Risk vs. reward: Safely weaving social media into the workplace
Your employees are already spending time on social media. Take the time to help them stay secure and rally them behind your company’s brand.
Nearly 69 percent of Americans have at least one social profile – and for employee benefit professionals, this avenue for broader employee communication has not gone unnoticed. Today’s HR teams often use corporate social media pages as a means to help communicate company and employee benefit updates and to advertise their company’s mission, vision and values.
However, with the majority of the workforce “social engaged,” it also hasn’t gone unnoticed by the executive suite that your employees’ social profiles may contain your company’s name and therefore there’s a public association between the individual and the organization. One negative post, picture, or Tweet could negatively impact a company’s brand reputation.
Related: The two-sided coin of social media in the workplace
An employee who spends too much time on social networks also compromises their own productivity and perhaps that of those around them.
Despite these risks, you’d be hard-pressed to find an organization that doesn’t encourage their employees to remain actively engaged to boost corporate posts, grow their professional networks and sell products or services through paid advertising. More than half (52 percent) of businesses report that social media has positively influenced revenue and sales. Additionally, HR and benefits professionals often use social media to publicly recognize their employees, promote the company’s culture and special employee-centric events and even attract new talent.
Most employers and managers have accepted the fact that employees will be checking their social networks. As a result, they have either their security or marketing teams actively tracking their brand. Although social media usage has become an inherent part of the employee experience, more than half of U.S. employers have formal policies in place to further protect against any public misuse. However, these policies do little to protect against cyberthreats.
Is social media a cyber weapon?
The risk of allowing employees to access their social media at work extends beyond the four walls of the workplace. You can’t regulate who people follow, what third-party apps they download, or the links they click on in their timelines. And, employees can access their social networks across any one of their personal or company-provided devices anywhere, anytime.
For example, something as innocent as accepting a LinkedIn contact request can lead to a security vulnerability. People are likely to have their guard down when browsing social media, and more prone to click on links in messages they receive. In 2017, video streaming service, Vevo, experienced a massive data breach after one of its employees clicked a malicious link in a LinkedIn phishing message.
Social media data breaches are certainly becoming more prevalent. On July 4, 2018, popular app Timehop was breached, exposing the names and email addresses of all 21 million users, including the phone numbers of 4.7 million users. Earlier this year, Facebook acknowledged that “malicious actors” took advantage of search tools to collect information on most of its 2 billion users. In May, Twitter announced a bug that allowed users’ passwords to be stored unmasked.
How many of your employees use the same password for their work and social media accounts? Probably more than you think.
When an organization is breached, the cost runs deeper than financial expenses, which can run in the millions of dollars. The information exposed will likely be sold on the Dark Web and used to commit identity theft. Approximately one-third (31.7 percent) of data breach victims experience ID theft.
If you or your employees have their Personally Identifiable Information (PII) stolen, it has a real impact on business operations. This highly personal violation takes an average of six months and dozens to hundreds of hours of work to repair. That’s time spent out of the office making phone calls and filling out tedious paperwork. Not to mention the emotional and financial stress, which causes a lapse in productivity and morale that can be contagious.
Reaping the rewards of social media
We’ve been over how ingrained social media has become in our day-to-day lives, but how can employers reap the rewards of having a socially-active workforce without compromising security?
It starts with Human Resources, Information Technology (IT) and InfoSec teams.
The alignment of these teams is critical to keeping employees’ information secure. In the IdentityForce 2017 State of Progressive Benefits Study, 65 percent of respondents agreed that protecting employees’ PII was the responsibility of both HR and IT. This goes well beyond rolling out a social media policy.
A holistic approach to security should include regular trainings, communicating new threats and scams to employees, and even rolling out benefits that monitor social media and PII to help to keep peoples’ personal information safe. By working together, HR and IT can create a culture shift within their organization so that security is top of mind – on social media and in daily business dealings.
Employees should be encouraged to be active on social media in the right way. This not only helps to build trust between employers and their workforce, it can be a real competitive advantage. Content shared by employees gets eight times more engagement than what’s shared through company pages, and is reshared twenty five times more frequently. Think about what this means when a new benefit is rolled out on the company’s Facebook or Twitter page.
Your employees are already spending time on social media. Take the time to help them stay secure and rally them behind your company’s brand awareness and communication efforts. When done properly, you can turn your workforce into an army of brand advocates who will ultimately help to underscore your company’s value to key audiences.
Steven Bearak is the CEO of IdentityForce, Inc., a top-rated Identity-theft protection company commercialized from over four decades of experience around personal identity and security services and products. As part of its specialized solutions, IdentityForce works alongside HR and Total Rewards teams, along with benefit brokers and advisors, to provide identity theft protection as a part of their benefit wheelhouse.