Experts agree: the greatest cybersecurity risk modern businesses currently face comes from people—not from a lack of firewalls or security policies. In one survey, 77% of respondents indicated that despite training and corporate policy, mistakes by employees remain the most likely source of a cybersecurity attack. This risk is especially apparent on social media, where brand reputation and personal relationships play a strong role in the level of trust users place in shared content.
Not all forms of engagement are equal
Inherently, social media is about engagement, and liking, sharing, and commenting are typically among the primary features offered by social networks. Actions like these are baked into the very fabric of the networks themselves through features designed to drive users to engage with media through notification, suggestion, and promotion of various kinds.
With a push towards engagement comes an inherent level of trust that content posted by colleagues or other trusted organizations and communities is truthful and safe to view or engage. For years now we’ve educated employees about the dangers of scams, phishing attempts, and malicious content delivered via email (e.g., “Don’t click that link!”), but when it comes to social media, organizations struggle to effectively deliver the same message.
For instance, your employees may assume at times that they are engaging with customers in need of assistance or prospects requesting information when in reality, bad actors often use fake accounts to target your staff on platforms like Twitter, LinkedIn, and Facebook. Without proper training and tooling to secure social media accounts and identify these risks, users often fall prey to a host of issues that threaten not only themselves but their employers as well.
Whether via account takeover attempts, personal and corporate data leaks, cybercrime, or malware delivery, social-media risks pose a material threat to organizations, and your employees need help recognizing the warning signs and understanding how to protect themselves online.
Your (un)intentional brand ambassador
Although social media engagement is an explicit aspect of some employees’ job responsibilities, most organizations will find that—whether intentional or not—a larger swath of employees represents their brands online. With no more than a quick Google or LinkedIn search, employees can be traced back to your organization, and employees’ shared content and personal views have the potential to reflect poorly on your brand when in conflict with your organization’s core values and principles.
In recent years, you may have even noticed an increase in proclamations and account descriptions containing phrases like “views are my own” or “retweets are not endorsements.” While such statements may seem like a solution to the issue of separating corporate and personal personas, public perception will inevitably continue to associate your employees and their (potentially controversial) viewpoints with your brand. This is especially true for high-level executives; and, while we may like to think that corporate executives have the ability to understand that personal expression and corporate attribution are easily entangled, history has repeatedly proven otherwise. Regardless, employees of all types should be cognizant of the impression they make on social media and its influence on corporate perception.
Beyond employee-driven risks lie additional dangers. Bad actors often target employees on social media as a first attempt to access your organization at large. Imposters have disguised themselves as customers, executives, prospects, and colleagues to encourage employees to click malicious links and share confidential information. This can be detrimental to your overarching brand, particularly if it leads to a breach or account takeover. In the past, we’ve seen this result in the termination of business contracts, levying of fines, and other immeasurable impacts to trust, opportunities, and revenue.
How to protect your employees without sacrificing their privacy
A simple mistake on social media can leave a lasting impression, however, when it comes to protecting employees, employers often cite privacy concerns. Trading privacy for security is a classic tussle and undesirable compromise, and it’s relatively safe to assume that most employees are uncomfortable with the notion that their employer may be monitoring their personal social-media activity. This “Big Brother” concern often leads to inaction on the part of an employer, leaving an unnecessary level of risk on the books.
To combat this issue, ZeroFox has created a solution that empowers employees to take social media protection into their own hands without compromising privacy. Employees can control what they post and configure protection without employer intervention, leaving employers confident that their staff is safe from social-media threats—and leaving employees free to post, comment, and engage without fear of cyber threats or account takeover.
Put your employees in the driver’s seat
As participants in social media, your employees’ actions online shape and contribute to the perception and messaging of your brands and organization. Despite the blurring of lines that exist between professional and personal accountability, you have the ability to empower your staff to make smart decisions on social media and help protect all parties involved.
Introducing ZeroFox Employee Protection
ZeroFox has produced numerous resources, including online training and documentation, to help organizations increase awareness and reduce risk. The ZeroFox Employee Protection program includes best practice videos around topics such as two-factor authentication, identifying malicious posts, recognizing when credentials have been leaked, and taking appropriate actions with social media risks. These videos—coupled with tailored alerts—will help keep your employees safe and in control of their own social media accounts. Click here to view a video sneak peek of what’s included in ZeroFox Employee Protection.