Governance, Risk Management and Compliance (GRC)

7 Social Media Security Tips To Protect Your Business

Robert Siciliano

Share This Post!

Many small businesses recognize the benefits of having a social media presence for customer service and long-term marketing purposes. However, many companies are slow to recognize important social media security issues, and how an employee’s own social presence can impact these issues.

In response, some companies restrict internal access. Others may prevent employees from associating with the company on their own social platforms. These policies arise due to the fact that whatever an employee says publicly outside of work can have a significant impact on the organization.

Social Media Security: A Very Real Threat to Your Company

Last year, I presented a robbery response program to a credit union. My presentation came after a mock robbery was staged using real policemen acting as masked robbers with guns. The robbers came in, guns blazing and screaming profanities, and were very disturbing in their delivery. Some tellers cried, others cowered. Pregnant women were not allowed to participate in the mock robbery, and for good reason—cops make great robbers!

At the end of the robbery, we all circled and discussed what happened. The teller who received the mock robbery note read it aloud. It read: “Your husband works at the Main Street Garage. We intercepted him when he was opening this morning. He is in a trunk at an undisclosed location. If you hit the silent alarm and the police come, we will kill him.”

In this scenario, robbers discovered the teller’s social media sites by searching the name of the bank as an employer. After finding her personal profile, the robbers looked up her spouse’s place of employment. They were able to learn what time he opened and closed the shop. Scary!

7 Tips for Safe Social Media Usage

Here are seven social media security tips that your small business may want to consider implementing:

1. Institute a policy. Social media policies must be in place to regulate employee access and establish guidelines for appropriate behavior. Policies must specifically state what can and cannot be said, and should specifically address slang, abusive language, etc. Employers should train their employees on proper use as well. A quick search for “social media policy” will return lots of great ideas.
2. Consider a no-employment disclosure. Request that employees leave their employment status blank when setting up a social site profile. Employees represent their employer 24/7/365, so what an employee says on or off the job directly reflects on his or her employer and can be used against the organization.
3. Limit access to social networks. There are numerous social networks serving different uses, from discussing wine and recreation to finding music to movies, and these networks are used for everything from friending people to finding a job. Some are more or less appropriate, and others are less than secure. Employee associations with off-color social networks may come back to haunt the company.
4. Train IT personnel. Policies and procedures begin from the top down. The managers and IT personnel who are responsible for managing technology need to be up to speed with social media security risks and set leadership examples.
5. Maintain ongoing monitoring and security. Once a policy is in place, it needs to be updated and enforced, and employees’ online lives must constantly be scrutinized. Invest in consulting, hardware, software and anti-virus protection, and update critical security patches for your operating system to make sure your business network is up to date.
6. Lock down social settings. Require employees to learn about and incorporate maximum privacy settings. Most social networks have privacy settings that need to be administered to the highest level. Default settings generally leave the network open for attack.
7. Don’t completely eliminate social media. Eliminating access to social media opens an organization up to other business security issues. Employees who want access will get it—and when this happens, they sometimes go around firewalls, making the network vulnerable.

 
Looking for more information on social media business best practices? Browse our social media tools resource page for blog posts, product reviews and exclusive content.

[This post originally appeared on Robert Siciliano’s Personal Security and Identity Theft blog and is republished with permission.]

• Consultant

Robert Siciliano

IDTheftSecurity.com

ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His “tell it like it is” style is sought after by ...