How to Protect Your Business Against Social Media Blunders
You can run, but you can’t hide. Social media is everywhere and it’s invaded the workplace. While we could argue the merits of social media at work all day long, at the end of the day, people are going to use social media at work. And for many companies, social media is a critical part of their marketing strategy. Today people are liking, tweeting, linking, and connecting -- on company assets, bandwidth, and time.
For your corporate IT security team, this presents a challenge. And while there are extravagant ways to block access, many organizations choose rather to limit access and make sure people use social media appropriately and securely. Here are seven tips to secure your businesses’ social media.
- Be careful of what you post. Some things are common sense. Don’t post derogatory comments about your company or your boss. Don’t post material that is inappropriate or unprofessional or reflects poorly on your character. Keep in mind, these posts are “forever” and future employers and clients will be searching them! Remember also that even if you are careful with what you post, you can’t control what others will do with the information, images and links that you post.
- Document and communicate a social media policy. Most large companies and government organizations have a social media policy. You can refer to some examples of social media policies for different industries and organizations. Your company should include your social media policy in your company handbook and require that all your new employees read and sign it. If you’re a public or high profile organization, you might want to consider monthly or quarterly training to make sure that the policies are updated and understood by everyone. A PR embarrassment can be expensive and damaging.
- Enforce the use of strong passwords. This may be the most obvious line of defense. Strong passwords are complex. Here are the characteristics of a strong password: At least 7 characters long, does not contain your user name, real name or company name, does not contain a complete dictionary word, is different from previous passwords, contains an upper and lower case letter, and a symbol or number. Remind your employees that their social media password should NOT be the same as their corporate or network or work login! If you use only one password and it falls into the wrong hands, the “bad guy” can do serious damage across multiple areas. That could be catastrophic to your business.
- Take advantage of corporate security measures like application control and encryption. There are a number of network security products that offer application control of Facebook and Twitter. These controls can range from allowing users to have “read-only” access to apps like Facebook posts and tweets to having full access that would allow posting, uploading video and images. Although this type of control is good,
it doesn’t work well when Facebook and Twitter use SSL by default. If your organization doesn’t have a way to decrypt Facebook and Twitter, you won’t be able to use the application control feature. It’s important to find a network security solution, such as a next-generation firewall or a dedicated SSL appliance that has the ability to decrypt SSL traffic and scale based on your organization's network performance requirements.
- Choose web browsers with high malware block rates. Web browsers are most often the first line of defense for protection against malware. There are large differences among the leading browsers in their ability to block it. In 2013 NSS Labs Web browser tests, Internet Explorer 10 had the highest malware block rate at 99.96 percent, followed by Google Chrome at 83.16%. Apple Safari 5, Mozilla Firefox 19, and Opera 12 all lagged behind with block rates around 10% or less.
- Turn off “location tracking” on social media. Warn employees about “checking into” customer or vendor sites on apps such as Facebook or Foursquare, which can reveal competitive location information or even merger and acquisition plans.
- Be careful of what your employees post on LinkedIn. Refrain from posts that include sensitive information about their job duties, bonuses, etc. since the posts could shed light on sensitive topics or project details they are working on. Additionally, if the company is involved in big changes such as a merger or acquisition, executives shouldn’t accept LinkedIn requests from the company and direct peers they are negotiating with.
Spell out your social media policies and best practices. It may just save your company or organization from embarrassment or damage. Empower your employees by training them to be aware and secure, and in how to avoid becoming a statistic.