Is Your Social Media Strategy More Of A Cybersecurity Faux Pas?

Written by

Are there things you don’t want your employees talking about on social media? Have you told them? More than 80% of adults are active on some form of social media, but that phenomenal reach is a double-edged sword for businesses. What makes social media a mighty marketing ally, also gives it prodigious power to do harm.

The range of threats is huge: social media can be a vector for cyber-attack, an intelligence resource for criminal activity, a fissure for the loss of confidential data, and a potential source of public embarrassment and reputational damage. 

Despite the risks, almost 50% of companies do not have a social media policy for employee and corporate accounts, according to the Pew Research Center.

If you can’t beat ‘em…
Even if your organization chooses to have no official presence on social media – which seems a risky strategy in the Internet age – your employees will certainly be on Facebook, Twitter and Instagram, and what they post can affect your business. 

Anecdotes and attitudes that might previously have been shared with a small group of family or friends become part of the lexicon of information about your business that is in the public domain. Fact or fiction, bouquet or brickbat, it’s out there.

Blocking social media is not the answer. Not only does that have an adverse impact on marketing and brand management, a blackout approach is also likely to trigger an increase in ‘shadow’ IT and a corresponding rise in cybersecurity risk as staff try to circumvent the ban by using non-corporate devices and systems.

So, if you can’t beat them, join them and – more importantly – train them. Corporate social media accounts will help you to control the narrative and most organizations now embrace these platforms as part of their core marketing strategy, but you can do more to defend and protect the business from the dark side of social networking.

A well-defined social media policy, backed up by technological safeguards and solid staff training, plays a big part in reducing risk and will ensure your social strategy doesn’t become a cybersecurity faux pas.

A Game Plan for Social Media Safety
Social media services present the same threats as many other online services. Scams are on the increase and the platforms are likely to become a key attack vector over the next few years. 

The trick is to harness the positive power of social media and leverage the marketing potential of employees while minimizing your exposure to the multi-faceted risks. 

So, in the first instance make sure you have equipped your staff with the knowledge and skills to use social media safely. This can include adopting social media training as part of your wider security training, giving staff the tools and learning they need to stay safe. You can provide ‘advice’ on lock-down settings. These settings are contained within personal accounts, but most users are ignorant of them. Finally, instruct your employees to keep their personal thoughts separate from the business they represent, and help them understand how to avoid linking the two.

If your employees are being social safely, you also need to make sure your own house is in order; here are some tips.

  • Conduct security reviews of social media sites: they will often change their settings.
  • Classify your data so people know what they can and cannot post on social media – and give verbal guidance too.
  • Ensure that connections to social networks are via TLS, and manage passwords/corporate accounts effectively.
  • Keep track of accounts across your enterprise and consider investing in a social media monitoring platform (e.g. Social Mention, Hootsuite), these can not only can assist your brand management and marketing online, but can also be configured to save embarrassment when employees maliciously or unintentionally post something damaging.

You can’t stop staff members using social media, but you can effectively train and continuously educate them about the hazards. And the tools you give them to protect your organization online will also improve their personal security.

Try to reintroduce a healthy level of skepticism and caution in your employees’ approach to information they receive – and give out – via social media. All critical thinking seems to go out of the window when it comes to Facebook ‘likes’.

By using table-top exercises and fully demonstrated attacks and leaks, you can ensure staff members understand the technical and privacy risks associated with social media, and that they are representing the company even when they don’t intend to.  

An organization that wants to capitalize on the marketing potential of its workforce must provide the training and clear guidance required to make the online presence of employees an asset as opposed to a liability. Responsibility runs both ways.

What’s hot on Infosecurity Magazine?