Why Your Company Might Have a Social Media Problem

Anyone entering the workforce under the age of 30 has likely never known a world without instantaneous, digital-based communication. Social media connects more people more quickly than ever before, and companies are struggling to keep pace with the flow of information.

Unfortunately, sensitive and proprietary information may be shared unintentionally (or maliciously) on social media channels. Firewalls and employee guidebooks won’t cut it anymore, so what should concerned organizations do?

Shared Today, Gone Tomorrow

Not so long ago, a company’s IT department had sole reign over confidential information. Data was shared and disseminated via the company’s servers, which meant that monitoring was relatively easy and confined. With the proliferation of not only social media and related applications, but also smartphones and internet-enabled devices, an employer can fully circumvent the IT department to communicate with others. Indeed, an IT department may be completely unaware of an individual’s efforts to share information.

Data can be easily shared accidentally when an employee accidentally copies and pastes info into the wrong window or falls prey to an autocorrect feature on a smartphone that inadvertently shares a project name. It can occur when a message intended to be sent discreetly ends up on the public-facing side of an application. If that sounds like an error only the technologically stunted would make, consider that Twitter’s own CFO accidentally tweeted plans for an acquisition onto his public Twitter profile instead of in a direct (private) message.

Even one wrongly addressed or incautiously posted bit of data can torpedo a company’s competitive advantage, and for some publicly traded companies, those gaffes might violate Securities and Exchange Commission regulations.

A piece of information that is useless by itself may fill in a gap elsewhere that allows a nefarious third-party to piece together information they should not have.

Policing Your Policies

Social media policies developed by organizations might not consider the gray areas that exist when an employee is tasked with social media-related job requirements. If that employee resigns or is terminated, who could (and should) have access to the contact lists and information?

Though LinkedIn’s own Terms of Use state that any profile belongs to the account holder, a UK court ruled that account maintenance may be considered part of a job duty and, therefore, a LinkedIn account may be confidential property of an employer. Good policies and employment contracts strictly delineate who has access to customer and contact lists and how termination and resignation would affect access or usage.

Companies can further protect their relationships and data by proscribing what work-related communications may take place, and where; for some companies, the easiest route is to forbid any “shop talk” on external, i.e. non-monitored, systems. Some organizations have adopted policies that oblige employees to disclose their work-related social media conversations and/or copy appropriate management on these communiques.

Such proactive policy-making will allow an employer to better safeguard itself against a terminated or reckless employee, and it sets precedents that allow courts to understand what the organization considers confidential and trade-protected information.

Social Media Vulnerability Assessments

Though many companies have adapted to the prevalence of social media and created internal policies that discourage the oversharing of information and generally promote smarter social media interaction, these policies are not foolproof. One potential solution is to implement monitoring software that can flag and even remove social media posts that may reveal sensitive data.

Another is to empower a trusted third party like Sentek to perform a social media vulnerability assessment. The most thorough of these assessments will detail potential areas of exploitation, including those employees who are ignorant of existing social media policies or unwilling to uphold them, as well as what sensitive information is currently publicly available. This provides the starting point to shoring up your company’s social media vulnerabilities.

Does your organization have a clearly worded and restrictive social media policy? Have you considered alternate solutions to monitor your employees’ social media interactions? Let us know in the comments section, and get in touch with Sentek to get started on a social media vulnerability assessment for your organization.