How should businesses deal with social media risks?

Written by

According to research, one in five phishing attempts is made through social media. When LOGICnow surveyed managed service providers (MSPs) to find out what areas of security they were worried about, only 6% chose social media.

We’re used to the deluge of spam and phishing attempts over email—the absurd names, the promises of money and the occasional well-crafted attempt which could steal user identities and passwords for all online accounts: service providers and customers are still catching up with the risks social media presents.

There is a simple solution to the risks of social media; however, it might not be possible for many businesses. The line between work life and personal life is increasingly blurred, and social media is part of this issue. Marketing teams promote their brands through Facebook. Service companies use Twitter to answer complaints. Professionals network on LinkedIn. Social media is clearly in everyone’s daily life.

Even for those employees who don’t have social media as part of their job description, banning it may be counter-productive. Many organisations already have a problem with shadow IT—employees using their own devices for work purposes, even though those devices may not be secure. Anyone who remembers having to use Lotus Notes for email knows how awful it can be to be forced to use technology they don’t like for everyday tasks.

Forcing employees, especially younger employees, to use email when they’d rather communicate with their peers in another way can only have a negative impact on morale. Plus, employees may simply keep using the same insecure technology but keep it hidden.

Evaluating the risk

The first step organisations should take is to evaluate the risk from social media. For some sensitive businesses, it may be impossible to tolerate the risks of social media because of regulation and audit requirements. Employees in those industries will simply have to give up snapchatting and tweeting at work on company assets. For other industries, it may be more important to look at where the risks are and educating employees about responsible use of social media.

We’re used to the threats inherent to email—usually it boils down to not clicking on anything you’re not sure about, and not opening any attachments from people you don’t know. With social media, the risks may be subtler. The biggest risks to businesses from social media may not be from direct attacks, but accidental disclosure.

Social media can have the illusion of privacy. Twitter, for example, is full of conversations which may be public and viewable by anyone. However, to the people having the conversation, it can ‘feel’ private.

This feeling of privacy could mean users, collaborating in a space they feel comfortable in, reveal more information than is wise. This could be anything from financial information, to private thoughts which reveal more about a business than the author might suspect.

Employees need to be made aware there is more to using social media safety than not clicking on dodgy links and blocking spam followers. They need to be educated on why small revelations about the company could have wider implications. They need to know however quiet their presence is on social media, their words might reach further than they know.

Creating a clear divide

Another solution may be to embrace social media but keep it separate from the rest of the business network. A separate workstation or wireless device connected to a separate network, dedicated to social media may not work, but the same principle can be achieved by offering a public wifi. Employees can connect to this wifi with their own devices and use them as they see fit without restrictions from device management software, all without risk to the main business network.

Businesses should also think about why their employees are using social media. Email can be great for detailed messages, but as a platform for a conversation, it may not be optimal. Phone conversations are also falling out of fashion—for younger people, it’s a device that actively demands you immediately pay attention to it, unlike the notifications of social media—you can respond to on your own time.

So, the business tools of the last decade may not be the best solution for today. Software such as Slack or Hipchat may be better for communications and might even be a better alternative to regular meetings and conference calls.

Businesses approaching these issues, need to start grappling with the risks of social media now. Soon, new employees entering the workplace will always have activity on social media—simply saying it’s off limits won’t work.

What’s hot on Infosecurity Magazine?