Social media is an increasingly important tool for business. According to Pew Research, 58 percent of adults use Facebook and many use the site during work hours. This increase in social media adoption increases business risk and it’s imperative for organizations to ensure that no confidential data or critical information is distributed via these channels, inadvertently or otherwise. Social media opens the door to creative marketing campaigns, networking opportunities and provides a platform for customer and partner engagement that produces extensive benefits. However, to successfully embrace these benefits without the risks, HR and IT must work together to ensure that both employees and company data stay secure.
Social media risks – According to ISACA, the second highest risk of social media is when employees use their personal accounts to inadvertently distribute work-related information. An example would be posting confidential information by accidentally using the wrong account from their phone. BYOD and social media have many obvious risks which need to be carefully considered. However there are other more subtle, yet equally dangerous risks with information-born threats where critical information is unknowingly hidden within document metadata and embedded active content. These types of data must be sanitized from documents before being safely shared on social media sites.
Mitigating risks associated with social media – HR can create policies around social media as part of acceptable usage and provide training on what information can and can’t be disclosed. This is essential for employees to safely use these sites for both business and personal purposes, but HR can’t do this alone. It’s crucial for HR and IT to work together to provide staff with the appropriate knowledge on the risks and on the privacy settings on social media sites. HR with IT can also educate on other topics, such as the risks of phishing that come in the form of embedded links in Facebook posts or tweets, it’s not just email! Regular policy updates are needed to keep up with the evolution of threats and regular training for employees on these changes must be conducted, as well as enforcing consequences for inappropriate use.
Technology: The backup plan – Training and policies can only go so far. Organizations must also use technology to enforce policy and prevent any data loss that could occur despite the best efforts of employees. Technology provides the last line of defense, removing hidden metadata and any other critical information which would break policy.
Traditional data loss products “stop and block” communication, creating more work for IT and employees, often resulting in their being switched off. Next-generation products provide adaptive solutions that do not hinder workflow, enabling secure continuous communication and collaboration.
The moral of the story – Organizations that have taken the route of banning social tools have found employees will go behind IT’s back to access these tools, putting the organization at greater risk. By providing appropriate polices, education and reinforcing with the right technology, organizations can allow their employees to take advantage of social media without putting their business at risk. The key to this one-two punch, is the collaboration between HR and IT.
Organizations can set themselves up for success by training employees to understand the risks and consequences of social media and how to safely use them, with the knowledge that technology in the background will prevent stupid mistakes or malicious activity, resulting in happier employees and safer practices.
Guy Bunker is senior vice president of products at Clearswift.