Social media is not just attractive to individuals, and an increasing number of companies are now using Facebook and similar sites to communicate with their customers. In many cases, their employees are also permitted access to social networks.
How can social media be used securely in the workplace?
Are companies more secure without social media? The answer is Yes. Companies which block Facebook and similar sites won’t fall victim to malware or social engineering smuggled in via one of these platforms.
Carrying this argument to its logical conclusion, however, would take us back to the Stone Age: we would have to throw out our entire IT infrastructure. Although this would ensure companies were safe from IT attacks, no-one would be able to work. It is, therefore, better to ensure that IT systems are secure to enable companies to profit from them — or, as in this particular case, from using Facebook.
Choosing the Right Security Strategy
One basic requirement for securely implementing social media in corporations is an effective security strategy. Only once the foundations are in place can companies set about ensuring secure Facebook usage.
For example: using optimum browser protection and ensuring all updates are in place can prevent an attacker, perhaps using a special app, from doing much damage. If, therefore, your IT security is somewhat shaky, you should hold off allowing Facebook access until your corporate security strategy is in place.
Follow the Ground Rules
Otherwise the same rules apply to using Facebook at work as apply to using it at home:
Check Your Data Protection Settings: Whether you’re using Facebook, Twitter or another social network, the most important tip is: "Check your data protection settings". Consider which data your friends should see, which data is completely public and can thus be searched by Google and similar sites, and which rights are reserved by the operators of the social network.
In many cases, these burning questions can only be answered with a great deal of effort. Time invested in researching them is, however, well worth it. When you register for a social networking site, therefore, fill out only the required fields and select the most conservative settings.
Watch What You Post: Facebook and similar sites are great ways to communicate with customers all over the world. But even companies should be careful what they post.
Protect Your Own Identity: There have been cases of identity theft in which criminals have created profiles for users and used them to blackmail their victims. This can also happen to companies, with third parties misusing their brands to send spam. Another form of identity theft involves using phishing attacks to collect passwords for existing social networking accounts. Good protective software prevents this from happening.
Preventing Malware Attacks: As well as the more traditional email route, pests like the Koobface worm use social networks like Facebook and MySpace to replicate themselves. An up-to-date virus scanner protects against this type of malware.
Provide Training
Companies should also train their employees on the correct use of social networks. Each time a new software package is introduced, employee training is automatically scheduled. Why not do the same for new security threats, or provide training on using Facebook securely?
As the people responsible for security training, administrators should provide lots of real-life examples and tips when presenting such material. Begin by explaining the proper use of access passwords. These should not be stored in web browsers. You should also explain information disclosure and demonstrate the various privacy settings. It is also important to ensure that employees use Facebook responsibly if they log into their personal accounts during their breaks, for example.
Define Usage Criteria
In addition to the aforementioned security precautions, companies should take into account employee enthusiasm for Facebook and set clear rules for using it in the workplace. Following these steps will pave the way for secure Facebook usage with no loss of productivity.