Jun 04, 2017
Your organisation's employees are using social media. They're using it at home. They're using it on the way to work. They're using it when they're in the office (whether you've allowed them to or not).
This means that your organisation needs to think very carefully about the risk social media poses to its security.
In today's post I explain a few techniques for reducing that risk to your organisation.
Implement a Social Media Policy
One of the first steps to reducing your organisation's social media security risk is developing appropriate social media policies. Outright blocking social media websites is rarely effective -- many employees will need access to social networks as part of their jobs, and some will find ways to circumvent the filters you put in place no matter what you do -- by using their phones, proxies or vpn's.
It's often worth having two social media policies -- one for all employees, and another for employees that specifically need to use social media as part of their jobs.
There is an excellent, albeit lengthy guide to developing a social media policy available here.
Provide Security Awareness Training
After developing a social media policy, it's important that all employees are made aware of what's expected of them, are trained in how to use social networks securely, and know what things to watch out for.
A good security awareness training course should cover social engineering, as well as at least the following social media security topics:
- Best practices and appropriate use of social networks
- The secrecy and security of social media
- The security risks involved with using social media at work, and away from work
- How to limit security risks involved in using social media
All these topics are covered in our PCI Essentials training.
Install Anti-Virus/Anti-Malware Software
A third and final defence against the major threats posed by social media usage within your organisation is ensuring that all devices used for company work have adequate virus and malware protection.
It's important that staff keep their personal devices secure, and also that work systems are protected and regularly updated too. Viruses and malware can easily spread via social networks, in particular via social engineering attempts, and good virus/malware protection provides a final layer of defence when employees fail to adhere to best practices.
What does your organisation do to reduce the risk of social media to organisation security? Have any tips of your own to share? Post them in the comments below.