Information Security Brief - May 2022

Social Responsibility

10 Dos and Don'ts When it Comes to Employees and Social Media

Social media is no longer just social — it’s business. LinkedIn, Instagram, and Facebook have become a vital part of the marketing strategy for most businesses as they offer a quick and effective way to reach potential customers with targeted messaging and showcase values, community involvement, etc.

But your institution’s official social media accounts aren’t the only representatives of its brand online. Thanks to the smartphones in our pockets, social sites have become a constant part of our daily lives. And the same global platform that empowers an institution to put out its professional message also provides a means of self-expression and exposure to employees.

Even if they aren’t posting to these social media sites during work hours, employees are likely active online outside the business day, and what they react to, share, and say from their accounts can reflect on the business they work within. And in some instances, the information employees broadcast over social media might even unintentionally expose an institution to compliance risk or compromise operations and security.

That’s why it’s imperative for employees of banks, credit unions, and other financial institutions to be mindful of best practices for social media in both personal and professional settings. Below are some dos and don’ts:

DON'T:

• Publish confidentially or copy-written material.
• Invite confrontation online — if you wouldn’t bring it up in a business setting, you should probably avoid mentioning it on social media.
• Reference customers/members, partners, or vendors without their approval.
• List your work email or phone number on personal profiles/accounts.
• Disclose confidential or personal information, either that of clients or of yourselves. Even broadcasting vacation plans or checking in at certain locations could leave your company vulnerable to nosey and opportunistic bad actors.

DO:

• Distinguish your opinions from those of your institution — you may mention your institution name in your profile, but make sure to clarify that your views are your own and not necessarily shared by your employer or coworkers.
• Assume that everything you post on social media is public and permanent, there to be seen by anyone at any time.
• Familiarize yourself with the privacy options and policies of each individual platform you use.
• Log out of each account promptly.
• Whenever offered, engage in multi-factor authentication (MFA) to ensure security when logging in.

Social media can be a powerful — and fun — tool. And it’s certainly not going anywhere anytime soon. With that in mind, remember to encourage colleagues to use platforms responsibly.