peter daveyby Peter Davey | 4/29/14

Although most managers would certainly frown upon employees updating their social media status from 9 to 5, the likelihood of this happening in your office is probably pretty high. 

These employees may be department stars and simply under-challenged in their current roles.  However, by catching up with friends on Facebook and Twitter, they may be compromising your computer network or perhaps even worse, your company’s brand. 

According to a 2013 Symantec Internet Security Threat Report, 43 percent of attacks used on social networking websites were related to malware.  Considering malware is the most popular post on social media sites, this should be an area of concern for all organizations. 

How can an organization reduce its exposure to cyber-charlatans seeking to undermine your network?  I strongly suggest tackling this issue by creating and mandating a social media policy.  To secure employee buy-in while making such a policy enforceable, the organization’s chief information officer or (better yet) chief executive officer must convey this protocol to his or her workforce.      

Such a policy should extend to articulate the type of material employees may post on an organization’s Facebook or Google+ portal.  While unexpected malware downloads could shut down one’s site, an inappropriate post by a bitter – or even inebriated – employee has the possibility of souring a company’s constituencies.  Whether a diatribe about alleged wrongdoings or having an executive or other well-known employee including a sketchy profile photo with an altogether appropriate post, either instance has the potential to bruise a company’s brand perception.

 Though the published message may only be seen by fellow employees, there is a distinct possibility customers may view it. Worse case a media outlet broadcasts the post and the general public becomes aware of topics that are better left to the employee’s supervisor or human resources department.

Considering job duties and responsibilities for one employee to another vary, a blanket policy may not work for everyone.  Marketing staffs – for example – may need to access such social media sites as LinkedIn, Twitter, Google+ and Facebook to perform research or develop and post content more so than those in logistics or finance. 

Outside of these outliers, the social policy should pertain to all employees.  To emphasize its magnitude, the company’s social protocol should certainly be an important element of the boarding process for new employees, but shouldn’t end there.  Constant reinforcement is needed to stress the importance of this action while emphasizing the potential damage inflicted should the guideline be ignored. 

Aside from providing constant reminders, a company should also provide routine training – ideally by IT staff or (better yet) from information security experts – about the other consequences social media sites present.   Coupled with the inherent danger malware presents in destabilizing a company’s computer network, having an employee access their favorite social media portals on a corporate server increases an organization’s exposure to becoming a victim of phishing scams and unintended data sharing.

Although less a threat to an organization’s network, the rant of an angry employee or racy social media profile of a notable employee may have an even longer lasting effect. 

As one of our nation’s founding fathers, Benjamin Franklin pointed out, “By failing to prepare, you are preparing to fail.”  As was the case with the Sons of Liberty’s strategy sessions to secure our freedom long ago, holds true with respect to protecting your computer network and public perception today.   

Peter Davey is director of professional services and advanced technical support forToshiba America Business Solutions.