People love to share. That could be bad news for your business...
Like it or not, social media is now woven into the very fabric of everyday life for many of us. Whether it’s Facebook, LinkedIn, Twitter, Whatsapp or one of many, many other social networks, it’s become incredibly easy to chat and to share news and photos with family, friends, colleagues and complete strangers. But with all that sharing going on, it’s not surprising that social media can also be a major security threat for businesses.
Of course, social media has many benefits for businesses. At TMB, for example, we use Facebook, Twitter, Google+ and LinkedIn to share blog posts, to promote events and to engage with customers and the public. We also run paid advertising campaigns, which help us to promote our services and products.
Nevertheless, we’re also aware of the many pitfalls that social media brings with it. For a start, it can be a significant distraction for staff. For this reason alone, some organisations simply block sites like Facebook and Twitter from being accessed over their networks. That, though, isn’t necessarily the most effective solution, seeing as most people carry smartphones with mobile internet, which can be used to access those same sites.
Instead, it may be better to trust your people not to use social media when they’re supposed to be working, and to issue clear guidance about how to use it safely. This is where an official social media policy can be invaluable.
In this, you’ll need to consider, among other things:
Irresponsible use of social media can compromise company passwords in a few different ways. Firstly, you shouldn’t use the same passwords at work as you use for your social media accounts. If your Facebook details were stolen, for example, and they're the same ones you use at work, they could be then used by criminals to gain access to your business’s data. Secondly, people share large amounts of information about themselves online, like the names of pet, mothers’ maiden names and their own birthdays. Bearing that in mind, it should go without saying that passwords, particularly business ones, should not be based on any such publicly available information. A third way password integrity might be jeopardised is through social engineering. It’s alarming how much information people will give up in things like online quizzes and games, just so they can find out which Lord of the Rings character they are or so they can be told their IQ is in the top 1% of the universe.
Once upon a time, if someone had a bad day at work, they’d go home, have a moan about it to their friends and family, sleep on it, and wake up feeling better. But thanks to social media, people often share these same frustrations online, despite the fact these are often public spaces. Even though social media accounts can easily be set to be private, many users continue to share all their status updates, comments and photos with the entire world. So when things don’t go their way in the workplace, and they start insulting their co-workers, their bosses and the company itself, it’s not just friends and family who are listening. What’s more, online words are far more permanent than spoken ones. Disparaging remarks about your company could be online permanently, and could even appear in search engine results.
Not everyone is going to like everyone else – that’s just a fact of life, and it’s no different in business. Yet we all have a duty to be professional, and conflicts should be managed in a healthy, productive way, which allows for people to work together effectively and with as little friction as possible. That’s a bit tricky if your staff are openly vilifying each other on social media.
Of course, you can’t make people like each other, and they’re entitled to their opinions, but if they’re insulting each in public, that’s not good for team harmony – and your business will suffer as a result.
Privacy And Personal Data
As the incoming General Data Protection Regulation proves, personal data has value, and privacy is sacred. It’s vital that everyone in your organisation is aware of this, and that they know they shouldn’t share confidential information online. In a health setting, for example, talking about patients online would be a breach of trust and, in many cases, a sackable offence. Depending on the information that is shared, it could even be illegal.
As discussed at our recent GDPR and cyber security seminar, insider threat is a very real danger for businesses. Disgruntled current or ex-employees could steal money or data, or they could just wreak havoc, destroying information or locking you out of your own systems. For the same reason that you should revoke network access and take back company equipment, you should also make sure ex-employees are no longer able to access your business’s social media accounts. If you don't, they would be able to post whatever they like, while posing as your company, and they could waste money on bad paid ads or just delete your accounts altogether.
Social Media Solutions
There’s a lot more you’ll need to think about than these few points, of course. What’s important, though, is that everyone within your organisation is aware that you have a social media policy, what it contains and where it can be found if they want to read it.
Firewalls and other technology can help solve some of the problems with social media, by blocking unsafe links and preventing unauthorised code from running on computers, but awareness and personal responsibility are vital too. If your users know the dangers of social media and understand why they need to be careful about how they use it, it can be a major boost for your business, rather than just an annoyance.
Do you have the right technology to prevent misuse of social media within your business? Call us on 0333 900 9050 to find out how we can help.