Enterprises need to take precautions to make sure employees practice safe social media
This is my last post in 2011. I wish you all a Merry Xmas and a Happy New 2012 year.
Social media platforms such as Twitter, Facebook, LinkedIn and now Google+ increasingly are being used by enterprises to engage with customers, build their brands and communicate information to the rest of the world.
But social media for enterprises isn’t all about “liking,” “friending,” “up-voting” or “digging.” For organizations, there are real risks to using social media, ranging from damaging the brand to exposing proprietary information to inviting lawsuits.
Here are five of the biggest social media security threats:
5. Mobile apps
The rise of social media is inextricably linked with the revolution in mobile computing, which has spawned a huge industry in mobile application development. Naturally, whether using their own or company-issued mobile devices, employees typically download dozens of apps because, well, because they can.
But sometimes they download more than they bargained for. From Lookout mobile security vendor’s latest security report said that in the first half of 2011, more than one million users were hit by Android malware infection through dowloaded applications carrying malicious software. Some of the malware was designed to reveal the user’s private information to a third party, replicate itself on other devices, destroy user data or even impersonate the device owner.
More over, a tremendous breach in privacy and almost tantamount to data theft, perpetrated by mobile carriers against their customers. This revelation came from security researcher Trevor Eckhart concerning a software package called Carrier IQ, which seems to be embedded in at least some phones on major U.S. carriers.
4. Social engineering
A favorite of smooth-talking scammers everywhere, social engineering has been around since before computer networks. But the rise of the Internet made it easier for grifters and flim-flam artists to find potential victims who may have a soft spot in their hearts for Nigerian royalty.
Social media has taken this threat to a new level for two reasons:
1) People are more willing than ever to share personal information about themselves online via Facebook, Twitter, Foursquare and Myspace, and
2) social media platforms encourage a dangerous level of assumed trust. From there it’s a short step to telling your new friend about your company’s secret project. Which your new friend really might be able to help with if you would only give him a password to gain access to a protected file on your corporate network. Just this once.
3. Social networking sites
Sometimes hackers go right to the source, injecting malicious code into a social networking site, including inside advertisements and via third-party apps. On Twitter, just to name it, shortened URLs (popular due to the 140-character tweet limit) can be used to trick users into visiting malicious sites that can extract personal (and corporate) information if accessed through a work computer. Twitter is especially vulnerable to this method because it’s easy to retweet a post so that it eventually could be seen by hundreds of thousands of people.
2. Your employees
You knew this was coming, but even the most responsible employees have lapses in judgment, make mistakes or behave emotionally. Nobody’s perfect all of the time.
But dealing with an indiscreet comment in the office is one thing; if the comment is made on a work-related social media account, then it’s out there, and it can’t be retrieved. Just ask Ketchum PR Vice President James Andrews, who two years ago fired off an infamous tweet trashing the city of Memphis, hometown of a little Ketchum client called FedEx, the day before he was to make a presentation to more than 150 FedEx employees (on digital media, no less!).
The tweet was discovered by Fedex employees, who emailed angry missives to Ketchum headquarters protesting the slight and wondering why FedEx was spending money on a snooty New York PR firm while employees were dealing with a 5% salary cut during a severe recession. Andrews had to make a very public and humiliating apology.
Remember, this wasn’t some low-level employee not tuned into the corporate mission. This was a high-level communications executive who damaged his company’s brand and endangered an account. Imagine what a disgruntled low-level employee without as much invested in his job might be able to do with social media tools and a chip on his shoulder.
1. Lack of a social media policy
This one’s totally on you. Without a social media policy for your enterprise, you are inviting disaster. You can’t just turn employees loose on social networking platforms and urge them to “represent.” You need to spell out the goals and parameters of your enterprise’s social media initiative. Otherwise you’ll get exactly what you’re inviting – chaos and problems.
Who is allowed to use social media on behalf of the organization and what they’re allowed to say are the two most obvious questions that must be addressed in a social media policy. You need to make all this clear or employees will make decisions on their own, on the fly. Does that sound like a good thing?
Two more imperatives related to social media policy:
1) Organizations must conduct proper training for employees, if only to clear up issues regarding official social media policies, and
2) A social media initiative needs a coordinator and champion. And that means a social media manager.
By Nerney a freelance writer who covers technology, social media and fitness. He writes the Tech Business Today blog for ITworld.
Read more about security in Network World’s Security section
- Top 5 Social Media Security Threats (pcworld.com)
- 5 top social media security threats (infoworld.com)
- What Every Social Media Marketer Should Know About Taraci Social Media Mgr (socialtimes.com)
- How should financial brands use social media? (econsultancy.com)
- Static Media Announces Free Social Media Marketing to New Clients (prweb.com)
- Pink Elephant Adds Social Media Course to Education Portfolio (prweb.com)