SILICON VALLEY, Calif. – Small business owners can be sure that most of your employees are active on social media. For younger ones, in fact, Facebooking, Instagramming, and Tweeting are as natural as breathing.
But suppose an employee messaged a Dropbox link with confidential information (even if only to a fellow employee) over an insecure connection? Crowdsourced a question about a sensitive issue she was handling for a customer?
Do scenarios like these keep you up at night? They should. According to James Pooley, social media and the "sharing" culture it has sparked are very real threats to your organization.
"The Internet – which spawned social media – has changed the way we work and communicate," says Pooley, author of Secrets: Managing Information Assets in the Age of Cyberespionage. "That change has profound implications for a trade secret system that relies largely on human trust.
"I'm not saying openness is inherently bad," Pooley says. "Obviously, a certain amount is needed if we're to collaborate for innovation. Yet there's a dark side to the comfort level that's evolved around all this sharing. Companies need to acknowledge the risks of social media and work to prevent leaks by improving their employees' knowledge and good judgment."
Having recently completed a five-year term as deputy director general at the World Intellectual Property Organization in Geneva, Switzerland, where he was responsible for management of the international patent system (PCT), Pooley is an expert in the fields of intellectual property, trade secrets, and data security. His book, Secrets, which thoroughly explains how to recognize and mitigate the risk of information loss in today's electronic business landscape, serves as a guide for executives and managers, and really anyone and everyone who works with information.
Here, Pooley shares six tips to help you keep your company's sensitive information off social media feeds:
1. Understand that you're asking employees to go against their "digital instincts." By their very nature, social media platforms encourage users to publicly disclose the minutiae of their lives (usually the more, the better). The so-called Facebook generation is conditioned to casually communicate, swapping files and using the Cloud to store and access photos, music, and more. They are experts at revealing a lot using only 140 characters.
"Making sure that social media doesn't become a hole through which your company's secrets leak is an especially challenging task because you're essentially asking employees to check their habits at the door," says Pooley. "They'll need to learn to operate based on a different set of standards that often contradict how they deal with information in their private lives."
2. Put social media policies in writing. Don't assume that a few informal warnings and cautionary tales will keep all your employees from tweeting and posting what they shouldn't. If your company already has general policies about the disclosure of information assets, make sure they become part of the official set of rules that govern employees' use of social media. These policies will reinforce the need to keep personal and work issues separated and not to post about what is going on inside the company.
Pooley cautions that larger companies need to have these policies reviewed by legal counsel, since typically broad confidentiality restrictions can violate labor laws that guarantee employees the right to discuss their working conditions.
"Additionally, companies need to decide if social media business contacts belong to them or to their staff," he adds. "According to recent court decisions, if this isn't clearly specified in the company's policies, those contacts and the social media account itself can be claimed by the employee when he leaves."
3. Train, train, and then train some more. In many organizations, after initial orientation, data protection policies are left on the shelf and more or less ignored. That's dangerous, because staff can easily forget about the rules or lose respect for the dangers of noncompliance. Meanwhile, they may be working on collaborative projects, examining acquisition possibilities, receiving development proposals, and more. All of these situations can lead to personal social media connections, where you will be relying on the knowledge and good judgment of your employees to control risks.
"You can mitigate much of this risk by creating a quality training program that engages your employees as part of the security defense team," he says. "They'll make fewer mistakes themselves on social media (and elsewhere), and they'll also be on the lookout for the mistakes of others. Keep in mind that the best training is continuous, careful, upbeat, and professional, and does not rely on threats. And be sure to include everyone – not just key knowledge workers – in social media security training. That includes contractors, temporary employees, and interns."
Next page: Dangers of BYOD; how to spot scams
- Small businesses big winner with reinstatement of Health Reimbursement Arrangements
- Insuretech startups Hippo, Lemonade on the attack against agents who sell homeowners coverage in California
- 4 industry trends to watch for in 2017
- Shopping up, enrollment channels shift for Medicare Part D as more consumers rely on brokers
- Why companies can’t get marketing right
- Optimism rebounding among independent P&C agencies; leads to aggressive growth plans in 2017
- Lessons from the U.K.’s bold new retirement initiatives
- Annual review of client needs only makes sense