A previous article explained that while social media has transformed the way companies promote their products and services, it also makes them a target for Cyberattackers. This article explains what a social media policy is—and why it is your best defense against Cyberattacks and other threats.
What Is a social media policy?
A social media policy can be defined specifically as follows:
“The goal of a social media policy is to set expectations for appropriate behavior and ensure that an employee’s posts will not expose the company to legal problems or public embarrassment. Such policies include directives for when an employee should identify himself as a representative of the company on a social networking website, as well as rules for what types of information can be shared. Almost all social media policies include restrictions on disclosing confidential or proprietary business secrets or anything that could influence stock prices.” (Source 1)
Breaking down this definition, a social media policy serves three broad purposes:
- It sets out expectations of what both management and employees can and cannot post on social media sites as it relates to corporate matters.
- It clearly states how a manager, or an employee should identify their titles and position within a company without revealing any confidential information.
- It stipulates the consequences if an employee or even a manager posts confidential and/or proprietary information and data about their organization, whether they do so knowingly or not.
Thus, having this kind of policy in place is very crucial, especially given the fact that social media sites are so heavily used for marketing persons and can go “viral” almost instantaneously. The rest of this whitepaper will examine the importance and benefits of having a social media policy, the crucial components that must go into it, and examples that even you can use for your own business.
The importance and benefits of a social media policy in your business
In a theoretical sense, just about any individual can create as many social media accounts as they want, for free. Also, there is really no limitation on the type of content that can be posted, whether in the form of writing, video, audio, or pictures. But when it comes to the workplace, obviously many more restrictions need to be put into place, especially from the standpoint of Cybersecurity.
The following are some key reasons why having a social media policy that is enforced daily is a must for Corporate America today:
- You need to let your employees know what is and is not deemed acceptable in the workplace. Employees access their social media sites on an almost daily basis, whether it is for work or personal purposes. Obviously, you have no control as to what they can post on their own social media accounts, but when it comes to work-related matters, you almost have complete control. In fact, according to a recent survey, almost 80% of employees in Corporate America access some kind of social media platform during work hours. (Source 2)
In this regard, it needs to be very carefully spelled out in great detail as to the type of content that can be posted. For example, any negative comments or connotations about the company cannot be posted. What would be acceptable is talking about new products and services, customer testimonials, content that discusses the trends that are occurring in your industry, as long as they do not give or even indirectly refer to any kind or type of confidential information/data.
- It will protect the brand and reputation of your company. By having a solid social media policy in place, you can stipulate how and when an employee can access their social media sites. For example, perhaps employees should be only allowed to access their personal websites only during their lunch or break hours, or after work. But they cannot use company issued devices to access them, they must use their own personal device to do this. However, during the work hours, they should be able to access company related social media sites, if this is part of their daily job function. But they should only use company issued devices to do this. To help keep track of all of this, the IT Department can very easily deploy approved and authorized Key Logging software to see if employees are abiding by these rules. It is important to keep in mind that any slip ups can easily tarnish the company brand or reputation in just a matter of minutes and trying to recover from that can literally take months to accomplish.
- It can actually elevate your reputation in the marketplace. When you implement an airtight social media policy, and all employees are aware of what can and cannot be posted, this can actually help you to increase the awareness of your products and services to prospects. This can also lead to meaningful conversations being carried out on the chat platforms, and this in turn can ultimately drive revenue and help you to achieve a greater Return On Investment (ROI) on your marketing efforts. The use of social media sites for marketing and advertising to connect with customers is only going to proliferate to much greater levels in the future. For example, at the present time, it is estimated that some 47% of American workers use some kind of social media platform to have a dialogue with a prospect or customer.
- It will help to mitigate the probability of a Cyberattack. Those individuals that make up the security team in the IT Department have enough to do as it is with trying to combat the daily threats that are occurring, trying to filter through thousands of false positive alerts and warnings, and trying to analyze intelligence feeds to predict the future threat landscape. The last thing that they need to be worried about is trying to thwart off a new threat vector that got through because of an improperly used social media Site. By constantly reminding employees of the importance of maintaining good levels of “social media hygiene” and the consequences for not doing so, this should help reduce the probability of a Cyberattack being launched through an employer owned social media site, as well as Personal Identifiable Information (PII) from being stolen.
- It will protect the company from potential lawsuits. By detailing exactly what can and cannot be posted on a company social media site will actually prevent you from being financially responsible in a legal filing. For example, if an employee files a lawsuit stating that they were being improperly treated regarding social media usage during work hours, and if you can prove to a court of law that the employee was continually reminded of what was permissible to post, the chances are much greater that the lawsuit will be thrown out. Also, in today’s Cybersecurity world, many of the entities in Corporate America are now starting to realize the importance of having a Cybersecurity Insurance Policy in case they are hit with a security breach. When you file a claim, your insurance company will carefully scrutinize every aspect of your security operations, especially when it comes to social media usage. By proving that you have an airtight policy, this will also enhance the probability of getting a 100% payout on the claim that was filed.
Next up: Ready to create a social media policy for your business? The next article in this series will walk you through the components of a social media policy and explain how to tailor it to the unique needs of your business.
Sources
- https://www.business2community.com/cybersecurity/7-social-media-security-issues-business-faces-02024378
- https://www.smperth.com/news/social-media-and-cyber-security-risks-in-2019/
Ravi Das is a Cybersecurity Consultant and Business Development Specialist. He also does Cybersecurity Consulting through his private practice, RaviDas Tech, Inc. He also possesses the Certified in Cybersecurity (CC) cert from the ISC2.
Visit his website at mltechnologies.io