Using social media can expose company and employee data, and misuse could harm organizational reputation. Here are some tips that can help reduce the risk. Credit: Thinkstock We live in a social world, but should our businesses? For many, the answer to that is increasingly no—that’s why laws and regulations have recently been put in place restricting access to some social media in certain situations because of the hidden risks of these seemingly innocuous platforms. The United States federal government and some US states, for example, have barred government-issued devices from the use of Chinese-owned TikTok, which allows users to create and share short videos with music, special effects, and other features.The concern is that foreign-owned applications might share the information they collect with government intelligence agencies. That information includes personally identifiable information, keystroke patterns (PII), location information based on SIM card or IP address, app activity, browser and search history, and biometric information.Personal use of social media by employees can impact the company’s brand as well as endanger the firm or employees themselves—bad actors could use social media to identify where a person works, the division in which they work, and possibly their physical location. The potential harm is higher for high-risk employees such as senior executives or those with authority to execute financial transactions.Of course, there are plenty of good reasons for employees to use social media. It can enhance marketing campaigns, announce news or critical information, and otherwise raise the profile of an organization. Social media channels can be used to monitor risks and threats against a government or critical infrastructure. Firms may also want to monitor social media channels for trending information about their organizations. Whatever the reason for embracing the beneficial side of social media, it’s crucial to be aware that using it can also invite unwanted exposure for both employees and the organizations they work for. What are the employee risks of social media?Here are some of the risks that social media platforms can pose to employees:Privacy concerns: TikTok, for example, has faced criticism for its data collection and privacy practices, as the app collects a significant amount of information about its users, including location data and device information. Cyberbullying and online harassment: Social media platforms can be a breeding ground for cyberbullying and online harassment, even when an employee uses them for professional reasons. Users may be targeted for their appearance, race, gender, sexual orientation, or other personal characteristics.Inappropriate content: Social media users may encounter inappropriate or offensive material while using these platforms for personal or professional reasons. This could include explicit or violent content or content that promotes harmful or illegal activities.Addiction: Like any social media platform, social media can be addictive, and users may spend excessive amounts of time on it. This can lead to problems with time management and potentially interfere with daily activities and hamper productivity.Security risks from cyberattacks: Because of the large volumes of data popular social media platforms collect, these apps are an attractive target for attackers. For example, in November 2022, a database of 487 million WhatsApp users’ mobile numbers from more than 84 countries was put up for sale on the Breached.vc hacking community forum.What are the business security risks of social media?Risks that businesses might face when using social media include:Reputational damage: Social media allows anyone to post comments or reviews about a business, which can be both positive and negative. Negative comments or reviews can damage a business’s reputation and may require the business to respond and address the issue in a timely manner. Employee misconduct: Similarly, employees who use social media to represent their employer may accidentally or intentionally post inappropriate or offensive content, which can damage the business’s reputation.Exposure due to data breach: Businesses’ data might be at risk should a social media platform experience a data breach. Simple LinkedIn career updates could trigger “new hire SMS” phishing attacks or screens in the background of an innocent workplace selfie posted on Instagram or Facebook could inadvertently expose sensitive corporate data.Legal liability: Businesses may face legal risks on social media such as defamation, copyright infringement, or violations of consumer protection laws.How to mitigate risk from social mediaTo minimize these risks, consider the following: Limit the use of social media applications to company-owned devices, especially for firms with high security requirements. In any high-risk firm, the separation of business versus personal use should be clear and distinct. While employees might need to carry two devices—one for business and another for personal use—the policy aims to keep a barrier between the two uses. Businesses that mandate this sort of deployment should enroll in a mobile management tool to monitor device patching level, and the types of applications that are installed.Create an acceptable use policy for both company- and employee-owned devices. Such policies set expectations for social media engagement to ensure that the firm’s culture and reputation are maintained, especially if employees are allowed to use personal devices for business apps. You’ll want to review recommendations for both Android phones and Apple iPhones. Here’s an example of a social media acceptable use policy from Stanford University.Protect computers and mobile devices used to participate in social media engagement and potentially isolate them from other systems that present higher risk. High-risk organizations might want to provide devices and computers that are dedicated to social media interactions or consider outsourcing these functions to firms that specialize in social engagement.Ensure that permission levels are set appropriately on multi-user tools used to manage social media posting. You may need to also document guidelines for multi-user use of social media. Monitor and review the use of such tools. As platforms and trends change you may need to reevaluate engagement or move to additional platforms.Document and monitor all social media channels used for official communication by the organization. The US Cybersecurity and Infrastructure Security Agency (CISA), for example, regularly publishes security information on social media platforms and identifies those channels that are authoritative. Ensure that users know which social media channels are used by your firm and assign someone to monitor their use. Recently, some major firms were spoofed on Twitter and fraudulent tweets affected the stock price of the companies.Set up multi-factor authentication (MFA) for all social media accounts. There have been many cases where an unauthorized person obtained access to social media channels and put forth statements and comments that damaged a company’s profile.Enhance email protections for employees that handle your social media outreach to make them less susceptible to phishing attacks.Provide guidance to employees for protecting themselves when using social This includes how to block direct messages and deal with harassment. Make sure they are mindful of the content they share and who they interact with, and that they understand their options for privacy settings to control the information that is shared with others.For more detailed advice, CISA released resources in 2021 on recommended methods to protect social media channels. Social media constantly changes. It’s wise to review your engagement and protection policies on a regular basis and adjust as necessary. Related content brandpost How an integrated platform approach improves OT security By Richard Springer Sep 26, 2023 5 mins Security news Teachers urged to enter schoolgirls into UK’s flagship cybersecurity contest CyberFirst Girls aims to introduce girls to cybersecurity, increase diversity, and address the much-maligned skills shortage in the sector. By Michael Hill Sep 26, 2023 4 mins Back to School Education Industry IT Training news CREST, IASME to deliver UK NCSC’s Cyber Incident Exercising scheme CIE scheme aims to help organisations find quality service providers that can advise and support them in practising cyber incident response plans. By Michael Hill Sep 26, 2023 3 mins IT Governance Frameworks Incident Response Data and Information Security news Baffle releases encryption solution to secure data for generative AI Solution uses the advanced encryption standard algorithm to encrypt sensitive data throughout the generative AI pipeline. By Michael Hill Sep 26, 2023 3 mins Encryption Generative AI Data and Information Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe