There’s a time and a place for browsing social media, and for some of us that’s ‘all the time’ and ‘anywhere’. It doesn’t matter if you’re posting a quick Tweet, jumping to attention when you receive an IM or idly refreshing Facebook for updates; nothing can keep us in the real world for long.
And although employers have long since lost the battle to prevent staff glancing at their Facebook profiles or posting on Reddit during the workday, they cannot give up on ensuring that staff use those sites responsibly.
Some innocuous browsing from a hardworking employee during a quick break is nothing to worry about, but there are certain practices that can be hugely damaging to your organisation. And they’re probably occurring more often than you might think.
In this blog, we outline three issues you should be aware of and provide advice on how to mitigate the risk.
- EU regulators to curb employers searching social media
- The GDPR: Can your organisation monitor employees’ personal communications?
1. Are employees revealing sensitive company information?
Several social media sites encourage individuals to publicly list their employer. Facebook and LinkedIn are the most obvious examples of this, but there are plenty of others in which people include their employer or website in their bio.
Even if you don’t state where you work on your profile, you might make posts or share pictures that reveal your employer.
That on its own is nothing to be overly concerned about, but you could run into problems if your posts include sensitive information.
A photo taken on the organisation’s premises might reveal something useful to hackers. Perhaps the login details for a company account are clearly visible in the background? Or maybe your update reveals an organisational policy that could be exploited?
These sound like basic mistakes, but people are often far too eager to post things without thinking of the consequences – especially when emotions are involved. You may well regret writing something that seemed funny at the time, or which made you angry or upset, but it could be too late by then.
Our advice would be to refrain from posting anything specific about work or uploading pictures or videos taken in the workplace.
2. You might discredit your employer
There’s a person out there whose Twitter account genuinely was hacked by someone who left a series of offensive messages, and no one believes them.
Who could blame you for thinking they were lying? So many people have posted something offensive and then blamed someone else for writing them that ‘my account was hacked’ is to online bigotry what ‘the dog ate my homework’ is to lazy schoolchildren.
But if the trope has taught us anything, it’s that people need to be more accountable for the things they share on social media, particularly when their online presence is associated with their employer.
Organisations will have no qualms about firing someone for disreputable behaviour online, as it can discredit their company values.
That’s not to say that you should never express any controversial opinions online, but you should be aware that practically everything is offensive to someone on the Internet, and if it attracts enough attention, your boss is bound to find out.
Even if you’re saying it in jest, remember the adage ‘nothing sounds funny when repeated in a courtroom’ – or, perhaps, when repeated to your HR manager.
3. You might help scammers target you
When conducting spear phishing whaling attacks, cyber criminals will browse the Internet looking for clues to help them compromise target’s email addresses, imitate their writing style and identify a scheme that has the best chance of working.
That’s a whole lot easier when people leave dense online trails containing personal data and clues about their lives. By identifying phone numbers and secondary email addresses, criminals can manipulate options for forgotten passwords, gaining access to accounts, which they can use to leverage others.
Likewise, listing your hometown, parents’ information and pets’ names can all be used to guess passwords and answer secret questions.
Teach your employees better social media habits
The solution to these risks isn’t to ban social media at work or, heaven forbid, police what employees post online. Rather, you need to teach staff to take responsibility for the way they use social media and help them understand the associated risks.
Our Social Media Staff Awareness Human Patch E-learning Training Course provides a quick introduction to staying safe when social networking. In just 15 minutes, you’ll learn the dangers of social media and what you can do to avoid them.
This is the third in our “Human Patch” training series, which is designed to provide quick, easy-to-follow lessons on common workplace incidents and mistakes.
Our other courses tackle: