Social media platforms such as Twitter, Facebook and LinkedIn increasingly are being used by enterprises to engage with customers, build their brands and communicate information to the rest of the world.
But social media for enterprises isn't all about "liking," "friending," "upvoting" or "digging." For organisations, there are real risks to using social media, ranging from damaging the brand to exposing proprietary information to inviting lawsuits.
Here are five of the biggest social media security threats:
5. Mobile apps
The rise of social media is inextricably linked with the revolution in mobile computing, which has spawned a huge industry in mobile application development. Naturally, whether using their own or company-issued mobile devices, employees typically download dozens of apps because, well, because they can.
But sometimes they download more than they bargained for. In early March, Google removed from its Android Market more than 60 applications carrying malicious software. Some of the malware was designed to reveal the user's private information to a third party, replicate itself on other devices, destroy user data or even impersonate the device owner.
And all because this new game is supposed to be even better than Angry Birds!
4. Social engineering
A favourite of smooth talking scammers everywhere, social engineering has been around since before computer networks. But the rise of the Internet made it easier for grifters and flim flam artists to find potential victims who may have a soft spot in their hearts for Nigerian royalty.
Social media has taken this threat to a new level for two reasons:
- People are more willing than ever to share personal information about themselves online via Facebook, Twitter, Foursquare and Myspace, and
- social media platforms encourage a dangerous level of assumed trust.
From there it's a short step to telling your new friend about your company's secret project. Which your new friend really might be able to help with if you would only give him a password to gain access to a protected file on your corporate network. Just this once.
3. Social networking sites
Sometimes hackers go right to the source, injecting malicious code into a social networking site, including inside advertisements and via third party apps.
On Twitter, shortened URLs (popular due to the 140 character tweet limit) can be used to trick users into visiting malicious sites that can extract personal (and corporate) information if accessed through a work computer. Twitter is especially vulnerable to this method because it's easy to retweet a post so that it eventually could be seen by hundreds of thousands of people.
2. Your employees
You knew this was coming, but even the most responsible employees have lapses in judgment, make mistakes or behave emotionally. Nobody's perfect all of the time.
But dealing with an indiscreet comment in the office is one thing. If the comment is made on a work-related social media account, then it's out there, and it can't be retrieved. Just ask Ketchum PR Vice President James Andrews, who two years ago fired off an infamous tweet trashing the city of Memphis, hometown of a little Ketchum client called FedEx, the day before he was to make a presentation to more than 150 FedEx employees (on digital media, no less!).
The tweet was discovered by Fedex employees, who emailed angry missives to Ketchum headquarters protesting the slight and wondering why FedEx was spending money on a snooty New York PR firm while employees were dealing with a 5% salary cut during a severe recession. Andrews had to make a very public and humiliating apology.
Remember, this wasn't some low level employee not tuned into the corporate mission. This was a high level communications executive who damaged his company's brand and endangered an account. Imagine what a disgruntled low level employee without as much invested in his job might be able to do with social media tools and a chip on his shoulder.
1. Lack of a social media policy
This one's totally on you. Without a social media policy for your enterprise, you are inviting disaster. You can't just turn employees loose on social networking platforms and urge them to "represent." You need to spell out the goals and parameters of your enterprise's social media initiative. Otherwise you'll get exactly what you're inviting - chaos and problems.
Who is allowed to use social media on behalf of the organisation and what they're allowed to say are the two most obvious questions that must be addressed in a social media policy. You need to make all this clear or employees will make decisions on their own, on the fly. Does that sound like a good thing?
Two more imperatives related to social media policy:
- Organisations must conduct proper training for employees, if only to clear up issues regarding official social media policies, and
- A social media initiative needs a coordinator and champion. And that means a social media manager.