The plain truth of the matter is that social media is absolutely necessary in this day and age. If you aren’t connected on at least one platform, you might as well not exist. People rely on your social media sites to find out about your business, from what you sell to what your ethics are to who even is in charge. It’s an up-to-date inside scoop all about your company, and it’s pretty much the only way that anyone will bother learning about you anymore. Gone are the days of newspaper ads and phone calls; if you want to stay relevant, you have to go with the trendy social media platform of the day, or people will surely move on.
The downside of all this is that to use these sites, you have to open yourself up to a host of potential risks and dangers. It’s necessary to have these accounts to keep in business, but it’s exactly those things that will hook potential clients that also give cybercriminals all the information they need to do some serious damage.
So, how do you find the middle-ground between staying relevant and protecting yourself against the threat of releasing too much information? What policies can be enacted?
ENSURE EMPLOYEE DISCRETION
We all hope that our employees have the business’s best interests at heart, but they very likely won’t care about security to the same extent that you do as the owner. For this reason, you should take steps to ensure that your employees are also being careful with information about your business. They should be following the same steps that you are to protect passwords and maintain a balance of advertisement and discretion.
However, you can’t personally teach everyone. A good way to approach this is to make sure that everyone is following the same security policies and guidelines. Employee training sessions are a good method to educate them on the specific rules you want to implement in your organization while ensuring that everyone is on the same page about what the expectations are.
They should be aware that they should not click on suspect links in emails or friend people that they don’t know while on the company network or on their company accounts. Doing so may be giving hackers access to your systems, or at the very least they may begin mining the employees for information that, little by little, can eventually do your business harm.
They may also want to increase their privacy settings on their personal accounts. Leaving those pages open for anyone to see may eventually lead cybercriminals to sensitive information about your business. If an employee with low privacy settings lists your organization as their employer, makes posts about their daily life that reveal their or their coworkers’ routines, and divulge seemingly inconsequential details about the business through pictures and other posts, they may be unintentionally leading cybercriminals to the one last key piece of information that will finally enable them to infiltrate your network.
Of course, you can’t demand that employees increase their privacy settings on their personal accounts or dictate exactly what they say online, but you can educate them during trainings so that safety, both personal and professional, is something that everyone is keeping in mind. Employees must be just as safe as you are while on the internet at work and at home, because the slightest slip-up could potentially turn into something a lot bigger, and a lot more dangerous.
Think of it this way: Even if every employee only put a single private detail about the business onto their personal social media accounts, the effect of all of these pieces of information combined could be very damaging for your organization. Everyone’s account needs to be secure, or nobody’s account will be.
Another component of safety that many employers have already implemented in some form or another is monitoring the way that employees talk about the company, or regulating what they say about it. Oftentimes, policies like these (whether formally conveyed or not) are meant to prevent employees from speaking badly about the company on their personal social media accounts, but you can also make rules about what company information you want employees revealing on their personal accounts, and what information is best kept private.
Be sure to reinforce that employees should have complex passwords for their social media. Your staff should make these passwords difficult to guess by adding numbers, capitalizations, and different characters. This will make it much harder for cybercriminals to get into your accounts and see personal account information that you don’t want them seeing. Better yet, long phrases, which are easy to remember are the most difficult to crack because of their length.
Employees should try and avoid using personal information in their passwords anyway so that accounts are much more difficult to access. Encourage employees to use more than one password for all of their accounts to make it more difficult for cybercriminals to get into other other accounts if one is compromised. Passwords should not all be given to one person, either; using a password manager or a similar tool ensures that you can eliminate human error and still grant access to any employee that you want. As well, make sure that your passwords aren’t written down anywhere, either on paper or on any device. This runs the risk of them all getting lost or stolen; neither would be good for your business.
Cybercriminals are aware that it will be most effective for them to use every level of an organization when trying to break into that business’s private network. They can, and will, use a combination of your business accounts, your personal social media profiles, and those of your employees as well, to socially engineer a profile on your business and increase their chances of getting inside.
Try to incorporate all or at least some of these strategies into your everyday work routine. Don’t dwell. Otherwise it can become all you think about, and if it gets too overwhelming, you may not want to do it at all. By including these smaller safety tips in your routine, it can become easy and effortless to protect your business.
WE CAN HELP!
We can help you navigate social media usage and policy. America One offers both advisement on cyber policy and system monitoring for your business. We specialize in cybersecurity and are up to date on the current threat landscape, as well as specific technologies available to repel attacks.
Contact America One today or schedule a 10-minute call below for a FREE security assessment and consultation (a $299 value!): (781)-356-3535.