It’s hard to a write blog post about responsible social media that does not also include tips for both individuals and companies – it's a personal and interconnected topic. While I’ve intended to write on this topic for some time, my recent inspiration comes from organizations asking me how they can better control security and brand image when employees are foolish with social media or make crazy kneejerk posts. I also had a family member ask me how her name got sucked into the Facebook - Cambridge Analytica debacle when she never downloaded that app.
After catching up on articles and various perspectives to date I don’t intend to be your Simon Cowell or Super Nanny, but I’m happy to share some candid thoughts and recommendations.
My perspective is influenced from working in the mobile industry, some time in the public sector and more recently helping companies navigate security awareness, social engineering threats and create effective social media policies.
While social media has become part of our everyday lives, many people still don’t realize that inappropriate comments can have a horrible impact on friends, family, colleagues and companies. What may seem appropriate to some, may be considered very inappropriate by others. At the same time, depending where you live you have individual rights to freedom of speech and freedom of expression. It's a tricky subject with lots of grey areas.
The most important thing is to understand what’s at stake, the risks and your options. Then, it’s up to each company and individual to determine what works for them, shaping their persona and culture and following the laws of the country where they are living.
The Company Perspective
Plain and simple - companies need to monitor social media traffic and usage to protect against growing cyber threats, malware and social engineering. They also need to protect their brand image and employee morale. Companies have the right to control what you access when working on their equipment and on their network. So don’t be surprised if you can’t access your favorite social media applications. They may be blocked to protect the company from malware and social engineering threats and to keep you focused on your job. Some companies are more liberal about this, stating that people are free to use social media on their lunch break and non-work hours. At the end of the day, what’s important is that a company has a formal social media policy so that the rules are clear and everyone is treated equally.
Companies may ask you about your social media habits and research your on-line personality. In most places they do not have the right to access your account or even request it. Most importantly an employee should not represent the company on social media without consent from an authorized manager. An employee should not post classified, internal and non-public information online. They should be careful about sharing information which is private about themselves (ex. salary, bonus, etc) or make negative comments or opinions about other employees, partners, customers, religions and political beliefs. Companies have the right to forbid or remove social media applications from company owned equipment (computers, laptops, mobile phones). In the case of “Bring Your Own Device” (BYOD) they have the right to set rules about security on your device if you agree to use your phone or laptop to access company applications.
Overall, companies should have a comprehensive program and policy for social media and then make sure it’s distributed, understood and followed.
Things to Consider When Creating a Responsible Social Media Program
- Understand individual privacy rights for employees, unions, special groups
- Collaborate with HR, Legal, IT and Security teams to create a holistic program
- Create and distribute a social media policy for the workforce
- Provide responsible social network training to all workers
- Monitor social media content about your company in particular from employees
- Monitor social media traffic on your network for potential threats and malware
Most of us enjoy or are even slightly addicted to our social media applications. They have many benefits such as sharing content and experiences with friends and family, tracking exercise and developing your industry network. As a best practice, I’ve always tried to keep my work contacts and social contacts separate. I try to keep friends and hobbies on Facebook, Instagram and Strava and use LinkedIn for work, my company and industry contacts. I created a separate account when using Facebook for business or non-profit use. While that strategy may not work for everyone and there is occasional overlap, its worked for me.
What’s important is to recognize that one way or another, people can learn a lot about you on-line without you being connected or “friends”. So, it's important to think about how you want to be perceived online and then “pause and think” before you post. Consider the work you do and the company you represent and how that persona could be impacted. For example, do I really need to see drunk photos of my child’s teacher, my doctor or my CEO? How do politicians, professional athletes or entertainers want to be perceived. While more recent political news has blown this notion out of the water, it’s up to all of us to be aware and decide who we want to be and who we choose to follow.
With the latest social media scandals in the news, threats to our personal information and emerging new regulations guarding our digital privacy, it's a good time to take a personal inventory of what information we are sharing, how it’s being shared and then determine what, if any changes, we want to make.
To my earlier point about the family member ending up on the Cambridge Analytica list, I would pay attention to how you are sharing not just your data, but the data of friends, family and your company. While many of us give up our data in order to get “free apps and services” we do have new controls over how and when our data is accessed.
Here are some quick places to start:
- Social media applications and service providers are updating their privacy policies, improving transparency and updating privacy controls. Take some time to review them and make adjustments. Ask for help if you need it.
- Be aware when you allow your applications to scan through your phone or app contacts. You might want to consider not using or disabling features such as “Automatically upload new and updated contacts” from mobile apps such as Facebook especially on a work device or using your personal phone for work (BYOD).
- While there are benefits to using social media applications to log into other websites and applications, there are also drawbacks. I won’t get into the technical specifics, but if your account and credentials are hacked then you may be giving away the keys to the car, the house and everything you’ve connected to. If you wish to simplify logins then use a trusted software provider and multi-factor authentication. This may involve a biometric or a confirmation app or code sent to you over text, email, voice call.
- When downloading social media apps and apps that reside on those platforms take a quick moment to research them first. See what people are saying online and if there have been major complaints or hacks. While this is not foolproof it can help reduce the risk of having your account and friend’s data compromised.
In the end we need to establish our own personal social media policy. We should think about how we want to present ourselves on-line and how our actions can impact our family, friends and workplace. When interviewing for jobs, you should ask to see the employer’s policy to see if you are comfortable with it before accepting an offer. At work, make sure to read the social networking policy and ask your HR department or manager if you have questions. If your organization does not have a social media policy then use common sense.
Lastly, “pause and think before you download and post”.
Some Good Resources:
Here at Potentia Concepts, we provide digital privacy tools and security awareness education services to global organizations to help them meet regulatory compliance, mitigate risk and protect their brand and stakeholders from digital threats.
Adam Hoey is CEO and Founder of Potentia Concepts based in Amsterdam and Washington DC
He can be reached at email@example.com or https://www.linkedin.com/in/adamhoey/