Don't #fail on Facebook
Don't #fail on Facebook
Top tips for creating a social media security policy:
With Facebook and other social media increasingly a target for professional cyber criminals, it is vital that companies advise employees on how to use it appropriately, both at work and in private life. They need a social media security policy that both warns against inappropriate behavior and advises on how to not fall victim to phishing or data loss, however accidental. At the same time, policies should also encourage social media adoption and not become a barrier to company-wide adoption. Here are the experts' tips for getting the balance right:
cover your bases: Ensure that your social media security policy covers all areas of activity, including: network security (avoid phishing attacks, downloading malware, suspicious links), basic advice on acceptable behavior (for social networking, tweeting and blogging), use of smartphones and sensitive location information, data protection, activity monitoring, business objectives and disciplinary procedures.
keep it simple: A void creating a very long policy that attempts to describe every scenario. That could create three problems. The first is monitoring all of the behavior defined as unacceptable - if you can't monitor it, you can't enforce it. The second issue is keeping it updated: social media platforms come and go, so it's better to have a policy with prescriptive principles rather than explaining how to use each individual platform. And, if long policies are full of legalese, they are less likely to be read and remembered.
champions can police: A company cannot train every employee in social media practices. And it's too much to expect for every employee to read the social media security policy document, particularly if they don't believe that they are engaging in corporate social media. You need a bridge between proactive and reactive. By identifying and nurturing social media champions - typically early adopters who see the benefits of blogging or setting up a Linked In group - you can use their enthusiasm to evangelize and police at the same time. Avoid a hierarchical approach to recruiting social media contributors internally - bosses are usually too busy to embrace social media fully and may simply order staff to engage without being able to guide them appropriately.
you talk shop, it's company business: Many employees are unaware that just because they are messaging their friends on Facebook, it isn't necessarily private. Criticizing colleagues or bosses in a status update is a bad idea when some Friends or Followers may work for the same company. Employees should always disclose who they work for if they discuss work issues, even when using their own social media identity. Disclosure ensures that the reader of the information knows that it may be promotional but also serves to remind the employee they are talking company business.
don't scare people off: Social media has given companies a human voice, and they have their employees to thank for that, being brand advocates away from the workplace and blogging and tweeting from their desks in the early years of adoption. Don't discourage them by creating too many do's and don'ts - it may result in dull, bland content that engages no one, even the creator. Social media has a human face, don't be inhumane.
The Orange Group social media guidelines are freely available at: http://orange.com/smg/