According to our
online poll, 34 percent of our readers are most worried about employees as a source of breaches, while a close 27 percent are most concerned about mistakes. News reports indicate that these top concerns are justified, especially when viewed in the context of employee use of social media at work—both onsite and offsite. As more companies and governments jump on the Web 2.0 bandwagon, many officials are finding that they need to be more vigilant in carefully managing online exposure of corporate and personal information.
This summer, a
Michigan mayor 
posted a link to his city's check registry on his
Twitter account, revealing the personal information of 65 city workers including at least 6 social security numbers. Last month,
Bloomberg reported that identity thieves can guess social security numbers using information found in public sources and on sites like Facebook.
Following are a few observations and “best practices” for protecting important company information (and employee data):
1. Social media is a public forum and what you post stays around a long time and is easily searchable.
This sounds like common sense, but there are countless examples of users posting information on social media sites that they would not dream of broadcasting to the world. Major search engines like
Google and Microsoft’s
Bing are making it easier than ever to search social media properties, especially sites like Twitter and
LinkedIn.
2. Make it clear to employees that your existing corporate communications policy (and other company policies) extends to the Web and all social media.
Many companies and governments are developing social media policies in an attempt to provide guidance to employees and ensure that they are complying with relevant legal requirements. A good way to address the challenges of new technologies is to apply your broader corporate policies to the Web and social media activities. When employees have questions that are not covered by existing policy, make a central point of contact available to provide guidance.
3. Be upfront with employees that they have no right to privacy with respect to social media regardless of location.
Employers and governments may reserve the right to monitor employee use of social media and more and more employers are doing just that. Whether employees are using actual company property (work computer, networks, etc.) during company time or using their home computer during personal time, there is always a risk of leaking corporate data or personnel information. If this is not already apparent, refer back to #1.
While it is important to have sound corporate policies in place, companies should be ready to respond to social media leaks and online data breaches, and more needs to be done to give employees the
resources they need to minimize the growing risks that come from Web 2.0.
Home 
Wiki