Legal Blog

Social Media Policy and Cybersecurity

Social Media PolicyThe overlap between a company’s social media policy and the security of its business and information systems may not seem readily apparent. But, the overlap is real. A bad social media policy, or none at all, can cost your company money.

Why? Social media, in addition to being a great mover of opinion and creator of ideas, also can be a valuable source of sensitive business information, which bad actors can and will exploit. Cyber spies troll social media sites for information ranging from salaries, to profit margins, to contract performance issues, and everything in between. Bloomberg, for example, has reported about how an HP executive inadvertently told competitors on a social media site “previously undisclosed details of Hewlett-Packard’s cloud-computing services. The information was later removed, though not before rivals got a look at the plans.”

Virtually everyone involved in social media recognizes how Linked In – a great way to network – also reveals your company employees’ names. With a few tweaks by a cyber spy, your company may be leaking information whenever it hires or fires an executive. And, Twitter – a great way to get news out quickly – sometimes leaks bad news too quickly. There also have been reports of attempts to use information from the sites in order to gain access to private business networks, and other attempts to weaponize social media sites using malware and similar invasive programs. A good social media policy – one that is both well conceived and fairly enforced — will sensitize your personnel and help them understand what they can say and how best to say it.

Social Media Policy and Cybersecurity

Here are some basic principals every business should incorporate into its social media policy and enforcement program:

  1. Explain to employees that they are responsible if they post company confidential information.
  2. Describe how employees should assure that they don’t friend someone who is not a friend and turns out to be a competitor or criminal.
  3. Tell employees what they need to do to help safeguard information – from screen locks to periodic password changes.
  4. Check employees’ privacy settings on social media sites accessed from the workplace, and educate employees about these settings.
  5. Make sure all employees know about any attack on the company’s information resources via the social media, so that personnel know what to watch for next time it occurs (because there will be a next time).
  6. Don’t assume that your employees read your policies; instead, conduct periodic training sessions.

We would be happy to review your company social media policy, or help you prepare a policy if you don’t have one.

Social Media PolicyIf you have any questions regarding Social Media Policy and Cybersecurity, contact Offit Kurman’s government contracting attorney Edward Tolchin at 240-507-1769 or etolchin@offitkurman.com. Mr. Tolchin’s practice is focused on government contracting, cybersecurity, business litigation, and technology matters.

To learn more about Offit Kurman’s Government Contracting and Cybersecurity Practice Groups, please fill out our contact form to access the sound legal guidance that our experienced business law team of attorneys has to offer. You can also connect with Offit Kurman via FacebookTwitterGoogle+YouTube, and LinkedIn.