If you are a business owner or IT professional, you probably have mixed feelings about employee personal social media use. Social networks serve as a great way to network with prospects, connect with clients and help employees promote your brand. On the other side of the coin, employee social media use can open up a business to increased risk of fraud and data theft. According to a 2013 Javelin Research report, 69 percent of enterprise businesses are worried that data leaks via social media can expose the business to risk.
We've seen it happen before to other companies. An employee can publish a seemingly innocuous bit of information on their personal social media profile, like an email address or even a favorite pet's name, and that information can be mined and used for phishing scams or even to answer security questions that will reset company passwords.
The question is, what can businesses do about it? How can they mitigate the potential impact and risk of information that their employees post online?
It's not a simple question to answer. We've all gotten so used to sharing personal information online, and a business can't stop its employees from engaging on social networks outside of work. There is no way to eliminate the risk completely, but it can be managed.
One of the best ways to manage this risk is to create a formal social media usage policy for employees.
Morgan Stanley is one of the first financial firms to embrace social media use among its analysts. In 2012, the company rolled out a social media policy that provides a good example of how businesses, even those that are publicly traded and strictly regulated, should approach managing an employee's online interactions. Morgan Stanley's policy includes clear rules outlining the types of content an employee can post online, the tools the company provides for social engagement, the platforms employees can use to connect with clients and prospects as well as pre-approved content they can share with their networks. The company also monitors usage to ensure no sensitive information is shared and that employees are sticking to the policy. While Morgan Stanley's approach may not work for all businesses and industries, it does ensure that the information each employee is sharing is carefully managed, and that the company is minimizing its risk.
The second best thing a business can do to reduce risk associated with social sharing is to educate its employees. Make sure they understand the social media policy and the risks associated with sharing sensitive information online. Teach them how to secure their online profiles by doing things like setting strict privacy settings and checking them frequently, only connecting with contacts they know, and setting different passwords across websites. These action items may seem pretty elementary, but you would be surprised. According to a 2012 Velocity Digital study, 25 percent of Facebook users don't even bother adjusting the privacy settings for their profiles, which means anyone can see everything they post.
Finally, for those instances where an email address is mined or other sensitive information is shared on a social network, we recommend proactive credential monitoring. With proactive monitoring, businesses and employees can receive an alert if their personal information has been compromised, giving them the opportunity to update passwords and reset logins before the information can be used for data or identity theft.
CSID hosted a webinar earlier this year where experts from a variety of perspectives analyzed the risks employees and enterprises face when it comes to social sharing. If you are interested in learning more about this topic, I encourage you to check out the webinar and supporting content.