Policies first

How to prepare a cybersecure social media policy for your employees

6 Minutes reading

Photos from a family vacation, but also office desks and team buildings. Most employees share their lives on social platforms – and they may be tempted to let their followers peek into their careers as well. However, sharing work-related content can hurt the employer and weaken the company’s safety. How can we minimise the risks? Provide your employees with guidelines and create a cybersecure social media policy.

Social platforms provide their users with a space where they can create their own communities and share both their experiences and their memories. But since human lives are greatly affected by work, one may not always know where to draw the line between what is shareable and what can damage the employer. Sometimes all it takes to weaken the company’s security is a casual photo of an employee’s desk, as sensitive information that appears in the background may be captured.

The problem with social media at work – which involves using platforms during working hours, sharing work-related content, or logging in to social media apps from the company’s devices – is something most businesses will have to deal with sooner or later. Still, research by the Pew Research Center uncovered that while 74% of adults use social media, 73% of companies don’t give their employees any official guidance on social media usage. Take a look at some tips on preparing a functional social media policy.

1. Set the goal of your social media policy

Social media policies can have numerous functions, so when you are preparing the guidelines for your company, set the goals you hope to achieve first. The policy should primarily increase the cybersecurity of your business and staff; however, the guidelines may also touch upon the issue of preserving the reputation of your brand. You can focus solely on the work-related content your employees share, or you may also make suggestions against posts including problematic topics such as racism, misogyny, or discrimination. Knowing your selected goals from the start may help you decide which points to include and how general or particular should your policy be.

2. Draw the line between what is safe and what is risky

Your employees should not share trade secrets, personal information about their colleagues or the clients of your company, unannounced business plans, or even professional issues online. But even seemingly innocuous pictures from the workplace, such as a photos of workspaces, can be unsafe. Seemingly unimportant details – such as documents, Post-it notes, or the windows on the screen – may contain personal data and put the employer, employees, or clients at risk. Your policy should make a clear distinction between information that can be shared online and data that, when made public, could decrease the security of your company and staff. You can avoid confusion by creating a series of preapproved posts that your employees can use as a guide. Additionally, make sure they know whom to contact when they are in doubt.  

Infographic showing what social media use employees at work the most

3. Instead of generic guidelines, deal with specific social media too

You should keep in mind that there is a difference between various types of social media. Some apps may be viewed as more cybersafe than others. Social media also includes personal blogs, which may be created under sites more susceptible to hackers. Thus, you may want to personalise your policy to cover the different platforms, specify which safety regulations you expect your employees to follow, instruct them on how to properly secure their accounts with strong passwords and multi-factor authentication (MFA), and state which privacy settings you recommend.

Learn how to set strong passwords.

4. Discuss the use of social media during working hours

Your policy should at least touch upon the issue of using social media apps while working. In some cases, the platforms can be employed for communication between employees, and some people even use social media as a part of their job or to find information that could help them solve work-related issues. Make sure you can find a ratio that allows your employees to use social media platforms for good while staying focused on work and cybersecurity.

Infographic showing reasons why employees use social media at work

5. Focus on the risky (but common) activities

Apart from sharing, social media users can engage in interactive content and communication on social media apps. These activities may represent more risk – worms (quickly spreading malware that replicates itself), phishing, and more. Your social media policy should discourage your employees from clicking unknown links or messages from suspicious accounts. Another popular activity – especially on Facebook – are quizzes.

These can make the time go faster and sometimes they feel like a fun interview. What many users don’t know is that their answers are not always kept private. In 2015, a Facebook quiz app named Most Used Words stated in its conditions that by agreeing, the user gives the developers permission to sell their data to third parties – including name, pictures, friends, entire Facebook history, and even the IP address and specifics of the device. The information shared in quizzes can be also used by scammers to guess passwords; therefore, avoiding these activities can be an essential step in preserving the cybersecurity of your company.  

6. Emphasise the benefits of social media policy

The Cyber Readiness Institute survey revealed that “22% of workers admit to ignoring or working around their company’s cybersecurity guidelines on a daily or weekly basis.” Why? Perhaps they are not fully aware of the possible benefits of maintaining their cybersecurity, they are unsure of where to find the guidelines, or they simply view the policy as a set of optional recommendations. To prevent this neglectful approach, you should make your policy readily available so that employees can check it anytime. You could also organise a training during which the individual points of your policy will be explained and justified.

7. Stay up to date

As these technologies continue to develop, it’s more than possible that your employees will face new issues over time. Cooperate with your IT team, observe the world of social platforms together, notice the changes and new challenges that arise, and react to them. You can do that by scheduling regular meetings with your employees as well as regular trainings, and also by upgrading your social media policy regularly.