Security Awareness Blog

Using Facebook to Communicate Your Awareness Program

Facebook has been in the news a lot lately, primarily due to its security and privacy issues. As we have discussed previously, privacy in Facebook is quite complex (at least I get confused with the privacy options). As a result, what we often recommend organizations teach their employeess is, if they do not want their mom or their boss reading it, do not post it on Facebook. However, one thing I have not seen discussed is leveraging Facebook to help communicate your awareness program. A large percentage of your employees most likely use Facebook to communicate every day, why not use methods that are the most familiar with them? This is done by creating a Facebook Page. Facebook Pages are different then individual accounts, Pages are a way for organizations to communicate to the Facebook community. For example, the White House has their own Facebook Page. If your organization has a Page, or if your organization is considering using one, why not use the Page to communicate your awareness program to employees? Facebook already does this with their own security announcements at the Facebook Security Page (which I recommend you consider signing up for). If Pages are something you are considering, some points to keep in mind.



  • First, keep in mind that Pages are not a seperate account. To create a Page account you first have to have an individual account. Whichever individual creates the organization Page account has ultimate control of that account. Yes, you can create other admins to help administer the Page, but ultimately the person who created the Page account has ultimate control. This means that whomever creates the Page account must be a trusted person. For larger organizations you most likely should have a dedicated organization account just to create and manage your Page accounts. This admin account should be highly secured, controlled by the organization and perhaps even have a secured computer dedicated just for Facebook adminstration.

  • Remember, whatever you post on a Page is public information. So while you can communicate your awareness program to all your employees who connect to your Page, so to can the rest of the world. In addition your Page will most likely get indexed by multiple search engines. Long story short, only post information you don't mind the public knowing.

  • You most likely want to disable any Discussion or Forum functionality. You are using this as a tool to push out information. If you allow employees to provide feedback, you are allowing the entire world the same opportunity which may not be what you want.

Keep in mind, there is no way to make employees join your Facebook Page. Even if you do, employees can join the Page then hide anything that you post. Facebook is obviously not the ultimate solution to your awareness program, it is simply another tool to help communicate it. I'm curious, do you know of any organizations using a Facebook Page account to communicate their awareness program (besides Facebook itself, of course)?