April is Stress Awareness Month. Let SHRM make your work life easier: Join Now
Shawn Premer shows how doing the right thing for employees leads to positive business results.
Is your employee handbook keeping up with the changing world of work? With SHRM's Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Build competencies, establish credibility and advance your career—while earning PDCs—at SHRM Seminars in 12 cities across the U.S. this spring.
#SHRM18 will expand your perspective – on your organization, on your career, and on the way you approach HR. Join us in Chicago June 17-20, 2018
Members may download one copy of our sample forms and templates for your personal use within your organization. Please note that all such forms and policies should be reviewed by your legal counsel for compliance with applicable law, and should be modified to suit your organization’s culture, industry, and practices. Neither members nor non-members may reproduce such samples in any other way (e.g., to republish in a book or use for a commercial purpose) without SHRM’s permission. To request permission for specific items, click on the “reuse permissions” button on the page where you find the item.
When it comes to social media risk management, organizations are only as strong as their weakest link.
Chances are that nearly all of your employees are on social media in some capacity.
A recent Radicati Group survey states the average person worldwide has three different social media accounts. Now consider that each account is a target for cyber adversaries: Attackers are increasingly targeting vulnerable employee, partner, vendor, customer and investor profiles—leveraging phishing, malware and social engineering to slip through traditional security defenses. In fact, four in 10 people surveyed for a Norton Cybercrime Report have fallen victim to social media cybercrime. So send your chief information security officer (CISO) an e-mail and set up a meeting to talk about social media.
*Define social media policies and train employees.
The first line of defense against any social-borne cyberattack is an organization’s people. Establish training programs, create reporting avenues and publish collateral to keep employees informed on the latest threats. Safe online behavior is the key to thwarting cyberattacks. Social media cyberattacks take advantage of the trusting atmosphere created by social networks, where users are likely to let their guard down. Behavior policies alone will not solve the problem of social-borne cyberattacks, but they will create a culture of awareness.
Organizations must establish how social media is used internally. While sales and marketing may rely on social media to hit their numbers, HR likely uses it for recruiting and promoting company culture. Ensure these goals not only align with your CISO’s goals, but that the departments communicate about how social media is being used within the organization. Keep in mind that because human resource professionals are tasked with interacting with outside individuals, they are ripe targets. Hackers can strike in the form of impersonator applicants and recruiters, distributing phishing links and malware.
Once policies have been put in place, human resources and IT security should conduct employee training on both appropriate and safe social media usage. Employees should be aware of what social engineering campaigns, phishing and malware look like, when to disclose information, how to safely connect with co-workers and executives, how to identify impersonator accounts, and how to report potentially malicious activity.
*Inventory and monitor social media, prioritize threats and remediate attacks.
In an ideal world, the measures listed above would be sufficient to combat social media threats. However, sooner or later your organization will likely be the target of a cyberattack that gets through the first line of defense. Information security must consistently monitor the full social landscape, prioritize incoming threats, and combat and remediate in the event of an attack. This is no small task, but one that could save an organization millions of dollars and thousands of hours, and protect a company’s brand.
HR can support IT security by having a strong social media risk management policy and providing effective training. Although a CISO’s technology solution should be automated and scalable, the fewer potential breaches he or she needs to handle, the better. With a robust security solution, clear social media policies, and an informed and alert workforce, an organization is not only protected from attacks but can leverage social media for productive business goals. To do this, ensure that the social media dialogue is occurring throughout your organization.
*HR directors should have the CISO on speed dial.
If there’s one main takeaway, it’s that your CISO must be involved with social media. Collaboration is key to leveraging social media to its fullest potential. Next time you review your social media policy, be sure to include your CISO.
It might be the single most important thing you do.
Evan Blair is chief operating officer of
ZeroFOX,asocial media risk management company.
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Please sign in as a SHRM member before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Become a SHRM Member
SHRM’s HR Vendor Directory contains over 3,200 companies