Skip to main content

Social media and cyber risk management

Using social media can lead to risk and liability for an organization. Privacy and data security issues can arise from employees using social media in a way that discloses confidential or sensitive information — such as personal Information of customers, patients, or employees, and confidential information about the organization.

These disclosures are usually innocent, but can harm an organization.

In addition, social media can provide an avenue for hackers or thieves to attack an organization. Information found through social media is often used in spear-phishing attacks and makes them effective because it increases the legitimacy of the request. Hackers can also use social media to exploit vulnerable networks, steal intellectual property, or harm an organization’s reputation.

You can help protect the organization from these risks by following these best practices.

1. Develop a social media policy and educate your workforce on it.  Every organization, regardless of size, should have a policy on the use of social media. Staff should know their responsibilities about referring to the organization on social media and the consequences of misuse or abuse of it.

2. Never disclose your organization’s trade secrets, intellectual property, or other confidential information through social media platforms.

3. Never disclose private or personal information related to (a) clients, customers, vendors, or patients, or (b) employees, managers, supervisors, senior management, officers, board members, or owners. This includes financial information, social security numbers, etc.

4. Do not disclose client, customer, or patient names or the work the organization performs for them unless the information is already available in the public domain.

5. If you say something online in support of your organization, including its products or services — even with a personal account — be sure to clearly disclose your relationship with the organization.

6. Do not accept “friend requests” from anyone that you do not know personally, including friends of friends. When a social media friend request is accepted — unless privacy settings are specifically adjusted to restrict access — that person can view all of your personal information, familiarizing themselves with your nearest friends and associates.

Source: eplace Solutions