Want to protect your corporate data and manage Millennials? Better rethink that social media policy

Employee use of social media could mean a world of trouble for your organization, so developing a better social media policy may be the way to go

As Baby Boomers retire, Generation Y is set to become the dominant cohort within the workforce, significantly shifting the age of the average employee. As the workforce composition transitions and an increasing amount of dependence is placed on technology for work purposes, employers might be forced to alter their attitudes toward tech use on the job.

Today, social media use (for personal and professional reasons) has become synonymous with Generation Y or "Millennials." According to a new study by CompTIA, Generational Research on Technology and Its Impact in the Workplace, 41 percent of twenty-something employees are skirting their companies' social media policies — which can have an organization-wide ripple effect.

While most companies assume that using social media is simply a roadblock to productivity, it is the risk to corporate data that should have IT policymakers thinking twice. With the likelihood of malware infestation, phishing scams and data sharing, accessing social media on corporate servers opens up a host of troublesome security issues.

Still, many companies' business models are shifting to include online and social components, leaving executives and IT to loosen the reins somewhat on employees' social media use. In failing to develop and communicate a strong social media policy, however, workers fail to distinguish between acceptable and improper use, leaving IT departments to clean up the mess.

The following is a list of some of the greatest social media policy mistakes that companies make and tips to help organizations promote better social media behavior, especially as younger, "digital-first" employees infiltrate the workforce.

Ignoring benefits and focusing on time lost

Many firms limit their employees' social media in fear of productivity issues, which, according to CompTIA's research, is a common concern. In fact, 64 percent of employees across all age groups believe that using social media at work for personal purposes poses a threat to productivity. Yet, almost half of respondents between the ages of 20 and 40 use Facebook for work purposes — a disconnect that deserves some attention.

[3 reasons why criminals exploit social networks and tips to avoid getting scammed]

The solution: Establish a social media training program. Show employees how to use social media in accordance with your policy to increase productivity, performance and contentment — especially if they use social platforms to do their jobs. By allowing employees to take advantage of social media's benefits, your company can harness the power of a valuable business tool.

Craft a policy appropriate for everyone

Because social media is still a new phenomenon, most companies only have one blanket policy that applies to all employees on the payroll, regardless of their responsibilities. This could be a mistake. According to CompTIA, senior staffers (who are often closest to important business information) were more likely than mid and entry level employees to access Facebook for work and personal purposes (53 percent as opposed to 21 percent). While crafting a social media policy takes time and effort, it shouldn't be a one-size-fits-all process. Employees of varying levels and functions within organizations have different duties and variable access to different types of data. Social media policies should correspond similarly.

Solution: The goal should be to prevent unwarranted knowledge-sharing. Categorize employees depending on job responsibilities and access to sensitive data. Write the policy on a per-case (or per-group) basis, and tailor your internal social media training sessions accordingly.

Establish a policy before it becomes an issue

Remember: a business social media policy (as a narrow slice of your overall IT policy) must protect corporate data. With threats such as malware, phishing scams and even innocent file sharing occurring more easily through social channels, social media use in the workplace can be much more than a productivity problem.

Solution: The best thing you can do for your social media policy is to make sure that your employees know it back to front. Establish training days or online modules that employees can use to learn best practices for safe social use. The more you communicate your policies and why they're necessary, the easier they will be to enforce.


A successful social media policy is a balanced one, one that gives employees the resources and options they need to do their jobs well while ensuring that IT departments aren't in fear of lurking security issues. Organizations should take the time to reassess their internal social media strategy and determine what can be tweaked to more realistically match your business's operations. Social media (like Millennials) is inevitably becoming a fixture in the workplace. Now is the time to figure out how to integrate it in a way that protects your sensitive information and grows your business at the same time.

Carolyn April is the director of industry analysis for CompTIA, the non-profit association for the information technology industry.

Copyright © 2013 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)