Photos from a family vacation, but also office desks and team buildings. Most employees share their lives on social platforms – and they may be tempted to let their followers peek into their careers. However, sharing work-related content can hurt the employer and jeopardise company safety. How can we minimise the risks? Provide your employees with guidelines and create a cyber-secure social media policy.
Social platforms provide users with a space to create cities and share their experiences and memories. But since work significantly affects human lives, one may not always know where to draw the line between what is shareable and what can damage the employer. Sometimes all it takes to weaken the company’s security is a casual photo of an employee’s desk, as sensitive information that appears in the background may be captured.
The problem with social media at work – which involves using platforms during working hours, sharing work-related content, or logging in to social media apps from the company’s devices – is something most businesses will have to deal with sooner or later. Still, research by the Pew Research Center uncovered that while 74% of adults use social media, 73% of companies don’t give their employees any official guidance on social media usage. Take a look at some tips on preparing a functional social media policy.
1. Set the goal of your social media policy
Social media policies can have numerous functions, so when preparing the guidelines for your company, set the goals you hope to achieve first. The policy should primarily increase the cybersecurity of your business and staff; however, the guidelines may also touch upon the issue of preserving your brand’s reputation. You can focus solely on the work-related content your employees share, or you may also make suggestions against posts including complex topics such as racism, misogyny, or discrimination. Knowing your goals from the start may help you decide which points to include and how general or particular your policy should be.
2. Draw the line between what is safe and what is risky
Your employees should not share trade secrets, personal information about their colleagues or the clients of your company, unannounced business plans, or even professional issues online. But even seemingly innocuous pictures from the workplace, such as a photo of workspaces, can be unsafe. Seemingly unimportant details – such as documents, Post-it notes, or the windows on the screen – may contain personal data and put the employer, employees, or clients at risk. Your policy should distinguish between information that can be shared online and data that, when made public, could decrease the security of your company and staff. You can avoid confusion by creating a series of preapproved posts that your employees can use as a guide. Additionally, ensure they know whom to contact when they are in doubt.
3. Instead of generic guidelines, deal with specific social media too
You should keep in mind that there are differences between various types of social media. Some apps may be viewed as more cybersafe than others. Social media also includes personal blogs, which may be created under sites more susceptible to hackers. Thus, you may want to personalise your policy to cover the different platforms, specify which safety regulations you expect your employees to follow, instruct them on how to properly secure their accounts with strong passwords and multi-factor authentication (MFA), and state which privacy settings you recommend.
Learn how to set strong passwords.
4. Discuss the use of social media during working hours
Your policy should at least touch upon the issue of using social media apps while working. In some cases, the platforms can be employed for communication between employees, and some people even use social media as a part of their job or to find information that could help them solve work-related issues. Make sure you can find a ratio that allows your employees to use social media platforms for good while staying focused on work and cybersecurity.
5. Focus on the risky (but everyday) activities
Apart from sharing, social media users can engage in interactive content and communication on social media apps. These activities may represent more risk – worms (quickly spreading malware that replicates itself), phishing, and more. Your social media policy should discourage your employees from clicking unknown links or messages from suspicious accounts. Another popular activity – especially on Facebook – is quizzes.
These can make the time go faster and sometimes they feel like a fun interview. What many users don’t know is that their answers are not always kept private. In 2015, a Facebook quiz app named Most Used Words stated in its conditions that by agreeing, the user gives the developers permission to sell their data to third parties – including name, pictures, friends, entire Facebook history, and even the IP address and specifics of the device. Scammers can also use the information shared in quizzes to guess passwords; therefore, avoiding these activities can be essential in preserving your company’s cybersecurity.
6. Emphasize the benefits of social media policy
The Cyber Readiness Institute survey revealed that “22% of workers admit to ignoring or working around their company’s cybersecurity guidelines on a daily or weekly basis.” Why? Perhaps they are unaware of the possible benefits of maintaining their cybersecurity. They are unsure where to find the guidelines or simply view the policy as a set of optional recommendations. To prevent this neglectful approach, you should make your policy available so that employees can check it anytime. You could also organise a training during which the individual points of your policy will be explained and justified.
7. Stay up to date
As these technologies continue to develop, it’s more than possible that your employees will face new issues over time. Cooperate with your IT team, observe the world of social platforms, notice the changes and new challenges that arise, and react to them. You can do that by regularly scheduling regular meetings with your employees, training, and periodically upgrading your social media policy.