Social media are arguably delivering tangible benefits for businesses, with researcher Gartner predicting they’ll surpass email as the preferred online means of communication by 2014. Benefits include increased brand awareness, improved reputation, building beneficial relationships, and personal skills development.
But with the convenience and ubiquity of social networking comes a whole new raft of security concerns – and it’s an area where some businesses are still wising up to the risks. “Without directly addressing the issues of identity theft, cyber crime and web-driven targeted espionage attacks then we are leaving the door wide open,” said a recent opinion piece by security software provider AVG.
The view is echoed by Symantec’s Vice President & Managing Director, Pacific Region, Craig Scroggie, who says social media allow cyber criminals to catch victims using social engineering techniques. “Whether it’s the MySpaces, the Facebooks, Twitter – all of those social media communication technologies are being targeted by social engineering fraud, purporting to be someone you’re not,” he told Start-Up. People using social networks – be they business or personal – get bombarded with invitations from ‘friends’ to click on links that will take them to exciting new places or enable them to download handy applications. Too many of these links are actually to websites run by phishers and identity thieves.
Social networks have contributed to the problem by suggesting that privacy online is somehow old hat. AVG quotes Facebook founder Mark Zuckerberg saying “...people are a lot more relaxed about online privacy than they used to be. Attitudes have changed and people have ‘opened up on the web’ as they share information about themselves on social networking sites...”
That may hold true for private networking (and more fool those who are careless about sharing information), but when such attitudes are carried over into business networks, they can lead to all sorts of trouble. Symantec’s Scroggie says businesses need to be sure this kind of behaviour doesn’t occur under their company’s name.
“Many small businesses aren’t asking the question: ‘how do I monitor my brand on social media?’,” he says. “So there’s a whole new area that gets opened up when you start thinking about how does the SMB manage its brand, its reputation, the behaviour of its employees, the voice that they have when they participate in social networking – how does that represent your company?”
AVG says social networks try to make their content more engaging by encouraging users to upload more information, “...all of which builds up profile and identity. Take this example to the business environment and identity becomes intellectual property – and this needs to be locked down”.
A business may control what is posted on a social networking page set up under its own name, but what about the pages of individual staff members? They may discuss meetings they’re attending, contacts they’ve met with; even share opinions about other businesses and their products. This sort of detail could be exploited by competitors, or even bring a lawsuit if someone is badmouthing a business rival. This is where businesses need a clear social networking policy for all staff to follow.
Policy tips
“First and foremost, ensure your employees are educated about what is acceptable use; that they understand the voice of your organisation and how they want to be represented on social media,” Scroggie says. “Many organisations say ‘use your own voice when you are participating in social networking’ – identify yourself as an individual, identify yourself as an employee of the organisation. If you’re responding on behalf of the organisation, tell the person who has a complaint or a problem that you would like to help them resolve it and you’ll put them in touch with customer support or a service person or whoever it is that can help them address their issue.
“Those are the sort of things you think about when considering how to positively use social networking – many employees who participate in the medium see the opportunity to help the company that they represent either develop more business or get closer to its clients. So ensuring there is a policy in place, that they understand how to represent the organisation with that policy, that they identify themselves as an employee – those things are basic but they’re very important.”
For more information about what should be in your business’s social networking policy, see tinyurl.com/n57ge8