Employee’s misuse of social media while at work has doubled in the last year!
70% of surveyed companies report having to discipline their workers for inappropriate social media postings.1 As discussed in the first post in this series Social Media in the Workplace: Benefits and Growth, the use of social media in workplaces around the world is beneficial and is growing. Unfortunately, along with the numerous benefits of these communication tools comes the many risks and pitfalls, such as inappropriate messages, exposure to malware, and legal ramifications, to name a few.
Inappropriate Social Media Messages
The content of employee’s social media posts should clearly be a concern for employers. There have been multiple mistakes that have garnered bad press for the companies involved:
- Did you hear about the US Airways tweet? Many news organizations have referred to it as one of the worst brand blunders in history.
- The racist Home Depot tweet. They blamed an agency that sent the post via their account.
- Kenneth Cole’s “Boots on the Ground” tweet, attempting to build off the Egyptian protests in Cairo.
- An employee at London’s Luton Airport posted a photo on Facebook of a plane that skidded off the end of a runway with the caption, ‘Because we are such a super airport….this is what we prevent you from when it snows……Weeeee :)’. Unfortunately, the photo was from an accident that killed a 6-year-old child.
The list goes on and on. Inappropriate messages can and will be posted on social media. 97% of businesses foresee the misuse of these tools in the workplace, and that percentage will remain the same or increase in the years to come. Only 3% think there will be a decrease.1 Faux pas are one thing, but there is other content in employee’s posts about which their employers are worried. 80% of employers have taken steps to protect themselves against the misuse of their company’s confidential information. 65% protect against workplace harassment, as well as statements disparaging to the company or other employees.1
So what can be done to reduce and/or prevent these social media mistakes from happening? The first step should be to implement a detailed and effective social media policy. 80% of businesses report having a social media policy in place. Only 52% of those have been updated in the last year.1 The majority of policies (58%) have just a general social media policy. Just 28% have a detailed and thorough policy. Our next blog post will go into further detail about how to create an outstanding social media policy for your company.
The Malware Risk of Social Media in the Workplace
Social Media hacking has become a serious issue. The level of implied trust that these tools carry with them provides a potential pitfall for organizations. Because “friends” or those following you are perceived by many to be implicitly trustworthy, cyber criminals who use social engineering techniques can more effectively exploit the gullibility and misplaced trust of many social media users, sometimes with quite serious consequences for those users and their employers’ networks. Nearly 25% of users are concerned or very concerned about the possibility of malware entering their network.1 Facebook is perceived as the greatest threat to corporate security from the perspective of potential malware infiltration. However, all of the major social media tools in use at the workplace are perceived to be fairly risky as an avenue for malware ingress. Research found that 21% of organizations have been infiltrated by malware via Facebook and 13% report that their organization has been infiltrated by malware via YouTube.2 So what can be done to reduce the risk of malware getting into your network? Training is the obvious answer. Instruct your workers on the guidelines laid out in your social media policy and teach them how to avoid common mistakes to help reduce malware intrusion in your computer systems. In addition to training, the integration of a security solution like GWAVA Secure Message Gateway can also help reduce the risk, because it filters and blocks known malware sites before they reach your network. Read more on this at the end of this post.
The Legal Obligations of Social Media in the Workplace
Aside from building an exemplary social media policy and providing employee training to reduce your risks, what are your responsibilities as an employer? You should strongly consider archiving your employees social media activity. Only a small proportion of organizations actively archive social media content, and a smaller proportion ask end users to archive relevant content in the data streams. However, the vast majority (80%) do nothing with regard to archiving this data.2This video shows an excellent example scenario your company may face or has already faced.
Organizations ignore archiving the data from this communication tool at their own own peril. The electronic content in a Facebook post or tweet, for example, is fundamentally no different than email or other electronic content from a legal or regulatory perspective. How will your company defend itself in a court case if you have no records to defend yourself? Recent court cases and government regulations emphasize the need for companies to archive this information:
- In Armstrong v. Shirvellx, the defendant requested “[a] complete copy of all communications between you and the following individuals… whether it be on Facebook, in a blog, via e-mail, text message, voicemail, letter, facsimile, or anywhere else…” Armstrong v. Shirvell, Case No. 2:11-CV-11921, United States District Court, E.D. Michigan, Southern Division2
- In Calvert v. Red Robin International, Inc.xi, the plaintiff ordered by the court to “bring all materials, electronic or otherwise, including e-mails, Facebook messages, and any other communications he has had with putative class members in this action”. Calvert v. Red Robin International, Inc., No. C 11-03026 WHA, United States District Court, N.D. California2
- FINRA Regulatory Notice 10-06 states that “Every firm that intends to communicate, or permit its associated persons to communicate, through social media sites must first ensure that it can retain records of those communications as required by Rules 17a-3 and 17a-4 under the Securities Exchange Act of 1934 and NASD Rule 3110h”2
- The Government of Queensland (Australia) has published its opinion that “Public authorities that embrace social media must manage the content created in accordance with the recordkeeping requirements of the Public Records Act 2002, Information Standard 40: Recordkeeping and Information Standard 31: Retention and Disposal of Public Records”2
For more information on the specific risks and regulations as they apply to your industry, download one of these PDFs:
- Top Social Media Risks and Regulations applying to Educational Organizations
- Top Social Media Risks and Regulations applying to Financial Organizations
- Top Social Media Risks and Regulations applying to Government Entities
- Top Social Media Risks and Regulations applying to Healthcare Organizations
- Top Social Media Risks and Regulations applying to Legal Organizations
Regardless of whether your company has a specific regulatory or other obligation to archive social media content, you should seriously consider doing so as a means of protecting your organization and managing the risk it faces from the growing use of official and unofficial social media.
Clearly there are risks associated with allowing your employees to use social media in the workplace. Despite this, the benefits most likely outweigh the risks. 92% of surveyed businesses find that these communication tools provide an advantage to their business. By creating a social media policy and by training your employees to follow that policy you can help to reduce the risks. Behind the scenes, your company can integrate software solutions such as GWAVA Secure Message Gateway and Retain Social. This provides greater security to your computer systems and offers a means to store employee social media activity, which ensures that the information is available, whenever a legal challenge occurs.
Micro Focus delivers best-of-class security software to protect your email systems—GWAVA Secure Message Gateway— as well as to archive massive amounts of messaging data. Micro Focus solutions also include leading-edge social media and mobile message archiving. Organizations that demand secure and sophisticated messaging-protection solutions— organizations such as Harvard University, Dow Chemical, and the U.S. Department of Justice—rely on Micro Focus for their archive and messaging needs.
Retain Social provides industry leading social media archiving through combining Retain’s archive and ArchiveSocial capturing capabilities. ArchiveSocial captures posts and messages in their native format, complete with metadata. The data is then sent to Retain, where it can be instantly retrieved and reviewed to help ensure compliance, to protect your organization’s reputation, to enforce company policies, and to reduce the liability that comes with the use of social media. Retain Social archives employees social media posts and messages for Facebook, Twitter, LinkedIn, Google+, Flickr, Pinterest, Vimeo, and Youtube. It also archives your employee web search activity on Google, Bing, Yahoo, YouTube, and Wikipedia. Furthermore, Retain Social implements ArchiveSocial’s Risk Management and Analytics package, which gives key insights and allows for real time monitoring of social media pages. The package helps organizations stop harmful posts before they are sent out using customizable keyword monitoring. It also gives insights into activity levels of accounts.
These features and more make Retain Social the best option in mitigating the risks involved with social media.