Love it or hate it, social networking has firmly embedded itself into the fabric of our world. The likes of Facebook, Twitter and LinkedIn can be powerful business tools, especially for marketing, communication and recruitment purposes.
But there is also the less appealing nature of the beast. Provide employees with access to the Internet and most will check their online profiles at least once during the day and the resulting downtime can quickly accumulate. But, to a business, a far greater threat than the lack of productivity is the security of what is shared online through these networks.
So what are the benefits and risks to businesses when engaging with the social media phenomenon?
To Like or Not to Like: The Benefits and the Risks
- Social networking can be used for marketing, expanding commercial reach and advertising, with the only tangible cost being the time needed to maintain the account;
- Used appropriately, social networking sites can be used to communicate easily with existing business contacts and connect with new ones;
- A regularly updated online presence can have a positive effect on reputation, reinforcing the brand image and demonstrating awareness of current trends;
- There are no geographical restrictions providing potential to reach new areas with little or no expense;
- Can be used to motivate, by building and maintaining relationships between leadership and employees; and
- Build company culture and communicate policy changes and announcements.
- Social networking sites themselves are not generally a concern, it is the behaviour of the users that presents a risk;
- When considering the possibility of leakage of confidential information or intellectual property, exposure through word of mouth can be hard enough to control but words can be forgotten. An individual making a comment on the internet to an audience of thousands greatly increases this threat and posts can be found through a search engine indefinitely;
- Viruses and worms are often incorporated into fake profiles, e-mails or postings from Friends. Careless use could lead to inadvertent downloading of malware, spyware, adware or ransomware, or even the hijacking of the account; and
- There is a threat of exposure to offensive web content via links contained in e-mails, posts and tweets.
After reviewing these risks and benefits, there are several options available to you when considering the use of social networks.
- Allow unrestricted access to social networking sites: providing employees with unrestricted access could boost morale, however there is the potential for this access to be exploited;
- Allow restricted access to specific sites or at specific times: allowing employees access to certain sites, perhaps those designed for business networking, or allowing access to personal sites only outside of business hours or during lunch;
- Allow access to social networking sites only to those authorised to use a business profile: for example marketing teams who update the site with business related information;
- Block access to all non-business related sites for all employees: only allow access to sanctioned business related programs; and
- Block internet access to all: this is an unlikely option since many companies now use internet based programs for day to day operations.
Social Networking Policy
For those businesses that decide to use or allow access to social networking sites, it is crucial to implement and maintain a social networking policy. The policy will provide employees with guidance so that they are accountable for their actions. While specific components of the policy will vary dependant on the nature of the organisation and how they use social networking, there are several elements that should form the basis for any social media plan.
Guidelines and Restrictions
It is important to establish a level of control that provides protection whilst allowing the informality that is the foundation of social networking. Business data should be classified so that employees are fully aware of what sensitive information is and what can and cant be mentioned on profiles or in posts. Also determine who is authorised to access corporate content and modify accounts on behalf of the company. Remember that mobile devices such as smartphones and tablet PCs are also at risk from hackers, so be sure to specify if employees are permitted to access social networking from these devices.
Education and Training
Educating employees on the acceptable use of social media is essential to reducing the risks. Each employee represents the company and a thoughtless tweet about a product launch or personnel change has the potential to damage reputations.
Consider limiting the posting of corporate data unless authorised and clearly state the consequences of failure to follow policy: disciplinary or dismissal procedures can be implemented for employees who violate policies. Although this may seem heavy handed, prevention is always better than cure.
Once a policy has been approved, it is important to monitor the activity relating to the business. Check the networks for the company or product name, find out what is being said. If customers are losing faith in the company, take the opportunity for promotion by addressing concerns. Failure to monitor on a regular basis could lead to loss of sales and damage to reputation.
Monitoring can also be an opportunity to see what people are interested in, helping to shape future campaigns.
Maintenance and Updates
It is worth remembering that unless your Web security software is capable of fulfilling the requirements stated in the policy, the policy itself will be useless. Regular reviews of software capabilities, changes to programs and security settings, should be undertaken.
Incident Response Plan
If a business faces a crisis, such as a loss of systems or product faults, an incident response plan should include measures for addressing issues via social media. Recalling products and providing updates on service availability can provide customers with assurance that the issue is being dealt with. If handled swiftly and correctly this action could limit the impact on reputation.
Social networking has evolved so rapidly that many companies struggle to keep up with the changes and subsequent implications. The growth shows no signs of slowing, so it is important to remain vigilant to the threats. Education is essential across all levels of the business to ensure that the advantages of using social media are not negated by the risks.
Time to Re-write the Security Rulebook as Social Networking Goes to Work
The Social Enterprising Environment
BYOD: It's Time to Throw Out the Rule Book
CS Risk Management is exhibiting at Infosecurity Europe 2013, the No. 1 industry event in Europe held from 23rd through 25th April 2013 at the prestigious venue of Earl’s Court, London. The event provides an unrivalled free education programme, exhibitors showcasing new and emerging technologies and offering practical and professional expertise. For further information, please visit www.infosec.co.uk.