So far, this series has explained how a the use of social of media makes a business vulnerable to Cyberattackers but how a social media policy can protect it from Cyberattacks and other threats. This article will outline the core components that should be part of any social media policy—and how to tailor the policy to your business.

Key components of a corporate social media policy

Just like a corporate Security Policy, creating a social media policy is often subjective, as a lot of it depends upon how your business uses the various social media platforms that are available. Therefore, much of the policy will depend on the nature and frequency of content that is posted, if you allow for interactions between employees and prospects/customers, who will have access to it, and the privacy setting thresholds that apply.

The following components are considered integral to any social media policy:

  • All employees must acknowledge that they have been educated about the use of company and personal Social media sites during work hours, and this is done by having them sign an official document attesting to this fact.
  • When posting any kind of content, all employees must follow the organization’s strict rules of conduct when it comes to online behavior.
  • Under no circumstances will any employee reveal any confidential information or data about any customer, or any company trade secrets, whether knowingly or not. The consequences for violating this policy could include up to an immediate termination.
  • Before any employee can post content on a company-owned social media site, they must first get approval from their immediate manager. If this is not strictly followed, then the employee will be held personally liable for any negative consequences that result.
  • Employees can access their personal social media sites on company property only when they are “off the clock,” such as during their lunch hour or designated break times. Access to personal sites can only be gained by using their own device, and not through company issued computers or Smartphones.
  • Employees should not expect any privacy rights whatsoever when they are accessing and posting to social media sites, whether it is a company or personal account, during work hours.
  • Any form of interaction or communication an employee engages in with a prospective or existing customer is the sole property of the company.
  • Accessing a company-owned social media platform is only permissible through company-owned devices issued to the employees. Under no circumstances should a company-owned social media platform be accessed through a personal device. For that matter, access to company-owned social media sites can only take place while the employee is on the physical premises of the company, or through the remote access policies that have been set forth in the Security Policies. Under no circumstances should company-owned social media sites be accessed through public and unencrypted Wi-Fi hotspots.
  • It is important to keep in mind that social media platforms do not refer only to the specific brand names of Twitter, Facebook, LinkedIn, You Tube, Instagram, Pinterest, etc. This also extends to other areas where company-related content is posted and available for public viewing that is external to the company. This even includes company blog sites, podcasting sites, online forums (and other related discussion boards, etc.). The same social media policies apply to these non-branded sites and platforms.
  • Whenever an employee posts any type of content to branded or non-branded social media platforms, he or she must include a disclaimer that the views posted are strictly their own, and do not necessarily reflect the organization’s views.
  • All social media platform rules and regulations also apply when posting content in dealings with external third parties that are affiliated with the company. Examples of third parties can include suppliers, distributors, transport entities, and other outsourced entities.
  • Under no circumstances will access to social media platforms, whether for business or personal use, interfere with the daily job functions that employees are expected to perform.
  • Employees must have permission to post any company-copyrighted material to the company’s branded and non-branded social media platforms. If there is any doubt about this, the employee must present and defer the matter to their immediate manager, who will get feedback from the company legal team before proceeding further.
  • If an employee has witnessed another employee violating any terms or conditions of the social media policy, that employee must report it to their immediate manager as well as the Human Resources Department.
  • All employees posting content on company-branded and non-branded social media platforms must, under all circumstances, exercise good judgment so that no local, state, and federal laws are violated.

Tailoring a social media policy to your business

It is also important to keep in mind that other key areas of an effective social media policy must be addressed, but these depend on your company’s requirements and resources. Here are some factors to consider:

  • Decide who will speak on behalf of, and post content about, company-related matters.
  • Implement an action plan in case a piece of content that has been posted on a social media platform causes grave conflict, such as misunderstood communications between employees and prospects/customers.
  • A strategic plan for responding to and resolving any legal action filed against the company in response to a social media platform posting.
  • Have a crisis plan ready. For example, if somebody posts something about an employee’s action during off-work hours, who will handle this?
  • Who will be responsible for reviewing the social media policy as it relates to federal labor laws?
  • Which employees will be granted exclusive access to the company-owned social media platforms, and which employees can create new social media accounts?
  • Which company department will be responsible and accountable for making sure that the social media policy is enforced and updated on a regular basis?

Consider examples of established social media policies

One of the best ways to develop a social media policy is to look at how other businesses have created theirs. Here are some examples of social media policies implemented by Fortune 500 companies:

  • For Yahoo, click here.
  • For Coca Cola, click here.
  • For General Motors, click here.

Finally, after you develop your social media policy, it is wise to have your in-house legal team review it before you implement it. Remember, not only do you have to protect your company’s rights, but your employees also have rights to be protected.

Join the conversation.

Keesing Technologies

Keesing Platform forms part of Keesing Technologies
The global market leader in banknote and ID document verification

+ posts

Ravi Das is a Cybersecurity Consultant and Business Development Specialist. He also does Cybersecurity Consulting through his private practice, RaviDas Tech, Inc. He also possesses the Certified in Cybersecurity (CC) cert from the ISC2.
Visit his website at mltechnologies.io

Previous articleSwiss Passport Gets a Fresh Design, Modern Security Features
Next articleIN Groupe Unveils Seychelles’ New Biometric Passport