Whether it’s to build a reputation, increase a loyal customer base, or solicit feedback, there are multiple reasons that it’s a smart move for a company to stake out a social media presence. Yet with the opportunity for huge rewards comes a certain amount of security risk – opening up your company to the online social world is full of potential minefields, including some far more serious than an errant tweet or a misspelled Facebook post. Companies need to be aware that logging in to various social networks can provide openings for hackers and other cyber criminals, especially if their own employees aren’t conscious of their own risky behavior.
Ultimately, the positives outweigh the negatives when it comes to making your business social, but there are safeguards you can take, and best practices you should inform your staff of when you start a company account. Here are five common security risks you should avoid when using social media for corporate – and how you can make sure you’re promoting your brand safely.
1. Not Having a Social Media Policy
Before you even send out your company’s first tweet, your first step should be to draft a corporate policy that governs which social media channels you’ll be targeting, how they should be used, and what the end goal is. By creating a firm structure that outlines how the company expects social media to be used, there’s a lower chance that employees will make mistakes. Plus, it’s something multiple departments can have a say in – since social media will affect many of the teams within your company differently, and they’ll each have their own ideas on how to use it. The goal of your social media policy should be to unite all departments in the same social media strategy, one that matches your overall business strategy.
The point is not to scare employees away from corporate social media, but rather to make sure they remain educated and aware of the situations that can lead to cybersecurity risks. This includes making them knowledgeable in typical cybersecurity protocol – such as not clicking on unfamiliar links, keeping an eye out for phishing emails, and logging out of company accounts once their work is complete. Having a social media policy in place that educates your staff against these tactics is the key to preventing cybercrime before it starts.
2. Giving Everyone Access
You wouldn’t give all of your coworkers the keys to your house; likewise, you shouldn’t hand out the corporate social media passwords to every single one of your company’s employees. Limit the number of employees who get access to your corporate social media accounts to a small group of trusted individuals. Ideally, these select few employees are the ones who have been fully briefed on best practices and policies for engaging from the corporate accounts.
Just as your computer prompts you to change your password regularly, it’s also a smart idea to switch up your social media passwords now and then. Create a master password list to keep track of the logins for the corporate accounts. Just be careful that the file name of that list isn’t something too obvious – avoid the words “logins” and “passwords,” and pick a file name that will be a little more confusing for potential hackers.
3. Ignoring Customization Options
While it’s easy enough to register your company on Twitter or Facebook, many employees don’t take the time to do a deep dive through the customization options that these platforms provide – especially when it comes to security. The default settings on some social platforms are less-than-secure, allowing for potential unwanted monitoring of your company’s account. Always research and read through all of the security features available for a social platform, and adjust the settings to keep your business safe.
4. Skimping on IT
Every workplace ought to have a dedicated IT manager, but some businesses don’t put enough resources and budget towards the IT department. This mistake can end up costing a company more money down the line if social media misuse causes a breach of security protocol. The best course of action is to direct dedicated resources towards the IT department and ensure that they have the ability to install security patches – as well as informing employees of the latest risks in social media.
Some social networks can be a hornet’s nest of cybersecurity issues without expert security in place. For instance, hackers can leverage the popularity of shortened URLs on Twitter to disguise links to malicious sites, tricking unknowing users into clicking on a link that may infiltrate the information stored on a work computer. If you’re bringing social into the workplace, having a smart IT department is a necessity.
5. Not Regularly Assessing the Channels
Keep in mind that security isn’t just about ensuring that your company doesn’t write inappropriate content – what your employees post can also lead back to cybercrime. As cybersecurity expert, Joseph Steinberg said, “It is a lot easier to breach human version 1.0 than firewall version 30.0.” What he means is that many hackers and cybercriminals spend time digging through the personal social media accounts of employees to find overshared information that they can leverage against a company.
It’s worth doing a little digging yourself to conduct an overview of what’s being openly shared online about your company, and relating that back to any suspicious emails that might appear. You can go even deeper by using a third-party intelligence program that performs a comprehensive analysis of your social media networks to find vulnerabilities that your employees may be missing. Even with a strong social media policy, it’s still possible for human error to divulge information that shouldn’t be made public.
Create a Plan of Action
To thrive as a business in our fast-moving world, a social media presence is a must-have. Rather than being scared away by the possibility of hacks and data breaches, take heart in the fact that crafting a good social media policy – and designating a select few employees as gatekeepers – will go far in helping to mitigate risk. Add in a strong IT department and a social media assessment service, and you can stay confident that your business is as protected as possible when it comes to social media.
Does your workplace have a social media policy? What are some of the most important items?