At any given moment nowadays, on-the-clock staff are checking and updating their social media statuses, reading feeds and networking on business social media sites. Moments will often stretch to minutes: A recent study by the Ponemon Institute found that 60% of social media users spend a minimum of half-hour daily on these sites when at work.
Social networking has become a hugely popular channel of communication for many, and while firms at first resisted on-the-job use of social media, many currently embrace it as good for business.
An increasing number of companies currently use specialized enterprise social media tools will spark enhanced collaboration among co-workers, increase worker productivity considerably and improve communications.
When it involves public social networking sites, these might help a company attract customers and staff, improve client service and manage its brand image way more effectively. So it's going to be likely that while they're making use of a personal enterprise social media communications tool to communicate and collaborate with each other workers are still probably sharing professional information publicly online elsewhere.
The Risks of Public Social Networking
The inherent risks of public social networking are often terribly dangerous for business. And they will definitely pose a large security risk if usage isn't properly monitored and regulated. Public social media sites can be a very effective portal for malware attacks and also the covert gathering and dissemination of sensitive data. Google the word Facebook privacy and and you will see ample demonstration of that reality.
Other threats include network breaches, property theft, leakage of sensitive business data and hijacking of internet sites and social media accounts. Perhaps even worse a single malware instance introduced from an online source – and as we mentioned social media sites are becoming a hacker's paradise – can cripple the software and hardware systems of a company in just minutes, potentially wrecking all kinds of havoc.
However these threats seldom actually come from the softwares themselves. Instead, it's more typically the case that the users themselves – and their behaviors – are the real problem.
Containing these risks calls for a formal security strategy that fuses policies governing the utilization of social media with technology that monitors and protects the company network. It's then essential to strengthen these policies and technologies with thorough and continuous worker training on acceptable use of social media.
Creating a Social Media and Communications Security Strategy
A first step in creating a social media security strategy is classification of business information so staff understand exactly what is — and isn't — sensitive data. This method also ought to specifically state who is permitted to access corporate content and the way that information is used.
Policies can vary by worker role and by social media website. For example, a employee may be permitted to incorporate employer affiliation and job title on a public profile on a business media web site, but not on a private one; human resources staff may be allowed to provide more company data because doing so is crucial to recruiting.
Hackers currently heavily target mobile devices like smartphones and tablet PCs. Businesses should specify whether or not staff are permitted to access social networking sites from these devices and which apps may be used to do so.
Once policies are established, it's going to be necessary to strengthen them with a carefully considered combination of network observance and data protection technologies. In some cases, these technologies might already be in place as a part of standard IT security measures. If so, they should be configured to incorporate social networking controls.
The Challenges of Changing Worker Behavior
With social media, even a carefully planned mix of policies and technology might not be effective enough. That's because you can't stop staff from posting data on social media after they go home at night; individuals can do what they want, in spite of company policy. What can you do? Implement a rigorous and continuous worker education program on the appropriate use of social media.
A business ought to proactively train staff and be very clear regarding what it considers the correct use of company data. Be specific: Tell them what they can and can't say on social networking sites about the company. Staff should understand that posting corporate knowledge is totally forbidden — unless it's expressly encouraged.
Tailor the education program to meet the security knowledge level of your staff. The risks of malware, data loss and other threats should be described in very real situations that specify impacts to the individual and also the business.
Show staff how to recognize current scams utilized in social media attacks and how to spot a phishing website. Training should demonstrate how these threats propagate on social media and the way they'll be downloaded to a user's laptop or mobile device and then infiltrate the enterprise network. Emphasize that this knowledge will be as useful at home as it is in the workplace.
Education shouldn't be completely technical, however. For many staff, sharing via social media has become so reflexive that they may not realize however innocently information is posted on a public social network it may hurt a business. Employees also should understand that when they identify themselves as an employee they're representing the company to the digital world.
Finally, fully explain the implications of failure to follow company policies on use of social media. Be very clear: there will be consequences for those that violate the company code of conduct for privacy, client confidentiality and property. As harsh as that might sound there really do need to be penalties for those who still continue to put the security of corporate data – and even corporate systems – at risk.