From Facebook to LinkedIn — and all chat venues in between — social media is both good news and bad news for businesses. Many companies take advantage of the low-to-no cost method of promoting their business, but social media also presents an opportunity for large-scale data breaches.
During the course of a seemingly harmless IM chat an employee can instigate a data breach through a file transfer or other means of inadvertently leaking personally identifiable, health, or other sensitive information. A business social networking site can also pose a monumental threat to businesses through phishing attacks disguised as invitations. Although they look legitimate, the messages actually take the targeted victims to a third-party website in an attempt to download malware onto their computers.
A well-crafted social media policy with clear guidelines addressing these and other risks can substantially reduce the number of data breach incidents related to social media use. An all-inclusive social media policy can also help prevent diminished customer trust, lost revenue resulting from a data breach, and the subsequent costs of resolving a data breach.
Although some companies cover social media use in a confidentiality agreement or in an employee handbook, creating a separate detailed social media policy will more effectively reduce the potential for misuse. Your company’s legal or compliance team will have insight on how to customize a best practices policy for your particular business. Also include employees, such as those most active in social media, who will be internal advocates for the policy.
Vital components of an effective social media policy include:
- Strict guidelines for disclosures.
- Content filtering to restrict or limit access to social media websites.
- Procedures ensuring that anti-virus and anti-malware controls are updated daily.
- Standardized training to inform employees of the risks associated with social media use.
- A wireless data policy for mobile device use of social media.
- Corrective actions resulting from noncompliance.
- Policy review schedule to ensure that the policy is revised to reflect new social network or technology developments.
By taking a proactive stance regarding employee use of social media your business will remain a positive presence both online and offline.