With 53 million active users in the UK alone, one thing all businesses need to be aware of is the potential security risk posed by social media.
While platforms such as Facebook may have privacy settings that allow users to control who sees posts and personal information, it’s easy to overlook them and sites like Twitter are entirely public. Add to that the many high-profile incidents of hackings and data loss suffered by such platforms and it’s always safest to assume that any information shared on these platforms could end up in the wrong hands.
Most of us know it’s a bad idea to advertise when we’re going to be on holiday and a property will be empty. Or to share photos of documents, such as passports or identity cards, which could be replicated and used for identity theft.
But oversharing on social media isn’t just an issue in our personal lives, it can also pose a problem in our working lives too.
There are many ways that the use of social media by employees may pose a risk to a company, its reputation and security. One issue is that information about the company may be revealed that can be exploited by would-be criminals.
It’s easily done. An individual may:
While IT teams will be hard at work trying to stop cyberattacks and other online threats, these more subtle actions present their own concerns for physical security too.
Imagine for a second you’re a business owner and decide to proudly share a photo of the keys to your new larger premises on social media, along with details of the investment you have made in some expensive new equipment.
Did you know, a replica key can be made using nothing more than a photo? And it will be a two second Google search to find your address. There’s suddenly a very tempting proposition there for someone up to no good.
But social media can also be useful for security teams and crime prevention too.
I recently came across some fascinating articles from the US exploring the potential for social media to not only support policing but also to act as a tool for security teams, in the fight against crime in the workplace.
One way the police use social media is to predict and prevent crime. For example, monitoring Facebook, Twitter and other social media sites to assess threats and find security risks. They may also use predictive analytics to spot patterns and data connections.
It does, however, remain quite a controversial area, particularly in relation to issues of privacy.
In the same way, it’s been suggested that professional security teams could do a similar thing, by monitoring employee social media accounts.
Such as to:
There are a number of apps available that offer social media monitoring but it is a complex area, so some thought needs to be given to its implementation.
In relation to the General Data Protection Regulations, the monitoring of employees – including their emails, phone calls and social media - must be assessed and shown to be necessary, justified and proportionate.
I believe the first step to take is education. Businesses need to make sure they are regularly educating employees on the potential risks posed by social media, including explaining how and why certain information should never be shared. This needs to be backed up by a solid social media usage policy for employees, which is read, understood and updated regularly.
Physical security teams should also be working closely with IT teams to address these issues and take any necessary action to reduce the risk social media might pose.
By Paul Howe, MD, Venture Security