In my previous 2 posts (handily names part 1 and part 2) I reviewed why IT Managers have a problem with social media and what your options are for how it is integrated into the workplace. In part 3 I want to give some ideas about the sorts of things you need to think about and action in order to “safely” use social media in your business.
The starting point for Social Media Security is to ensure your AUP (Acceptable Usage Policy) is updated. This should include the classic do and don’ts but ideally should also encourage users to be responsible and highlight what business uses they adopt. As with any policy, if you want it to be enforceable it has to be realistically applicable and you need to be able to show a consistent application of this policy.
- There are many web browser plugins that can be used to assess the reputation of search results or clicked on URLs; these can help employees quickly identify if a site has a good or bad reputation.
- Some sites are clever and advertise a shortened URL, however, plugins can also be deployed that expand shortened URLs, such as www.longURL.org or use specific browser plugins from Chrome or Firefox.
- Employ the use of a Web Filtering Software to help monitor the usage and block known bad sites.
- Ensure your Anti-Virus software is up to date and ideally contains an Anti-Spyware element. Corporate products can also include “EndPoint” protection which provides comprehensive protection across the entire network and should also include PC level protection against malware from Social Media sites.
It pretty obvious but having a secure password for each of your social media sites will help reduce the risk of an account being hijacked. One of the most common errors is using the same password for everything, this is obviously not recommended and should be communicated to all employees.
Education and Training
Ensuring that everyone in the business knows what they should and shouldn’t be doing is of real importance. The AUP is the starting point but following that up with specific training that helps each employee understand how to use the systems in an appropriate manner and in a way that is complementary to their role is also of great importance.
Add this training into any induction for new starters, so that the message remains consistent.
Setting up workshops, floor walking and drop in sessions for people who need help is also a great way to continue engaging this topic with the users.
Once all the training has been rolled out and everyone knows what they should be doing, the last point is to monitor what is actually happening. Web filter software can help monitor social media usage and assess the scale of the usage, busiest times of day and produce reports to take to management. In extreme cases it can help identify abusers of the system and help you block access if needed.
Reviewing the actual content of what people are saying is also important; all that training is only good if people have taken it on board and are towing the line.
Keep your staff up to date of all the security risks associated with using social media along with latest trends and threats. Each company has their own preferred way to communicate these to employees, just ensure that its being read, far too many employees have an automatic email rule to send all correspondence from IT dept. to the Junk folder!
There are many more and I would welcome the opportunity to discuss the ones I may have missed out, please feel free to leave a comment below.