Social-media use can provide benefits to a small business. Yet, use of social media by employees can compromise the company’s security. Many company leaders and business owners don’t know this.
Not too long ago I spoke to employees at a credit union about how to respond to a robbery. Prior to my presentation, a staged robbery had occurred, with real police officers posing as the bad guys and wielding guns. The “robbers” barged in, hollering obscenities, brandishing the guns. They did a great mock job: Some of the bank tellers even cried.
When the “crime” concluded, everyone discussed it. This scenario even included a teller being handed the following note that she read aloud: “Your husband works at the Main Street Garage. We intercepted him when he was opening this morning. He is in a trunk at an undisclosed location. If you hit the silent alarm and the police come, we will kill him.”
How did the “robbers” know where her husband worked? They searched online for the name of the bank. This led to them to the teller’s social-media posts. Then they looked up the husband’s workplace. They even found out the times he opened and closed his business.
See how easy it is to scare the daylights out of a victim with a simple note and prompt the person to comply?
Here are some security tips for social-media use and general online use for a company’s employees:
1. Avoid employment disclosure.
Advise employees to not post any information about their job on social media. Though you can’t stop people from posting their employer on their Facebook page, some employees will happily follow this instruction to keep their business information separate from social media. Explain how it could be used maliciously.
Employees should be educated about how associating the company with their personal account on a slightly questionable social network could backfire and hurt the company — and cause a ripple effect and hurt the employee.
2. Teach employees to manage their privacy settings.
Staffers’ social-media accounts should be set up for their maximum protection. They should not rely on the default settings, which might let their social-media accounts be subject to cyber attacks. Inform employees that the highest privacy settings are not enough to provide complete protection but are far better than the default or lower settings.
3. Implement a workplace social-media policy.
Set up a workplace policy for the company’s social media accounts with rules about the following: What can be said? What’s prohibited (slang words, racist remarks)?
4. Don’t ban social media use in the office.
If you ban social media at work, there will always be someone who will ignore this directive and figure out a way to get around the firewall. Once they do something like this, the network will become more vulnerable.
5. Train the IT specialists.
The company’s technical staffers are in the trenches, along with managers. They devise and manage the technology for combatting online-security issues at your workplace. The IT and management teams must be kept informed about social-media security risks.
In additional, the internal policy for employees’ online use must be continually updated, revised and enforced. What employees do online requires ongoing surveillance. Their use of company equipment to access certain websites could be restricted. To accomplish this, a business must invest in antivirus protection, consulting, software and hardware. Finally make sure computer operating systems are always kept up-to-date.