— July 24, 2019
There are many digital threat avenues for bad-actors to infiltrate a corporation and social media has become a favorite. Even though there are technology solutions that help corporations with these risks, it still takes constant oversight, monitoring, and forward-thinking. One area that is often overlooked is employee social media training specifically around the topic of risk to the corporation. This falls into the category of corporate social media security and risk management.
Creating a strong training program to educate employees on the risks and pathways that hackers and phishers use is critical. Delivering the requirements employees must follow to assist with corporate social media security should be mandatory. There are six key requirements that should be part of your social media security training program.
3 Employee Types for Social Media Security Training
The first step in creating the training program is to define the corporate social media requirements and risks. The second step is to determine which employees need to be trained and if the training requirements differ. For example, you most likely have these three categories of employees:
1. General Employees. They will need the corporate social media policy and any associated tips to keep their personal accounts safe. If your policy allows them to reference the company (e.g. “Proud Employee of Brandle”) then some risk training will be helpful.
2. Employee Brand Ambassadors. These people are generally trained and certified to speak on behalf of the company on their personal accounts. These people present a higher risk to the corporation as they are likely connected to more corporate accounts. Although they do not have access to the corporate accounts, phishers and hackers often approach them as entries to the corporation. More risk requirements should apply to these employees.
3. Social Media Employees that have access to the social accounts. These employees need to follow the most strict requirements.
6 Employee Training Requirements for Social Media Security
Each company has different challenges and different risks associated with the business and these differences would most likely carry through to the social media program. For example, if you are in a regulated industry, you will have regulation requirements around social media. These differences may help you fine-tune the requirements you impose on employees using social media. Finalizing your list of requirements for each employee type will be different for each company. However, there are six key items that should be included in all training programs for the employees included in #2 and #3 above.
- Don’t click on ads
- Don’t share passwords
- Don’t engage with suspicious posts
- Don’t accept friend requests from accounts/people you don’t know or you haven’t vetted. Pay very close attention if the CEO, President or VPs are attempting to connect with you. (This allows access to business people from fake sites),
- Don’t use social media on public WiFi systems,
- Do change passwords often and use a password locker for global team access.
Finally, the best security practice you can have is the ongoing and diligent training of employees as employees come and go, and programs and networks change!
This article originally appeared on the Brandle Blog and has been republished with permission.