Social media is used by both organizations and employees—as a marketing tool for business, for entertainment, or for interacting with friends and family. To commemorate the impact that social media has had on global communication and connectivity, World Social Media Day is celebrated on 30 June. It’s also a good time for organizations to remind employees of best practices for their professional and personal use of social media.
Unfortunately, criminals take advantage of the widespread use of social media and the human desire to share our lives with friends and family—or even with the general public. By educating employees on the risks of social media and enforcing best practices, organizations can help employees protect their own information, and by extension, protect the organization’s information.
- Educate employees to limit the amount of personal information that is available to others. The more information that someone posts, the more this information can be exploited by criminals to try to trick employees into inadvertently giving access to the organization’s confidential data or paying a fraudulent invoice.
- Share with caution. Personal information can be exposed by posting comments, photos, and locations. Criminals can gather this information and use it to target the employee with malicious emails, text messages, or even phone calls that seem applicable to the employee’s interests and activities—increasing the likelihood that the targeted employee will respond.
- Review privacy policies. Employees may not know that apps are collecting and selling their information and activities. Reading over the app’s privacy policy can help employees understand what information is being collected, how it is being used, and to whom it is being disclosed.
- Update privacy settings and app permissions. Settings and permissions manage access to information associated with social media accounts. Employees should only allow permissions such as location, photos, or contacts that are necessary for the app to function—otherwise, permissions should be denied. Employees are able to restrict posts, profile information, and activity to their intended audience and limit what others can view.
- Assess third-party apps. Linking a third-party app to a social media account is convenient, but employees should understand the risks. Third-party apps have their own privacy policies and permissions, and may manage personal information differently from the primary app. Or a hacker may use the third-party app to gain access to the primary app and its content.
- Train employees to regularly review their connections and followers. Interacting with an unfamiliar account may give a stranger—or even a criminal—the same access to their account as a friend or family member, and thus provide them with personal information that can be used to deceive the employee.
- Determine if the social media account is legitimate. It is important for employees to confirm whether an account is legitimate or fake before interacting and engaging with its content. Some social media platforms include a Verified Badge to help confirm a well-known account’s legitimacy.
- Check current profile connections. Employees should review the accounts they currently follow or are followed by. If a linked account appears unfamiliar or suspicious, the employees should “unfollow” that account.
- Report and block suspicious accounts. Employees should avoid interacting with suspicious accounts. A fake account could be created by criminals trying to steal money or financial information, or it could be a bot trying to spread misinformation. Most social media accounts include instructions on blocking and reporting suspicious accounts in their help section.
- Encourage employees to follow best practices to secure their accounts. A few additional steps will help employees keep their accounts more secure.
- Close accounts that are no longer used to reduce unintentional exposure.
- Use long, unique passwords or a passkey and two-factor authentication to prevent unauthorized access.
- Think before clicking to avoid malware embedded in links or advertisements.
By being aware of social media security risks, employees can more readily protect the organization’s confidential and sensitive information as well as their own personal privacy.