Wales

Social Networking / Social Media

This page covers social networking – as in visiting and using the common social networking sites – and the use of social media as a business tool. Many of the risks associated with social networking / social media arise from having such a large and, in many cases, unknown group of people with whom you are interacting, and an effectively un-moderated forum.

The risks

  • Innocent disclosure of confidential information by yourself, colleagues, customers, friends or contacts.
  • Intentional disclosure of confidential information for a variety of motives including financial gain, fraud, compromised identity or reputational impact.
  • Being a victim of bullying, stalking, trolling or other forms of online abuse.
  • Being a perpetrator of bullying, stalking, trolling or other forms of online abuse.
  • Access to inappropriate content via links in posts or tweets.
  • Phishing emails allegedly from social networking sites, but actually encouraging you to visit fraudulent or inappropriate websites.
  • Colleagues, customers, suppliers, friends’ and other people’s posts or tweets encouraging you to link to fraudulent or inappropriate websites.
  • Fraudsters, identity thieves or hacktivists hacking into or hijacking your account or page.
  • Malware contained within message attachments or photographs.

Safe, sensible and responsible social networking / social media

Your organisation and its employees can avoid these risks and use social networking / social media safely by following a few sensible guidelines. Remember that following best practice guidelines for social networking / social media in the workplace are very similar to those in your private life.

  • Restrict access to company social media accounts to only those who need it and are trained to use them.
  • Set up and maintain an audit trail of who has access to what social media accounts, and immediately stop access to employees or contractors who leave the business.
  • If considering the use of apps to aggregate multiple Twitter, Facebook, LinkedIn and LinkedIn accounts, use only those that are relevant and needed, and restrict access as they are a popular target for hacking.
  • Be wary of publishing any identifying confidential information about your business, directors, employees or customers – either in your profile or in your posts / tweets.
  • Use strong passwords.
  • What goes online stays online. You and colleagues should consider carefully before publishing comments or pictures that might later cause difficulties, either to the business or third parties.
  • Monitor what other businesses and individuals post about you, or reply to your posts..
  • Learn how to use sites correctly. Use the privacy features to restrict others’ access to your profile. Be guarded about who you let join your network.
  • Ensure that you and colleagues are constantly on guard against phishing, vishing and other social engineering activity aimed at gleaning social media passwords.
  • Ensure you have effective and updated internet security software and firewall running before going online.
  • Be aware of the length of unproductive time that employees / colleagues spend on non-work related sites, to the extent of monitoring their online activity.

In partnership with

Jargon Buster

A Glossary of terms used in this article:

Profile

A list of personal details revealed by users of social networking, gaming, dating and other websites. Profiles may normally be configured to be public or private.

Phishing

An attempt at identity theft in which criminals lead users to a counterfeit website in the hope that they will disclose private information such as user names or passwords.

Malware

Software used or created by hackers to disrupt computer operation, gather sensitive information, or gain access to private computer systems. Short for ‘malicious software’.