Security Awareness Blog

Guest Blog - A Social Media Acceptable Use Policy?

Editor's Note: Today's guest blog post is from Dave Piscitello who provides security and ICT coordination for security and policy activities at ICANN.

Your organization uses social media to communicate messages about its programs, promote brand or products, and to build communities. Facebook, Twitter, LinkedIn, Google+, blogs, public wikis and other Internet discussion forums are unquestionably valuable conduits to information. For the most part, these social media are positive forces for your organization.

Your employees most likely use a variety of social media as well. Increasingly, though, employee social media accounts are serving blended purposes, where, employees friend, follow or share circles with family, friends, colleagues, and business relations. Some of your employees may have social media relationships with members of your Board of Directors, your executives, and your competitors.

For all their positive benefits, social media can be disruptive or harmful to your organization or your employees. A tolerated comment at a family dinner may be a conduct that constitutes harassment when followers or friends include co-workers. A post of political cartoon may offend a client or member of your Board of Directors. Recent events have heightened awareness of the need to manage or protect our individual privacy and personal information. This awareness campaign is only half-right: we also need to protect our organizations' sensitive information or reputation.

Teen and recent graduate social media propriety is a popular and heated topic. It is no less important for you and your employees to temper our enthusiasm to adopt social media opportunities. Consider identifying acceptable use parameters that accommodate personal and business engagement. Managing social media accounts that claim or appear to represent an organization is a big, fat chore:

Take Inventory. Take a census of social media accounts. Identify who uses these, contact the individuals or departments, consolidate and verify Twitter, Facebook, Google+ and other social media accounts these under a single social media administrator.

Prune. Identify dormant, extraneous, lampoon or malicious accounts. Tweets or posts from these accounts influence public perception of your organization. Consult with your executive team and general counsel to determine how you will manage or dispose of these.

Define an "Add Account" Policy. Explain to employees that unmanaged social media accounts can expose their organization to unintended or unauthorized publication of sensitive information. Managing accounts provides your organization with a means to publish correct, accurate, and defensible. Identify an approval process employees can follow to create additional accounts when these are needed.

Identify what constitutes appropriate use for employees who are responsible for social media accounts. Consult with your human resources to ensure that your engagement policy addresses respect for cultural diversity and is consistent with your codes of conduct and applicable nondiscrimination and anti-harassment policies.

Manage innovation. No organization can practically keep pace with innovation in social media or Internet-based collaboration opportunities. Consider applying a similar policy to adopting new social media as your IT department may adopt for adding new business-critical applications. Allow time to assess the quality, features, security of the social medium, and the integrity and business model of the operator. Asses risk and determine appropriate use.

Address blended purpose accounts in your AUP. Encourage employees to include in their profiles a statement that makes clear they are not representing opinions of your organization when they post to their individual social media account. Explain the importance of discriminating personal from business circles and friends. Encourage employees to review who's following them. Consider developing a social media awareness program that will aid employees in posting when their audiences are blended.

By acknowledging both managed and blended purpose accounts in your AUPs, you can effectively manage your organization's social media accounts and help your employees use blended purpose accounts responsibly.

BIO: Dave Piscitello has been involved with Internet technologies (broadband access, routing, network management, and security) for over 35 years. He left private sector consulting and his company, Core Competence, to provide security and ICT coordination for security and policy activities at ICANN. He works with security communities to mitigate malicious use of the DNS and domain registration systems and publishes a popular blog, Security Skeptic.

1 Comments

Posted June 2, 2014 at 6:15 PM | Permalink | Reply

Andrew

Developing an acceptable use policy for your employee's social media usage may not seem like a requirement, but if you're concerned about your company and brand image, you should definitely consider coming up with an AUP for your employee's social media use in order to help make things run smoothly for your business and its image.