Is Employee Social Media Use Linked to Cybersecurity Threats?
Tweeting, Instagramming, and even using TikTok throughout the workday has become common (and even encouraged) practice. But do these seemingly innocuous social media habits create potentially dangerous cybersecurity risks?
According to Code42, a risk management platform, organizations face an average of 13 data exposures and risks per employee per day. Of the actual breaches recorded, a third are caused by employees. And many of these accidents are directly related to the use of social media.
“When we think of data breaches, we always think of very big sensational targeted attacks, right? Like millions of credit card numbers that are processed,” says Michelle Killian, Chief Information Security Officer at Code42. “But you have an employee who’s like, ‘It’s just [a picture] from my screen,” when it might actually be information about someone’s insurance claim or a code for a new product release. They don’t think it’s enough to take one sometimes.”
Read more: 40% of employees are frustrated with too many connections in the workplace – and it creates cyber risk
Social media data breaches accounted for 56% of the total data breaches in the first half of 2018, according to ITWeb, an enterprise technology media company. As social media platforms continue to evolve and the line between work and home is blurred, the number of potential violations is expected to grow. BeReal, a social media app launched in 2020 that has grown in popularity throughout the pandemic, is a prime example of this easy-to-ignore risk, according to Killian.
BeReal prompts users to snap a photo of what’s in front of them at a particular but random time of day, while simultaneously capturing a selfie. It’s meant to document an authentic experience and reaction, but in a work-from-home world, many of these images feature employee laptops and work gear.
“Posting these normal, everyday things leaves bread crumbs that create the ability to tell a bigger story, and that story could be something that ties into your work,” Killian says. “Think of mergers and acquisitions, something that is very sensitive in nature. Just having screenshot snippets over a series of days or weeks could tell a very important story.”
But the days when employers were universally strict about their employees’ internet presence are over. Instead, some industries have social media like key ingredient for success, whether through recruitment, marketing or public awareness. But in a world where data breaches can jeopardize up to 20% of a company’s annual revenue, according to Code42, it’s imperative that employees understand best practices on social media platforms, as much than they do when using any other work tool.
Read more: Lack of employee training is the cause of 80% of corporate data breaches
“COVID has shown in recent years that the space between personal and professional is an intertwined dish – it’s all a blur,” says Killian. “People are going to be on social media at the same time they’re working on a job offer. We have to accept that one. But now that we’ve accepted that, we have to get really good at it. educate.”
Killian suggests that organizations create a culture communication and visibility, rather than restricting employees’ use of social media. If and when an issue or concern arises, let them know in real time. For example, if an employee uploads a file to Facebook from their work computer, report it and be sure to explain to the employee why it was dangerous.
“There’s an education that’s really about compliance and really doesn’t make sense [to employees]”, said Killian. “Instead, it’s really about creating a good common sense of security in your users. Whether I have a user uploading a ticket to ZenDesk or trying to capture screenshots, or posting their latest BeReal, [give them a foundation to know] how to do it the right way and maintain their safety and security. »