Security Policy and Social Media Use for Organization - Research Paper Example

Security Policy and Social Media use for Organization. Introduction It is undoubtedly evident that in the past one decade, companies and organizations have resorted to use social media to advertise their products and services as well as obtain information. Today, many companies, small and large, are strategically collaborating with social media to enhance their businesses (Efraim, Narasimha and Ting-Peng 203). Focusing on the urge to obtain information, organizations and companies may opt to collaborate with social networks in order to obtain vital information regarding their products and services from the public. In most occasions, people using social media tend to give their view concerning issues affecting their lives and this includes their views on various products and services offered by different organizations. Criticism and appraisals are mainly conveyed by persons using social media (Efraim, Narasimha and Ting-Peng 206). It is also evident that organizations use social media to advertise their products and services. Since social media acts as a platform through which people share and express ideas with their friends, once organizations advertise through such sites, users of the site socially spread information about the company to friends in a rapid manner (Efraim, Narasimha and Ting-Peng 206). However, as organizations are benefiting from collaboration with social media in carrying out their businesses, it is apparent that risks emerge, and which poses a great threat to businesses collapse. The fact that social media carries more information of all kinds minute after minute; there is a high likelihood of potential serious consequences that could emanate from vital and confidential information being unleashed to public. Studies have documented that nearly a quarter of employees use social media while at work. This has an implication that there is a high risk of vital information being leaked though networking sites (Daft and Marcic 175). Nevertheless, various policies can be used to mitigate these security risks. The following sections articulate on the possible policies. Mitigation measure/policies Creation of social media policies Organization need to create social media policies, including those that relate to privacy issues (Daft and Marcic 178). For example, financial institutions should raise privacy awareness among the employees as one of the communication strategies in implementing such policies. It is the mandate of a company to review its customer verification practices and continue to raise employee and customer awareness about the risks and consequences of disclosing sensitive information to a third party. Such awareness includes raising general awareness of best practices for privacy protection on social media and provision of guidance on how to use privacy controls on social media. When posting in any social media, employees and customers need to think before doing so. One should be concerned about the authenticity of information posting, whether that information is appropriate and reasonable, whether it is the personal opinion, whether to make it public, and if it is confidential (Efraim, Narasimha and Ting-Peng 215). This is crucial because the perception of information received by people in the social media varies from one person to another. Some information may be wrongly interpreted and may end up compromising data security and tarnishing corporate brand. In this regard, organizations ought to not only enumerate a comprehensive list of dos and don’ts, but also offer employees ethical guidelines and encourage responsible use of social media (Daft and Marcic 178). Employees thus need to be enlightened on the fact that their behavior can not only reflect their positive and negative aspects but also the brand they represent. Since internet usage lacks control of contents posted especially on social media, organizations advertising through these sites should develop a risk strategy (Lovett 319). This should involve performance of a risk assessment, whereby identification of legal, compliance, reputation and operational risks associated with advert materials on products and services posted on social media should be done. It is also advisable to review the content of information being posted on social media. This should be done to appropriately modify the content to ensure that organizations post only relevant information (Efraim, Narasimha and Ting-Peng 215). Organizations should also have a close monitoring of their advertisements posted on social media. This will enable them respond to any suspected risk swiftly before the situation worsens. When communicating or responding to messages through social media, organizations should ensure that they only respond to specific individuals and webpage to which they are attached in organizations official page. It is also worth noting that any formal business transaction should be conducted through work-related email and other official forms of communication like fax and post office addresses (Lovett 320). Desktop security When people have access to other people’s computer, they can steal confidential information and spread it via social network. In this regard, it is advisable to have desktop security, which contains password that locks computers when the user is not around. Mostly, password-protected screensaver is set to lock the computer after a given time. This ensures that even at times when the user forgets to lock the desktop, the screensaver comes after a short time and locks the desktop. Password security A minimum but strong password should be set by organizations (Efraim, Narasimha and Ting-Peng 215). Sensitive software and documents need to be secured by creating password especially in areas they are located in the computer. Organizations should also discourage password sharing or disclosing them to other people. This way, strangers can not be able to access such information without the consent of the user. Attackers can launch attacks against company’s information resources. Therefore, it is vital for organizations to educate their employees on the importance of the use authentication controls on organization’s information resources (Lovett 318). If attackers can gain access to such information, they can distribute it to various locations using social media. In other accounts, employees need to be advised on situations that risk information leaking to attackers through the internet especially through social media (Lovett 319). For example phishing is used by attackers by a way of sending messages and links to potential victims. Once one opens or clicks on such links, the attackers can easily obtain certain information from the IP address of the computer. Information retention management It is apparent that attackers target certain organization’s information for malicious use. In this regard, it is necessary for organizations to manage their data responsibly (Efraim, Narasimha and Ting-Peng 215). Sensitive information that is not required to be used by employees need to be retained by management. However, there should also be control of the information flowing to employees. There should be a back up of all organization’s information, which should be saved for archival and recovery purposes (Lovett 317). Therefore, it is necessary for organizations to educate their employees on the kind of information to post in the social media. This education may come in terms of training that could help employees make appropriate decisions when using social media and related policies. Organizations should also frequently assess their current record retention capabilities in order to effectively prepare for emergencies emanating from social media use. Improvement of employee relations Many organizations have policies restricting what employees can post on a social media site. However, it is argued that organizations that have poor employee relations falls a victim of negative publicity by their employees through postings done on various social media sites (Daft and Marcic 179). An example of such incidences is when an employee may post a question requiring his or her fellow employees to respond to it. This instigates negative comments concerning the boss. Since these employees have other friends sharing information and postings at different locations, that organization’s name may end up being tarnished. Therefore, it is crucial that employers establish and maintain good relations with employees to avoid such incidences. Use of human resource information systems (HRIS) HRIS can help reduce risks associated with usage of social media by organizations. HRIS involves the use of software to help cumulate employee’s data (Pattanayak 46). Information such as employee performance and duties assigned to them are also cumulated, and which, could help organizations identify appropriate training programs for their employees (Pattanayak 46). Through the use of HRIS, organizations should ensure that they have a record of employees responsible for handling social media communication at a given time. With this in place, employees are aware that they are held accountable for all transactions involving organizations business page on social media for that particular time. They would be precautious not to irresponsibly transmit irrelevant and sensitive information to other persons on the social media. In fact, in case of any risks deriving from a certain employee irresponsibly transmitting information that tarnishes organization’s brand, HRIS would help identify employee who was responsible for such transactions. Moreover, HRIS helps organizations identify weak areas of different employees and this can help identify appropriate training programs for employees (Pattanayak 46) handling social media transactions on behalf of the organization. It is argued that HRIS helps organizations in identifying appropriate recruitment and selection practices. In this regard, in case of any internal vacant position related to personnel to manage social media transactions, HRIS can help identify employees with precise qualifications for that particular post. Conclusion Today, many companies, small and large, are strategically collaborating with social media to enhance their businesses. However, different risks emanates from usage of social media by organization. To mitigate these risks, organizations should create social media policies. It is the mandate of a company to review its customer verification practices and continue to raise employee and customer awareness about the risks and consequences of disclosing sensitive information to a third party. Organizations advertising through these sites should develop a risk strategy. Organizations should also use desktop security and password security. This helps organizations avoid instances of attackers accessing sensitive information from organizations computers. Information retention should also be practiced by organizations. It is necessary for organizations to manage their data responsibly. Sensitive information that is not required to be used by employees need to be retained by the management and there should be a back-up of all organization’s information. It is also vital that organizations improve employee relations to avoid instances of employees posting negative aspects of their bosses and organization as a whole. HRIS can also help organizations deal with issues related to social media risks. Works cited: Efraim, Turban; Narasimha, Bolloju and Ting-Peng, Liang. Enterprise social networking: opportunities, adoption, and risk mitigation. Journal of Organizational Computing and Electronic Commerce, 21: 202–220, 2011. Daft, Richard and Marcic, Dorothy. Understanding management. Mason, Ohio: South-Western, 2012. Print. Lovett, John. Social media metrics secrets: do what you never thought possible with social media metrics. Indianapolis, Ind.: Wiley Pub., 2011. Print. Pattanayak, Biswajeet. Human resource management. New Delhi: Prentice-Hall of India, 2005. Print. Read More