Social Media Security Best Practices For Businesses


Photo via Timm Suess

Social media has been a great thing for businesses of all shapes and sizes. In addition to allowing companies to connect with their customers in a direct and inexpensive way, it also helps drive traffic to company’s websites and online storefronts. However, for businesses that are not careful, social media can do as much harm as it does good.

There are two main issues associated with social media. One comes from employees installing apps and clicking on links that lead to sites with malware and viruses. The second comes from the damage that employees can do posting on social media sites, even on their own personal accounts. To prevent these issues from becoming a reality, companies need to be proactive about educating employees and setting up social media guidelines.

Even with the best anti-virus software and firewalls, it’s nearly impossible to keep malicious software out if someone within a network downloads it. Without meaning to, that is what a lot of employees have ended up doing. Since very few companies operate without some sort of social media presence, not only are employees allowed to be on sites like Facebook and Twitter, for some, it is their job.

Click here for a great primer on Social Media Security from Mozilla.

However, studies are showing that these are some of the least secure websites on the Internet. For example, along with a variety of celebrities, even Facebook has had their Twitter account hacked. There are a variety of reasons that social networking sites are more vulnerable than others to attack, but the main one is that these sites are hosted on cloud servers, which do not have the same security levels as dedicated servers.

Even if a company’s or employee’s account is not hacked, clicking on links that lead to sites with malware embedded into them can still lead to problems. Additionally, people do not scrutinize the apps they install as well as they should. Google recently removed 60 apps from its Android Market because they contained malicious software.

The other issue that companies run into regarding social media sites is the damage that employees can do when discussing company business. Most people list their employers on their social media profiles. This means that if employees make statements on their profile pages, they are likely to be considered representative of the company, whether they are or not. Additionally, as many people have found out the hard way, not listing an employer does not keep them safe. Simply doing a name and location search will often provide information about where someone works via a company website or LinkedIn.

The good news is, despite all the possible ways that social media can damage a company’s network or its reputation, avoiding these situations is simple. Businesses need to keep employees in the loop regarding what is and is not acceptable behavior. Additionally, it is important that employees understand why a policy is in place. People may continue to use social media sites in irresponsible ways if they think a rule is arbitrary. However, when exposed to the possible damage that could be inflicted on a company through their actions, most employees will adjust their behavior accordingly.

This means that employees need to understand social media passwords, even personal ones, need to be changed on a fairly regular basis; security experts recommend every three to six months. Additionally, passwords should be alphanumeric and longer than eight characters. Just having a secure password can go a long way to prevent an account from being hacked.

Additionally, employees are going to accidentally download the wrong software or click on the wrong link. Human error cannot be avoided. This means that companies need to ensure that they have the most up to date security software and that scans are done regularly on all devices on a network to prevent infection from spreading.

Further, employees need to understand that even on their personal social media profiles, they should not discuss anything related to the business. Not only is the Internet far more public than people think, deleting a status update does no good since Google archives everything.

Companies that are proactive rather than reactive will find themselves far better able to prevent and deal with issues that arise from social media sites.