Your employee's online life could open your business to some serious dangers.
Many small businesses recognize the benefits of having a social media presence for customer service and long-term marketing purposes. However, many are slow to recognize social media's security issues and how employees' own social presence can add to the company's security issues.
Some companies restrict internal access. Others may prevent employees from having any corporate association outside of work on their own social platforms. This is due to the fact that whatever an employee says outside of work publicly can have a significant impact on the organization.
Last year I presented a robbery response program to a credit union. My presentation came after a mock robbery was staged, using real cops acting as masked robbers with guns. The robbers came in, guns blazing and screaming profanities, and, quite frankly, were very disturbing in their delivery. Some tellers cried, others cowered. Pregnant women were not allowed to participate and for good reason: Cops make great robbers!
At the end of the robbery, we all circled and discussed what happened. The teller who received the robbery note read it aloud, stating: "Your husband works at the Main Street Garage. We intercepted him when he was opening this morning. He is in a trunk at an undisclosed location. If you hit the silent alarm and the police come, we will kill him."
Turns out the robbers scanned the teller's social media sites based on searching the name of the bank as employer. Once done, they looked up her spouse's place of employment. They were able to learn what time he opened and closed the shop. Scary.
Follow these social media security tips for small business to prevent security issues just as scary:
Institute a policy. Social media policies must be in place to regulate employee access and establish guidelines for appropriate behavior. Policies must specifically state what can and cannot be said, referring to slang, abusive language, etc. Employers should train their employees on proper use, as well. At this point, many of the mistakes have already been made; a quick search for "social media policy" will return lots of great ideas.
Consider a no-employment disclosure. Request employees leave their employment status blank when setting up a social site profile. Employees represent their employer 24/7/365, so what an employee says on or off the job and online directly reflects on his or her employer and, as stated in my credit union story, can be used against the organization.
Limit access to social networks. There are numerous social networks serving different uses, from wine and recreation to music to movies, used for everything from friending to finding a job. Some are more or less appropriate, and others are less than secure. Employee association with a social network that is considered off-color in any way will come back and haunt the company.
Train IT personnel. Policies and procedures begin from the top down. Managers and IT personnel responsible for managing technology need to be fully up to speed with social media security risks and set leadership examples.
Maintain ongoing monitoring and security. Once a policy is in place, it needs to be updated and enforced, and employees' online lives must constantly be scrutinized. Invest in consulting, hardware, software and anti-virus protection, and update critical security patches for your operating system to make sure your business network is up to date.
Lock down social settings. Require employees to learn about and incorporate maximum privacy settings. Most social networks have privacy settings that need to be administered to the highest level. Default settings generally leave the networks wide open for attack.
Don't completely eliminate social media. Eliminating access to social media opens an organization up to other business security issues. Employees who want access will get it--and when this happens, they sometimes go around firewalls, making the network vulnerable.
How do you ensure social media security in your business? Share your experiences in the comments.
Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock'em dead in this identity theft prevention video.