For employers who allow or encourage employees to access social media while at work, the benefits are clear: employees are more apt to engage in wellness programs and stay informed about employee benefits, more likely to provide feedback. These employees also often feel as though they are part of a community and involved in your organization’s corporate culture.
While the advantages of allowing access to social media sites outweigh the potential hazards for most organizations, social media use does pose a number of security risks to your company.
Read on for a list of the most common risks associated with social media use and how to avoid compromising your organization’s security.
Mobile Applications
Risk: As the prevalence of smartphones increases, the number of people who access social media on their mobile devices is expected to grow. This brings unique challenges to organizations that issue company phones or allow employee phones to connect to their wireless networks.
Mobile devices are susceptible to attacks from malicious downloaded applications (apps) and if the phone has access to your network, your company’s security could be at risk.
How to prevent it: Instituting a policy that bans employees from downloading any third-party apps on company phones may lower your exposure, but may also negate most of the advantage of supplying your employees with smartphones. Alternatively, you could provide a list of pre-approved apps that employees are allowed to download to their employer-supplied smartphones and to approve more upon request.
You may also wish to implement a policy that prohibits employees from accessing your company’s wireless network with their personal smartphone, as it could cause a breach in security. Another option is to create a separate wireless network that is intended specifically for employee smartphone use. This will allow employees to use their smartphones as they desire without placing your organization’s other networks at risk.
Social Engineering
Risk: Email has long been a favored medium for scam artists to steal a person’s identity or money. Now many of these con artists are setting up false social media accounts and targeting individuals they think will give them the personal or corporate information required to exploit the individual or employer.
New research suggests that individuals are far more likely to trust a person that contacts them via a social networking site rather than email. This poses a threat to many organizations as there have been incidents where employees are tricked into offering up propriety information, trade secrets or access to company networks.
How to prevent it: Employee education is key to thwarting any social engineering attempt. Do not assume that all employees know better than to give up the username or password to their account until the requestor provides sufficient credentials. Offer in-depth IT training and keep employees informed of the latest scams and phishing attempts.
Social Networking Sites
Risk: While social networking sites such as Facebook, Twitter, and LinkedIn are all secure sites, any third-party content contained on those sites has the potential to contain malicious software. Every link, application or advertisement could breach your security if accessed on a computer connected to your organization’s network.
Due to link-shortening services, which are especially popular on Twitter, it is not always clear where a link is taking you. These condensed links can direct employees to malicious Internet sites that extract personal and corporate data.
How to prevent it: Employee education is again the best defense against these types of attacks. During IT training, be sure to teach employees not to use applications, such as games, on any social media site or to click on advertisements while on a work computer.
Also consider introducing your employees to a URL decoder that can expand shortened links. This will allow them to see where the link will take them prior to clicking on it.
Other Preventative Steps
Here are a few other tips to prevent a breach of security:
- If you don’t have one already, develop a social media policy.
- Tell employees to utilize the security functions of social networking sites to their fullest extent. This may prevent their accounts from getting hacked and protect the organization by extension.
- Protecting your office’s digital security is a priority, but make sure this protection extends to those employees outside the office. Those working from home need to be informed about digital threats and to take similar steps to protect their network.
