Not a Member? Get access to HR news and resources that you can trust.
Here is how HR can help prevent the missteps that could cost your company big in court.
Is your employee handbook ready for the changing world of work? With SHRM’s Employee Handbook Builder get peace of mind that your handbook is up-to-date.
60+ new SHRM Seminar dates in 10 U.S. cities and virtually.
Expand your influence and learn how to become an effective leader -- Join us in Phoenix, AZ, October 2-4, 2017.
When it comes to social media risk management, organizations are only as strong as their weakest link.
Chances are that nearly all of your employees are on social media in some capacity.
A recent Radicati Group survey states the average person worldwide has three different social media accounts. Now consider that each account is a target for cyber adversaries: Attackers are increasingly targeting vulnerable employee, partner, vendor, customer and investor profiles—leveraging phishing, malware and social engineering to slip through traditional security defenses. In fact, four in 10 people surveyed for a Norton Cybercrime Report have fallen victim to social media cybercrime. So send your chief information security officer (CISO) an e-mail and set up a meeting to talk about social media.
*Define social media policies and train employees.
The first line of defense against any social-borne cyberattack is an organization’s people. Establish training programs, create reporting avenues and publish collateral to keep employees informed on the latest threats. Safe online behavior is the key to thwarting cyberattacks. Social media cyberattacks take advantage of the trusting atmosphere created by social networks, where users are likely to let their guard down. Behavior policies alone will not solve the problem of social-borne cyberattacks, but they will create a culture of awareness.
Organizations must establish how social media is used internally. While sales and marketing may rely on social media to hit their numbers, HR likely uses it for recruiting and promoting company culture. Ensure these goals not only align with your CISO’s goals, but that the departments communicate about how social media is being used within the organization. Keep in mind that because human resource professionals are tasked with interacting with outside individuals, they are ripe targets. Hackers can strike in the form of impersonator applicants and recruiters, distributing phishing links and malware.
Once policies have been put in place, human resources and IT security should conduct employee training on both appropriate and safe social media usage. Employees should be aware of what social engineering campaigns, phishing and malware look like, when to disclose information, how to safely connect with co-workers and executives, how to identify impersonator accounts, and how to report potentially malicious activity.
*Inventory and monitor social media, prioritize threats and remediate attacks.
In an ideal world, the measures listed above would be sufficient to combat social media threats. However, sooner or later your organization will likely be the target of a cyberattack that gets through the first line of defense. Information security must consistently monitor the full social landscape, prioritize incoming threats, and combat and remediate in the event of an attack. This is no small task, but one that could save an organization millions of dollars and thousands of hours, and protect a company’s brand.
HR can support IT security by having a strong social media risk management policy and providing effective training. Although a CISO’s technology solution should be automated and scalable, the fewer potential breaches he or she needs to handle, the better. With a robust security solution, clear social media policies, and an informed and alert workforce, an organization is not only protected from attacks but can leverage social media for productive business goals. To do this, ensure that the social media dialogue is occurring throughout your organization.
*HR directors should have the CISO on speed dial.
If there’s one main takeaway, it’s that your CISO must be involved with social media. Collaboration is key to leveraging social media to its fullest potential. Next time you review your social media policy, be sure to include your CISO.
It might be the single most important thing you do.
Evan Blair is chief operating officer of
ZeroFOX,asocial media risk management company.
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Your session has expired. Please log in again before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Choose from dozens of free webcasts on the most timely HR topics.
SHRM’s HR Vendor Directory contains over 3,200 companies