NOW IS THE TIME! It’s time for you to embrace the power of social media—a force your company can use to empower your employees and a means by which to better serve your customers.
Our two previous posts in this series have discussed the Benefits of Social Media as well as the Risks of Social Media in the corporate environment. But let’s look at some important tools that can allow you to use social media to your benefit. Additionally, let’s look at how to create a social media policy, how to train employees to follow that policy, and how to filter, monitor, and archive your employees’ social media activity to better protect your company.
Develop Detailed and Thorough Social Media Policies
The majority of employers who take advantage of the benefits of these communication tools have written a social media policy1, although nearly one in five have not yet done so2. Even though these kinds of policies are widely implemented, nearly three in four organizations only have a general policy about the use of social media on the corporate network or they have no policy at all. Only 28% of organizations have what can be considered a detailed and thorough policy1, even though every employer should have one.
What makes good policy? It should include a variety of things. It should include a list of the tools that are permitted and those that are not permitted to be used, as far as the corporate network. It should list the types of content that can be shared using social media and examples of content, as well as clarifying whether or not employees can speak on behalf of the company.
Social media policies…
- Are a part of your overall communications policies
Your new social media policies should be an integral part of an overall set of communication policies that focus on the use of corporate email, instant messaging tools, personal webmail, collaborative tools, cloud-based storage repositories, and any other capability through which individuals might share corporate information. - Define the acceptable use of social media
These policies should include a thorough discussion focused on the appropriate use of social media tools, including requirements not to post sexually or racially offensive comments or images; not to include links to gambling or other inappropriate web sites; not to defame competitors or slander individuals; not to post content that could violate copyright laws; not to post sensitive or confidential information; to ensure that all posts are in good taste; etc. - Should be specific
The policies should be specific enough so that different roles can be made subject to different policies. For example, senior managers should be subject to different policies when communicating with external auditors than when they communicate with employees, securities traders should be subject to different rules about their use of social media than the clerical staff, and formal communications that state a company position should be subject to different monitoring and review practices than personal communications. - Maintain the right to monitor social media communications
Any social media policy should clearly state that management must reserve the right to monitor employee communication, states under what circumstances it has the right to act on this information, and states that content may be retained for an indefinite period. - State the difference between the tools that can be used and those which cannot
Social media tools that can and cannot be used should be specified clearly in any corporate policy, preferably with a rationale for the decision. This includes the social media sites or tools themselves, as well as the platforms on which these sites are accessed – smartphones, home computers, desktop computers at work, etc. While some decision makers may opt for a strict approach and create policies that prohibit the use of Facebook, Twitter, LinkedIn or other tools on corporate platforms, this approach will be unlikely to work and will simply prompt employees to use their personal devices to access these tools while at work. Instead, a more responsible approach that allows for the appropriate use of these tools will better serve employees and the organization overall. - Include employee succession planning
When an employee leaves the organization, who “owns” his friends and followers? Do followers on Twitter belong to the employer or employee? Are an employee’s Facebook posts the property of her employer if they were posted during work hours? There have been numerous cases in which employees/ex-employees have been involved in legal battles with companies, specifically over this issue, including Eagle v. Edcomm in the United States and Whitmar Publications Limited v Gamage and others in the United Kingdom. - Clarify the responses to data breaches
Social media policies should also specify the appropriate corporate reaction to a data breach and the consequences of a policy violation. For example, if an employee mistakenly tweets a product announcement a day before a press release is issued, or mistakenly posts trade secrets on a Facebook page, the consequences of these actions should be clearly spelled out just like they would be for any other type of data breach.
These policies must be implemented in such a way as to achieve significant employee buy-in, since unreasonable policies simply will not be followed. Moreover, it is essential to continually revisit and update these policies frequently in order to keep them up-to-date with new social media tools, laws, and best practices.
FREE Sample Social Media Policy. Download this PDF “Create your Social Media Policy Today!”
The next decision point is this: how will you implement policies that focus on developing an appropriate balance between employee freedom to gather information and communicate via social media and the business benefits that will be realized from the use of these tools, while remaining in compliance with industry regulations, and under advice from legal counsel?
Train Your Employees
So you have a great policy. Do your employees know what is in it? You may have emailed it to them, or handed out printed copies, but have they read it? And if they have read it, do they understand it and what it means to them? Take the time to train your employees on how to follow all of your company policies. Regular and extensive training will help empower your employees to use social media without fear of the inherent risks therein.
A recent survey of 110 businesses showed that only 37% conduct formal training covering the companies social media policies
or guidelines. That is only a 4% increase over the prior year1.
Any training should expressly address specific risks that are prevalent as a result of the use of these tools, such as misuse of confidential information, is representing the views of the business, inappropriate non-business use, and disparaging remarks about the business, its employees, or harassment. Policies dealing with these matters should expressly refer to social media.
Whether part of the formal HR onboarding curriculum or through targeted training, it is a best practice to have regular and recurring training
events where employees are instructed on the finer details of your social media policy. Remember, as these communication tools continue to mature and evolve, your policies and training must continue to do likewise.
Download this handy Social Media Usage Guide to provide you with some great training material.
Monitor and Manage
Every organization should deploy the specific technologies that monitor posted content and protect against malware. It is important to approach the use of these tools with a mindset of being proactive rather than merely addressing problems after they occur.
- Scan for and block malware
You must block the threats that can enter your organization through social media, such as links in tweets or through the ads in Facebook. This is particularly important given the widespread use of shortened URLs that offer the user no visual cues about the veracity of the link, and the fact that many social media tools can display content provided by applications and individuals to whom users have not given permission to display posts.
One of the key problems from a security perspective, is that these tools are normally less well defended than more established tools like email. And given their increase in use, many IT departments are scrambling to keep up with the rapid growth of social media tools, which leaves organizations vulnerable to malware infiltration. These key points should be noted:
- Monitor all outbound content
Social media content should be monitored for information that violates corporate, regulatory, or legal policies. That means monitoring these types of data on every protocol that might be used. This could include scanning for potential data breaches, looking for content that is too sensitive or confidential to send through social media, or scanning for the existence of actual ethical wall violations.
Monitoring is particularly important in heavily regulated industries, such as financial services, that have specific requirements to evaluate communications with clients and others. Monitoring can also occur after the fact, by sampling employee posts to check for inappropriate content, or it can be conducted in real time or near-real time to monitor posts before they leave the organization.
- Deploy enterprise-grade tools
As noted before, a substantial proportion of organizations have been the victim of social media malware, and growth in this kind of malware will only increase. For this purpose, you should implement an enterprise-grade social media solution to replace consumer-grade tools that are currently in use. By using an enterprise-grade social media platform, you will help to alleviate many of these concerns, and can provide additional features and functions to your network security.
Learn how much time employees waste on social media each day. Click HERE!
Archive Your Social Media Content
It is essential for businesses to archive and log all of the content that might constitute a business record and and to archive those that should be retained for long periods of time. However, it is typically easier to archive or log all social media content than to take the risk that some important content might slip through and not be retained. This will depend to a large extent on management’s tolerance for risk, the industry in which an organization operates, the advice of legal counsel, and other similar factors. An important part of content logging is to ensure that the identities of the individuals who use social media tools are correctly ascertained and that content can be tied back to their corporate identity. Moreover, it is important to retain the context of social media posts instead of simply monitoring the individual posts.
One best practice is to integrate social media archiving with email and other content archiving. This ensures that legal holds, as well as searches for content during early case assessment and e-discovery, are more easily accomplished, are less time-consuming, and are less prone to missing important content than if standalone systems are used. Many of the current enterprise platforms can manage the archival requirements of your business. But when it comes to these types of communication tools, shifting those conversations from public open forums to an internal social intranet will also ensure that risky conversations take place behind the firewall rather than in the public eye..
Decision makers should also consider how data mining and analytics—essentially, the application of “Big Data” practices—can be applied to social media for the purpose of extracting intelligence from social media content. This is particularly important for organizations that seek to understand their customers and prospects more thoroughly.
Need more information on why you should be archiving social media? Download this PDF
Top 5 reasons to Archive Social Media
How Micro Focus Can Protect You
Clearly there are risks associated with allowing your employees to use social media in the workplace. Despite this fact, the benefits outweigh the risks. 92% of surveyed businesses find that these communication tools provide an advantage to their business. By creating a social media policy and by training your employees to follow that policy, you can help to reduce the risks. Behind the scenes, your company can integrate software solutions such as GWAVA Security Message Gateway and Retain Social. This provides greater security to your computer systems and offers a means to store employee social media activity, which ensures that the information is available, whenever a legal challenge occurs.
Micro Focus delivers best-of-class security software to protect your email systems — GWAVA Security Message Gateway — as well as to archive massive amounts of messaging data. Micro Focus solutions also include leading-edge social media and mobile message archiving. Organizations that demand secure and sophisticated messaging-protection solutions — organizations such as Harvard University, Dow Chemical, and the U.S. Department of Justice — rely on Micro Focus for their archiving and messaging needs.
Retain Social is Micro Focus’ solution that combines Retain archiving and ArchiveSocial capturing capabilities to securely archive social media communications. ArchiveSocial captures posts and messages in their native format, complete with metadata. The data is then sent to Retain, where it can be instantly retrieved and reviewed to help ensure compliance, to protect your organization’s reputation, to enforce company policies, and to reduce the liability that comes with the use of social media. Retain Social archives employees social media posts and messages for Facebook, Twitter, LinkedIn, Google+, Flickr, Pinterest, Vimeo, and Youtube. It also archives your employee web search activity on Google, Bing, Yahoo, YouTube, and Wikipedia. Furthermore, Retain Social implements ArchiveSocial’s Risk Management and Analytics package, which gives key insights and allows for real time monitoring of social media pages. The package helps organizations stop harmful posts before they are sent out using customizable keyword monitoring. It also gives insights into activity levels of accounts.
These features and more make Retain Social the best option in monitoring and archiving your company’s social media.
Retain Social Supported Platforms
What are you waiting for?
Remember, there are benefits and risks to the use of social media in your workplace. But if you employ the steps laid out in this post, your company can reduce potential problems.
So, GO! Get started! Set up a solid social media policy to protect your company and its employees. Train and empower your employees to safely use social media. Finally, install software solutions to monitor and filter your employee’s communications to filter inappropriate posts and prevent malware, then archive those message to protect your company.
If you have any additional questions please comment below or email us questions@GWAVA.com.
Reference:
1. Proskauer 2014 global survey, Social Media in the Workplace Around the World 3.0
2. Osterman Research Whitepaper – Published February 2014, “Best Practices for Social Media Management and Archiving”
Photo Credit: Embracing Social Media by U.S. Army RDECOM is licensed under CC BY 2.0 – Added additional social media icons to the original image
