At any given moment nowadays, on-the-clock staff are checking and updating their social media statuses, reading feeds and networking on business media sites. Moments will often stretch to minutes: A recent study by the Ponemon Institute found that 60% of social media users spend a minimum of half-hour daily on these sites when at work.
Social networking has become a hugely popular channel of communication for many, and while firms at first resisted on-the-job use of social media, many currently embrace it as good for business.
An increasing range of firms large and small currently perceive that specialised enterprise social media tools will spark enhanced collaboration among co-workers, increase worker productivity considerably and improve communications.
When it involves public social networking sites, these might help a company attract customers and staff, improve client service and manage its brand image way more effectively. So it’s going to be likely that while they’re making use of a personal enterprise social media communications tool to communicate and collaborate with each other workers are still probably sharing professional information publically online elsewhere.
The Risks of Public Social Networking
The inherent risks of public social networking are often terribly dangerous for business. And they will definitely pose a large security risk if usage isn’t properly monitored and regulated. Public social media sites can be a very effective portal for malware attacks and also the covert gathering and dissemination of sensitive data. Google the word Facebook and hit the news tab right now and you will see ample demonstration of that reality.
Other threats include network breaches, property theft, leakage of sensitive business data and hijacking of internet sites and social media accounts. Perhaps even worse a single malware instance introduced from an online source – and as we mentioned social media sites are becoming a hacker’s paradise – can cripple the software and hardware systems of a company in just minutes, potentially wrecking all kinds of havoc.
However these threats seldom actually come from the softwares themselves. Instead, it’s more typically the case that the users themselves – and their behaviours – are the real problem.
Containing these risks calls for a formal security strategy that fuses policies governing the utilisation of social media with technology that monitors and protects the company network. It’s then essential to strengthen these policies and technologies with thorough and continuous worker training on acceptable use of social media.
Creating a Social Media and Communications Security Strategy
A first step in creating a social media security strategy is classification of business information so staff understand exactly what is — and isn’t — sensitive data. This method also ought to specifically delineate who is permitted to access corporate content and the way that information is used.
Policies can vary by worker role and by social media website. for example, a employee may be permitted to incorporate employer affiliation and job title on a public profile on a business media web site, but not on a private one; human resources staff may be allowed to provide more company data because doing so is crucial to recruiting.
Remember that hackers currently heavily target mobile devices like smartphones and tablet PCs. Businesses should specify whether or not staff are permitted to access social networking sites from these devices and which apps may be used to do so.
Once policies are established, it’s going to be necessary to strengthen them with a carefully considered combination of network observance and data protection technologies. In some cases, these technologies might already be in place as a part of standard IT security measures. If so, they should be configured to incorporate social networking controls.
The Challenges of Changing Worker Behaviour
With social media, even a fastidiously planned mix of policies and technology might not be effective enough. That’s because you can’t stop staff from posting data on social media after they go home at night; individuals can do what they want, in spite of company policy. What can you do? Implement a rigorous and continuous worker education program on the appropriate use of social media.
A business ought to proactively train staff and be very clear regarding what it considers the correct use of company data. Be specific: Tell them what they can and can’t say on social networking sites about the company. Staff should understand that posting corporate knowledge is totally forbidden — unless it’s expressly encouraged.
Tailor the education program to meet the security knowledge level of your staff. The risks of malware, data loss and other threats should be described in very real situations that specify impacts to the individual and also the business.
Show staff how to recognise current scams utilised in social media attacks and how to spot a phishing website. Training should demonstrate how these threats propagate on social media and the way they’ll be downloaded to a user’s laptop or mobile device and then infiltrate the enterprise network. Emphasise that this knowledge will be as useful at home as it is in the workplace.
Education shouldn’t be completely technical, however. For many staff, sharing via social media has become so reflexive that they may not realise however innocently information is posted on a public social network it may hurt a business. Employees also should understand that when they identify themselves as an employee they’re representing the company to the digital world.
Finally, fully explain the implications of failure to follow company policies on use of social media. Be very clear: Jobs are in danger for those that violate the company code of conduct for privacy, client confidentiality and property. As harsh as that might sound there really do need to be clear consequences for those who still continue to put the security of corporate data – and even corporate systems – at risk.
Using Social Enterprise Networks to Maximise Security
Making use of talkspirit, for example, does allow for the integration of social media channels directly into groups, allowing employees to scan and monitor social mentions of the company (something that is a crucial part of some roles, such as those of a social media manager) in real time without having to leave the platform and head into their less secure personal Facebook account (where they also may be tempted to watch ten minutes of cat videos, so it’s likely productivity will be improved as well)
Social media, or rather public social media, is not the only security threat that your company may be facing that can be decreased by use of a social enterprise network. Email, for example, can be a serious problem too.
Even if you provide corporate email addresses for employees, they are still likely to use their personal emails for less formal communications and they are certainly likely to be checking their insecure personal email accounts at work. And even corporate emails can be compromised, phished and hacked.
Implementing a private enterprise social network allows employees at all levels to move much of their internal communication into a closed environment, decreasing those risks. Files no longer need to be stored on an outside platform, they can be housed, shared, and edited within the ESN interface.
Ultimately, the average company is unlikely to escape public communication platforms altogether. However, by becoming more aware of the risks, implementing some of the strategies covered here and making efforts to internalise communications whenever possible not only will you be creating a more secure data environment but a more productive workspace as well.