Originally published in volume 6 of the ISACA newsletter
Social media are now being utilized in the workplace for legitimate reasons. For example, 93% of business-to-business marketers use social media for business purposes. A report by SilkRoad Technologies found that 75% of US employees access social media sites at least once per day at work.
Using any Internet connected platform, especially one that hosts and transacts personal data, brings with it certain challenges in the privacy and security areas.
Social media platforms work because of the sharing of data. They act as a conduit to host, display, communicate and transact data. These data, by the very nature of social media, are most often personal. The privacy implications of this free-flowing data are massive; in fact, it can be argued that we have never before, in human history, had to deal with such an impact on our privacy and our security.
The following tips can help protect your business, your employees, and, ultimately, your customers and clients.
Training on security and privacy risk is one of the best ways to prevent disclosure of sensitive or private information. Spear phishing emails, for example, are very sophisticated and have an open rate of 70%. Making users aware of the threat may help mitigate it. Similarly, having an understanding of the types of privacy and security choices available when using social media is helpful in reducing the risk of exposed data.
Social media sites are improving their choice of policy and security settings. Companies such as Facebook, that have been cited in the past for having lax privacy policies, have complicated and often obfuscated policy settings. Making employees and community managers aware of the limitations of those policies and what is and is not appropriate to share is vital in terms of security and privacy training.
Security and privacy policies can really help in the fight against cybercrime. Policies give good guidance to employees and cover the whole area of securing an organization when using social media. For example, access control policies can prevent company social media accounts from being compromised if they stipulate that if a second-factor login method is offered by the platform, it must be used. Further policies around data compliance can also prevent the leakage of private and sensitive data via a social media platform.
Having procedures in place to address disasters will ensure that if the worst does happen, e.g., a company account is hacked or personal or company data are leaked, the event can be handled and the impacts minimized. An employee agreement on the types of company information they can disclose on personal social media accounts should be put in place.
There are a number of technologies and technological practices that can help prevent or mitigate cybersecurity and privacy threats. These include simple preventive measures such as ensuring that browsers and other applications are patched. You should also utilize more holistic technology, such as data loss prevention (DLP) platforms, which can monitor, alert and prevent the leakage of data by blocking the sensitive data from being posted online. New systems such as behavioral analysis can also help in the fight against cybercrime that begins with social media interaction.
Social media have brought new and innovative ways of communicating about businesses and products. With this innovation has come new ways of compromising privacy and security. We need to make sure that we, as employees and business owners, can use the power of social media to communicate our message, but in a way that does not put us at risk. We can do this by using these 5 techniques, which give us a way to truly embrace the wonders of social media without the downsides.