Written by
Changeboard Team

Published
07 Jun 2010

How can employers safeguard against the dangers of social media?

07 Jun 2010 • by Changeboard Team

Your business in the public domain

Many people carelessly share company information in public without a second thought of the potential ramifications. Its become commonplace to see people openly working on business proposals on their laptops, while talking freely on mobiles about their business plans, a scenario that is played out every day on trains and public transport around the country.

People mistakenly believe that they are in a private bubble, safe from prying eyes and pricked ears, but nothing could be further from the truth. Internet users think social networks are private when they are very public and have the potential to release private information to millions of internet users.

Are employees your biggest security threat?

Everyone from the military to corporate conglomerates have suffered due to employees inadvertently sharing information. In January, a Freedom of Information request revealed that military information was leaked 16 times via social networks and internet forums. Other corporate leaks have included pending mergers and layoffs.

These incidents arent caused by failures in firewalls, or users not keeping their software updated. They arise because of lack of judgement. IT managers would love to have a 'silver bullet' software solution to protect their company from the risks associated with social networks, but in reality its a training and HR issue.

IT departments spend a lot of money securing the companys networks against external threats, but unless employees are taught how to be more secure online they will continue to be the companys biggest, and internal, security threat.

Social networks & spear fishing - the dangers

Social networks survive commercially by making as much information available as possible. As such, they encourage users to widen their network and reveal ever more personal information. Users are discouraged from locking down their privacy settings, or they simply update the privacy policy to prevent users from hiding data. Facebook has been openly criticised due to recent changes in their privacy settings. With more than 50 privacy settings and 170 options, its little wonder that people are confused.

Corporate spear fishing attacks have become a problem worldwide. Earlier this year, phishing attacks from China affected Google, Adobe, and more than 20 other U.S. companies. Spear phishing is when criminals gather information, often by social networks, on a specific individual or group and send the recipient a personalised message spoofed to appear as though it has come from a friend or colleague. When the recipient opens the message it often has an attachment that down loads a key logger or malware, which allows access to the companys computer network.

How can you safeguard your employees?

The best way to mitigate the risk of employees causing unintended harm from their online activity is education. Most employees simply don't understand potential social networking issues - either to themselves or their company.

Educate your employees on internet safety, to help them protect themselves and to increase security for the employer. Issues extend far beyond network security, affecting PR and marketing issues, data security and HR. Derogatory comments whether made in jest or serious carry potential lawsuits from harassment to bullying and racism. There have already been claims of sexual harassment and racism against US companies because of comments posted in a social network. 

People need to understand privacy issues and be aware of the outcome of being openly exposed online. And while some employers have taken strides to safeguard themselves by blocking social networking in the workplace, employees can still access these accounts from home or via a mobile.

Minimising risk of computer attacks

  • Keep software up-to-date. Most computer attacks are done by exploiting a weakness in the software. Visit www.secunia.com for a free software update.
  • There's an increase in spam emails that ask you to open an attachment. Dont open these. It may look harmless, but installs malicious software that will infect your computer.
  • Create secure memorable passwords. Think of a password and then use the keys to the left of your password e.g. evictims using keys to the left is wcuxruna. You can also try using letters to the right or above or below. Or use a password manager such as www.keepass.info which is free to use.
  • If you get an email stating that your account has been compromised or may be suspended, dont click on the link provided. It will take you to a fake login page allowing criminals to take over your account.
  • If you use a social network, go through the privacy settings every few months and only share your information with friends.
  • Put your name in a search engine and use quote marks around your name: Joe Bloggs. Check to see how much of your private information is available online.
  • Remember that downloading 'free' music and films from websites is illegal. These downloads often have nasty software embedded that can cause havoc with your computer.

Password safety

If people are clearly informed of potential risks, they are motivated to take appropriate action to avoid online perils. Instruct your employees to create different passwords for all of their online accounts. If their password is compromised in their private life, criminals will use software to use those passwords on hundreds of other websites including banking, PayPal, shopping sites and social networks and to gain access to their employers site.

Unfortunately, a lot of internet safety advice is too vague, which is why you need to ensure that your employees are aware of the issues and the steps that need to be taken to protect themselves.