How comprehensive is your Social Media Policy?
Those of us who have been using IT in our business lives for some years have become used to the email as a primary form of communication. Since the mid to late 90’s we have used email for the majority of internal and external communication and, whilst allowing for the occasional user error in choosing the correct recipient, we have come to trust email as a pretty confidential way to communicate.
By the mid 2000’s social media was growing as the medium for instant contact and sharing with users able to reach the maximum number of people at the click of a mouse.
Both email and the plethora of social media platforms provide the cybercriminal with the opportunity to trap the unwary. Since the birth of email, software has been developed and refined to monitor and protect your emails. When you switch your computer on in the morning your email should have been filtered for junk and spam and checked for viruses and malware. Despite this, email is still a vehicle for all kinds of unpleasantness and the phishing email is one threat often talked about.
By contrast social media is still relatively new and potentially dangerous, one in five phishing attempts is made through social media.
Many of these attempted scams are random, simply looking to snare the unwary “clicker”, but others will be more sophisticated and targeted attempting to take the user to a false website with the aim of gathering usernames and passwords.
Whilst direct threats in the form of phishing must be combated, as big a risk to a business in this social media age is accidental disclosure. For many more recent entrants to the workplace, social media is the norm for communication and interaction. Many social media platforms give the allusion of privacy that we are used to with email but in reality posts, photographs, videos etc. are often viewed by a wide audience – particularly as different sites can be linked to allow cross-posting.
When people feel comfortable using a particular medium their guard may come down. The many examples of profiles and posts on Facebook, Twitter and Snapchat revealing far too much personal information emphasises the point.
So staff posting to social media, particularly if there may be an indication of where they work, may inadvertently disclose information about the business that could be harmful. Most businesses operate official social media accounts, using cleverly crafted posts to promote their goods and services, the last thing they need is adverse or contradictory social media presence however unintentional.
Clamping down on social media use in the workplace is not the answer. Even if you configure your network to banish social media at the office, personal smartphones mean that Facebook or Twitter is always within reach. Also, it such a part of many people’s daily lives that attempting to banish it from the work place may well lead to resentment and lower morale.
Staff need to be made aware that there is more to social media security than knowing not to click on dubious links and to block spam followers. Your business should have a Social Media Policy that not only covers the critical security issues but also educates your team about how the company likes to be presented, showing that small, seemingly innocent, revelations could have unexpected consequences for the company.