Social media is a double-edged sword. On the one hand, it can be a great way for businesses to promote their brand and build customer loyalty. On the other hand, it exposes corporate networks to cyber security risks, especially when users don't use strong passwords.
Social media isn’t new but it’s new enough that many users still don’t recognize a social media scam when they see it. By now, most of us know not to click on a link in an email from an unrecognized sender, but not everyone is aware they have to be just as careful about what they click on in their Facebook newsfeed.
So while it may seem harmless enough to let your employees browse Facebook periodically throughout the day (everyone needs a break now and then), you may want to revisit your thinking on this because you could be exposing your business to potential harm.
Social networking malware is a real problem. Hackers have found very clever ways to get people to click on links that appear harmless enough when in actuality they cause malware to be installed on the device.
In fact, there’s a new term for social networking malware: “socware” (pronounced “sock-where”). It refers to malware distributed via social networks and includes scams such as “like farming.”
What’s “like farming” you say? You know those annoying posts that show up in your Facebook newsfeed after a friend likes it? The ones that say “Like if you hate cheaters” posts? That’s “like farming.” Whoever created that page is only interested in getting as many likes as possible (we’re talking hundreds of thousands) so they can then sell that page to a business looking for a shortcut to lots of Facebook likes.
Even though like farming doesn’t pose a security threat to your business per se, you still don’t want your employees clicking on anything they see on Facebook just because their friends are clicking on it. One time it may be spam, another time it may be malware.
Which brings us to the main question:
Does your company have a social media policy?
There are a number of reasons why your company should have a social media policy, mainly:
- It clearly communicates what is and what is not acceptable as far as social media use during work hours and on company-owned devices is concerned
- It’s a chance to educate employees on safe social networking practices
- It’s an opportunity to explain to employees why the rules exist, i.e. not to ruin their fun but to protect the company from online threats, and
- It’s necessary to protect the company from misuse of social media by employees in ways that jeopardize the company’s reputation or otherwise negatively affect its operations such as posting sensitive or damaging company info, making comments or posting pictures that violate people’s privacy, etc.
Unfortunately, it’s harder than you’d think to write a social media policy that will stand up in court. The National Labor Relations Board recently issued a memo in which they evaluated seven social media policies – and only one passed muster.
So before implementing a social media policy at your company, do your research and make sure the end-product is reviewed by legal counsel.
About the Author: Editor of IT Manager Daily, published by Progressive Business Publications, Megan Berry writes about technology’s impact on business.