Editor's note: The following is a contributed piece by Steven Bearak, CEO of IdentityForce, an identity theft software protection provider.
Whether for business or personal use, your employees are actively engaging with social networks. Many organizations are encouraging their employees to serve as brand ambassadors, relying on them to help spread and increase engagement of company news. Even HR teams are relying on social networks, especially LinkedIn, for filling the talent pipeline.
There’s no denying the impact social media has on the workplace. According to the Pew Research Center, 77% of employees are engaging with social media at work, while 34% are using social platforms to take a mental break from work. This is followed by 27% who use it to connect with friends and family.
Many of the people entering the workforce today have grown up oversharing on social media. As we all know, millennials are now the largest population in the modern workforce — but all generations (including seven in 10 adults) remain active on these networks.
So, the question is: Should companies be concerned?
Social media risks
How many of your employees have a work phone or email address tied to their social profiles? It's likely more than you think, and with passwords being mined or keyloggers and programs that can infiltrate a device to show every move made by computer, hackers can crack your employees' devices and steal sensitive information. In fact, hacked passwords cause more than 80% of data breaches.
Every one of your employees' devices can connect to social media, making them susceptible to cyber threats. And, we can't forget about all the third-party applications that pull information from our social activity. On July 4, 2018, popular app Timehop was breached, exposing the names and email addresses of all 21 million users, including the phone numbers of 4.7 million users. Let's not forget the recent Facebook data breaches from earlier this year, too.
Obviously, users of Facebook and Timehop did not cause those breaches, but by sharing so much about ourselves it's important for everyone to be aware of how their personal information could be compromised. By clicking on suspicious links, downloading untrustworthy apps, and not utilizing privacy settings, these sites are able to collect enough personally identifiable information (PII) about us to build a complete profile. And, when the data falls into the wrong hands, it's easy for fraudsters to commit synthetic identity theft.
Identity theft is one of the most common consequences of data breaches, as 31.7% of breach victims experience ID theft. If one or more of your employees falls victim, here's what you can expect from them:
-
Six months of distractions from work to restore their good name;
-
Dozens to hundreds of hours of absenteeism;
-
Lost productivity due to emotional and financial stress; and
-
A loss in overall morale and loyalty.
Not to mention, the average data breach costs organizations $7.91 million in 2018.
Fifty-one percent of employers have formal social media policies in place. But is this enough to help reduce the risks facing employees and their organizations? Probably not.
Even with HR policies and information security measures in place, employees will find a way to interact on Twitter, Facebook, Instagram, and Snapchat. This is especially the case with widespread adoption of Bring Your Own Device (BYOD) and flexible, remote work options.
With risk comes opportunity
Banning social media usage in the workplace is a surefire way to bring down morale. But we've already been over the cost of doing nothing. It's not a matter of if, but when: your company will come under attack from cybercriminals — and social networks are just one avenue.
That is why it's so important for HR and information technology (IT) and information security teams to collaborate and help keep their employees' and business' information secure. In the IdentityForce 2017 State of Progressive Benefits Study, 65% of respondents agreed that protecting employees' PII was the responsibility of both HR and IT.
This isn't surprising — HR teams are seen as the policy implementers and change-makers within organizations, routinely handling and managing sensitive personnel files. IT or information security teams are viewed as the experts in security and protecting all company data. By working together, these teams can make a huge impact on employee behavior, while driving a culture of security.
One way is to implement ongoing training programs, including mandatory onboarding and annual reviews. This training should cover everything from data security best practices to your social media policy, and it should provide real-world examples, similar to what I discussed in this post. These examples should also make employees explicitly aware that the threats facing them extend well beyond the four walls of the workplace.
Regular internal communications about emerging threats and data breaches are another effective method. It could just be simple things, too, like the importance of changing passwords regularly, being aware of social media activity, or shredding sensitive documents. Keeping security top of mind will help to ensure that expectations are aligned.
Additionally, many companies are adding identity theft protection as an employee benefit. Not only do these services monitor personal information, but some offer social media monitoring as an added blanket of security. A 2018 study by Willis Towers Watson found that 36% of employers currently offer ID protection, with 63% expected to do so by 2021.
Security is everyone's responsibility
While HR and IT professionals are leaders in building a security-minded workplace culture, the obligation is on everyone. By being vigilant and following the steps above you can minimize the risks facing your company from social media while supporting a positive employee experience and culture.