Monday, September 6, 2021

The Cyber Importance Of Maintaining Social Media Policies In The Workplace

 


Corporate America is embracing the new hybrid work model.  Obviously, some like it and some don’t, but with whatever we are faced with, we are going to have to deal with it as the American Workforce.

But one thing is for sure:  We have to get used to abiding by a new set of rules, which is that of our employer’s.  One such area where this will be felt is in the Social Media platforms that your company uses for its marketing purposes, and even how you can use company equipment to access your own Social Media accounts.

While we were WFH (and still for the most part), we had certain liberties that we took for granted in this regard.  For example, we could access Facebook and Twitter whenever we wanted, without the fear of our boss looking over our shoulders.  In fact, Social Media has much become like our smartphone:  We love it when we have it, and when we don’t, we feel totally paralyzed.

But for an employer, the fears and angst of how to deal with Social Media for the employees is increasing at great levels.  Since the world has gone digital, anybody can post anything, anywhere, at any time when it is least expected.  So what can a company do to protect themselves in this regard?  Here are some tips that you can follow:

*Set clear and distinct guidelines about posting:

As a company, you probably make extensive use of Social Media for your digital marketing efforts, and rightfully so.  After all, for the most part it is free (unless you are running a PPC campaign) and it is a perfect way to reach out to your customers and prospects about your brand, products, services, and even what is down the pipeline for your company.  But being the owner of your business, you obviously do not have the time to post all of that stuff yourself, so you rely on your marketing team to do that.  But that is where the trust now become implicit and clear.  You have to remind your employees that the stuff which is posted on company Social Media sites can only be used for those purposes – and nothing more than that.  For example, its great to talk about an upcoming trade show that your company will be hosting, but it is totally wrong and unacceptable to post anything else which could be deemed as a smear campaign against your competitors.  Yes, there is the thing called the Freedom of Speech here, but remember, your employees in this regard have to abide by your rules that you set forth.  After all, they are playing on your playground.

*Visting on personal accounts:

In this regard, there needs to be a little bit of flexibility here.  For example, your employees probably get burned out looking at their computer screens and Word/Excel files all morning.  They need to take a break, and see something that will make them feel more relaxed, perhaps like seeing family pictures, getting caught up with a close friend, etc.  But you need to make it clear when and how they can access their personal Social Media accounts.  For instance, it should be restricted to only break times, the lunch hour, and after work.  Also, they should not be allowed to use company issued devices for this, they should only use their own devices, and away from the workplace setting.

*Put all of your policies in writing:

Any and all of your Social Media rules and penalties for not abiding by them need to be written and spelled out very carefully in the employee handbooks.  That is one area, but if you have something like an employee portal or an Intranet of sorts, make sure it is posted there as well in an electronic format.  But keep in mind, you have to be very careful with the language that you use.  You don’t want your employees to feel that Big Brother is watching, or that any privacy rights they may have are being intruded upon.  So, it is wise to have your attorney and/or even a professional human resources consultant look this over before you post it.

*Keep tabs on what is being posted:

Now of course, as an employer, you have no control as to what your employees post on their personal accounts during their break times and after work hours.  But you can keep tab on what is being posted on the company sites.  In this regard, you could probably make use of both AI and ML tools to track for certain keywords, or even the language/syntax of the content that is being posted.  This is not restricted to just during work hours, you also have the right to monitor these sites 24 X 7 X 365.  But the caveat here is that you need warn your employees that they are being watched as they post stuff on company related Social Media sites.  You may even want to hire somebody to keep watch on all of the content that is going up, if you make that much use of Twitter, Facebook, and Linked In.  There is also another reason for doing this:  You will also be able to keep track of any signs lurking about a potential Insider Attack that could be brewing from within the confines of your business.

My Thoughts On This:

There are two other reasons why you need to keep tabs on all of this stuff, and they are as follows:

*It is a known fact that the Cyberattacker is becoming extremely sophisticated and covert in the way that they launch their threat vectors.  As I have written about many times before, they are now taking their own sweet time studying their prey.  This also means scouring all of the Social Media sites that are being used by your employees, for both job related and personal uses.  It is from here that the Cyberattacker will start to build a profile of their victims, find out their weak spots, and dive right in from there.  This is something that you need to remind your employees of on an almost constant basis, and make the point is simple:  They need to be careful of what they post, because if your company is hit by a security breach, they could very well lose their jobs as a result.

*Unfortunately, ever since last January, the use of Social Media sites to fan the flames of racial extremism has become a reality.  Therefore, you really need to keep a very close eye on your company related Social Media sites to make sure that with what is being posted, this will not spark any controversy.  The last thing you would ever want to happen to your business.

Finally, INMO, be selective of the Social Media sites you use for company purposes.  You don’t have to use all of them to get your word out. For me, I just used Linked In, because it is a great platform for Cyber professionals.  Plus, it is very carefully monitored to make sure that only business-related content is posted, and nothing more than that.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...