company data/information can be published
  • what liability an employee has for statements in company blogs, or the company Facebook pages

Observe adherence to corporate policies: Once corporate policies are put in place, the company must implement the means to see if the policies are adhered to. For example, by using social media analysis tools.

Employee awareness: Employees need to be informed and trained for the expected “netiquette”. A company-internal social media manager needs to be available for any questions. Company internal information or even insults about employees or management have no room on the company’s Facebook page, and other social media outlets. Care must be taken in profiles, or job descriptions, seemingly harmless information can be exploited and present a risk.

Be suspicious of unsolicited friend request: Only add persons to you contact list that you know. Social media is often used by cyber criminals to glean confidential information. For example, a typical social engineering attack is that when you are are out of town, the “friend” may contact to company to extract important information in your name.

Think before you click: Even messages from friends and colleagues you need to be scrutinized. An analysis by the Ponemon Institute for Websenseshowed that 52% of companies that allowed employees to use social media at work also had a significant increase in malware attacks.

Protect the company network, and corporate data: Malware is not only acquired through clicking on a message or opening an email. Companies must ensure to have the virus filters to be current as well as employing a state-of-the-art firewall and possibly intrusion detection systems.

Check the standard settings of the services: The standard settings of the social media sites can be adjusted such that sensitive is not publicly disclosed.

Use secure passwords: Ensure that you use secure passwords for the social media services. Company internal passwords, or private passwords should never be used.

Get involved: As a company you are already present on social networks. With or without your own account. It makes a lot sense to have somebody at hand to take care of angry customers that use Facebook (or another platform) to vent their displeasure.


Leave a Reply