If you’re reading this blog right now, it likely means that
you also engage in activities on social media sites such as Facebook, Pinterest,
Twitter, Google+ and many more. With the
many security breaches that have occurred over the past few years, most
recently at Target, consumers need to be careful of the information they are
sharing while engaging on social media sites.
Social media security centers around personal account
settings, amount of information shared, secure connection, and passwords that
keep your account secure and information safe. Social media policies are the guidelines
set by individual social networking sites as well as by employers,
universities, and the government for expectations of conduct and behavior. The policy allows each site to reserve the
right to edit information and terminate users who violate the policy.
Below are a few key ingredients that effective social media
policies should have according to Bahadur, Inasi, and de Carvalho (2012).
• Managing internal and external hosted applications, including
monitoring and reporting tools and techniques and testing and auditing
• Enterprise-wide coordination
• Codes of conduct and acceptable use
• Roles and responsibilities for the Community Manager
• Education and training
• Policy management, reporting, and monitoring
Social Media Security and Privacy Checklist:
- Passwords: Never use the same password for multiple social media sites. Keep your passwords complex by using a mixture of letters and numbers.
- Location: Never post specific status updates that tell people where you are or that you will be away from home for an extended period of time. This could expose you to burglary, identity theft, and other security concerns. This also goes for location based applications that use GPS to post your location.
- Policy: Read both your employer’s social media policy as well as each site’s policy for the social media sites you are utilizing. Social media site policies can change at any time so be sure to check back often and adjust privacy settings as appropriate.
- Be respectful: Do not post anything “defamatory, obscene, abusive, racist, bullying, or offensive” (Department of Defense, n.d.). Basically, do not post anything that you would not want to be made public. Erik Qualman put this perfectly in that “what happens in Vegas stays on YouTube” (Qualman, 2013, pg. 36).
- Opinions: Keep in mind that your opinions on social media do not reflect official viewpoints of your employer and thus, should not be stated as such.
- Images: Do not use any copyrighted images or company logos. “Employees do not have the right to use company logos and protected marks for commercial purposes” (Halpern, 2012).
- Profile: Do not include detailed contact information, mailing address, email address, phone number, or specific interests as these could be used to steal your identity. When choosing a profile picture, do not choose a close-up of your face as emerging facial recognition software makes it easy for identity theft (Department of Defense, n.d.). Lastly, restrict profile access to only your friends.
- Friends: Be selective with whom you accept as friends on social networking sites. Reject names you do not recognize as they could be fake accounts used to obtain personal information from you.
- Information: Never give out unsolicited personal information.
- Applications: Be selective in which applications you choose to engage with and do not allow them to access your location information.
- Update virus software and be careful when clicking on links as they can lead to viruses.
Social media security at the Department of Defense may be the
most important security there is, as misuse could jeopardize the security of our
country. Though many of us do not work
for the government, we still need to be just as vigilant with our own social
media activities as it could expose our employer, families, or ourselves
to harmful crime. The Department of Defense Social Networking training module (found here) really
opened my eyes to the serious threats that can come from social media misuse
when not careful.
Social media security is a serious topic but let's lighten up the mood a bit with this humorous yet informative cartoon.
Heed these warnings carefully and proceed with caution as
you engage on social media!
References:
Bahadur, G., Inasi, J., & de Carvalho, A. (2012). Excerpted
from Securing the Clicks: Network
Security in the Age of Social Media. McGraw-Hill. Retrieved February 24,
2014 from http://resources.infosecinstitute.com/social-media-security/.
Department of Defense. (n.d.). Social Networking V1.0. United States of America Department of
Defense. Retrieved February 24, 2014 from http://iase.disa.mil/eta/sns_v1/sn/launchPage.htm.
Halpern, S. & Gardner, C.H. (2012). When is Your
Company’s Social Media Policy an Unfair Labor Practice? Recent NLRB Decisions
Offer Long-Awaited Guidance for Employers. The
National Law Review. Retrieved February 24, 2014 from http://www.natlawreview.com/article/when-your-company-s-social-media-policy-unfair-labor-practice-recent-nlrb-decisions-.
Qualman, E. (2013). Socialnomics.
New Jersey: John Wiley & Sons, Inc.
Meagan,
ReplyDeleteThe Department of Defense illustrated quite well in their training module effective practices and guidance for misuse and exposer. They also provide terms of service agreements with particular social media platforms. In researching this more, I found myself trying to translate these to the nonprofit sector.
Most Internet-based Capability (IbC) providers require acceptance of Terms of Service (ToS) agreements before activating accounts, however, standard ToS are often inappropriate for acceptance for official use by Department of Defense (DoD) employees and other authorized users. (U.S. Department of Defense, n.d)
Terms of Service agreements are crucial to the use of these social media platforms. They directly effect a users perception, only if they take the time to read them. I do not know many organizations that post these terms of service agreements, but it seems like another level of security that we should consider. The template for establishing terms of service is another interesting resource that the Department of Defense provides. I am interested in bringing this to my own organization and learning how we can better handle this level of security and minimize our risk of exposure and misuse. The U.S. Department of Health and Human Services posts their terms of service agreements as well here: http://www.hhs.gov/web/socialmedia/policies/tos.html
I think tying in the tips you made about creating effective social media policies are extremely helpful. I believe these also help outline the terms of service agreements with social media platforms or businesses. Codes of conduct can never be transparent enough. It will only help shape the brand of the organization and increase the credibility and reliability of the organization.
Based on the training module we watched, do you have any suggestions on how to translate some of their key points to the industry that you work in? Do you think organizations should all adopt terms of services agreements to add to their security?
-Becky
Reference:
U.S. Department of Defense. (n.d). DoD social media hub: terms of service agreements. Retrieved February 26, 2014, from U.S. Department of Defense: http://www.defense.gov/socialmedia/terms-of-service.aspx/
Hi Becky,
DeleteMy company was subject to a huge security breach back in 2010 so security is of utmost importance to them now. We have multi-factor authentication when logging into our email deployment platform, have stricter network security when accessing remotely, receive emails almost on a weekly basis with new threats to watch out for, and go through security training every year. The training module really opened my eyes to the fact that even my personal social media activity could cause security risks to my company.
I absolutely agree that all organizations should adopt terms of service agreements to increase their security. I know ever year I go through trainings and need to acknowledge my acceptance of the Code of Ethics, Code of Conduct, etc. All of my clients need to sign Terms of Service agreements but I do not think I had to. Personally, I think that all of the agreements should be tied together and should be centrally located instead of having to read and acknowledge 3-4 separate agreements. Do you think they should all be combined into one policy document?
For my industry in digital direct marketing, Terms of Service and contracts are a part of the job since our clients are paying us to use our technology platform but how do you think it applies to the non-profit sector? Would yours be focused more around conduct and engagement with the foundation? Do you have any rules or guidelines around what can or cannot be mentioned about your company on social media sites? I know that you have a policy on Facebook but was wondering if you have any official overarching social media security policies.
Thanks for your comments!
Meagan
Meagan,
DeleteI think that each platform differs greatly and I do not mind having multiple terms of service agreements, but these should be place under and umbrella policy that covers their usage and terms appropriately. I don't think combining them into one policy alone will keep each platform satisfied from a business perspective.
Nonprofits have a it a differently based on usage. Our messaging varies and the usage for the NNPDF is based more on advocacy and awareness. Conduct is our biggest challenge, we need to make sure that we are respectful of the sensitivity of the information we provide. We also need to drive our engagements back to a valuable website. Conducting ourselves in a matter of poise and credibility among our families, researchers and doctors. Our community is small and sensitivity is key in all of our functions. We have Facebook guidelines, but are in process of writing policy for Twitter and an overall social media policy.
Sometimes our size hinders these process from moving. It is my hope to keep us moving forward and take each step at a time.
For digital direct marketing, do you know of any nonprofit agencies that look for your guidance? Or other companies that specialize in nonprofit digital marketing. We currently have explored a few, but I was wondering what resources you might have.
-Becky
Hi Becky,
DeleteI'm not sure of any specific nonprofit agencies that we work with but my client is a large bank and although quite the opposite from a nonprofit, they are very risk averse and concerned about privacy due to the sensitive financial information they retain. We have a strategy and legal group that work closely with each other to recommend strategies that are in line with the bank's policy and legal restrictions.
One law that we have to comply with is CAN-SPAM in that we cannot send any emails on behalf of our clients to customers that have unsubscribed from communications. All of our emails need to have an unsubscribe link and terms explaining the process. Even though some clients try to push the limits on that law, they look to us for the ultimate decision and guidance and trust that we will not send anything that will put them in a legal situation.
When working with external agencies, it is their responsibility to be the subject matter experts and provide accurate and useful guidance to their clients. Do you work with any external agencies? What are those relationships like? Do they need to sign non disclosure agreements or go through any specific training in order to engage with NNPDF?
Meagan,
DeleteWe don't partner with many outside agencies that regulate this type of communications for us at the foundation. We work with a lawyer who is a part of practice that helps us with many different aspects our small foundation has to deal with. Yes, anyone who works in the central office, board member, or outside consultant has to sign non disclosures and confidentiality agreements.
But I have to tell you that at the educational institution I work, we are dealing with the same emailing protocol. We have a line to opt out and our alumni are opting out thinking that they are just opting out of the occasional email, but in reality they are opting out of all our email communications.
This is posing a huge problem, because now they are not receiving important information and the process to re-instate them through our server is complicated and not fast enough for our communications purposes. its a very frustrating protocol, but I understand the purpose behind it. I only wish it could become more efficient.
-Becky
Hi Becky,
DeleteMy client runs into the same issue where customers think they are opting out of a checking account offer but don't realize that they have now opted out of all bank communications (except servicing ones). What we have been recommending to them is a preference center where they can select which communications they want to receive. That way, they can still remain in contact with the bank but can limit the amount and types of communications they receive. I'm not sure if you have this capability or if your data will support it but it is definitely something worth looking into so you don't lose those valuable email addresses.
Meagan,
DeleteI'm pretty sure with the current constituency software we use, we do not have the capabilities for each user to decide which communications they would like to receive. With that being said, it will not hurt for us to look into new software that would carry this capability.
We also run into a problem that if their email bounces from our server a certain number of times it will immediately put them on the same do not email list. We must then go through the same process I described above. This is definitely not ideal software, and it is my hope I can be a part of the research team that is currently looking into our software and database upgrades.
Do you have any recommendations?
-Becky
Kait - thanks for this great overview of tips for social media safety. The Department of Defense makes some great points about how abandoning social media policy can not only impact you, but the safety of the company you work for.
ReplyDeletePerhaps the biggest intelligence leak in our lifetime is the NSA privacy breach with Edward Snowden. Snowden leaked numerous top-secret documents to the public because he didn’t want to “allow the US government to destroy privacy, internet freedom and basic liberties for people around the world with this massive surveillance machine they're secretly building" (Greenwald, MacAskill & Poitras, 2013).
What do you think this has taught our global community about the importance of information security? How do you think the internet and social impacted this story?
Kristen
References:
Greenwald, MacAskill & Poitras (2013, June 9). Edward Snowden: The Whistleblower Behind the NSA Surveillance Revelations. The Guardian. Retrieved February 26, 2014 from http://www.theguardian.com/world/2013/jun/09/edward-snowden-nsa-whistleblower-surveillance
U.S. Department of Defense. (n.d). DoD social media hub: terms of service agreements. Retrieved February 26, 2014, from U.S. Department of Defense: http://www.defense.gov/socialmedia/terms-of-service.aspx/
Hi Kristen,
DeleteDid you mean to respond on Kait's blog? I appreciate your comments but don't want you to get penalized for replying outside of Group A.
I'll reply anyway! Your example with Snowden is a great one. I found an interesting article that acknowledges the need for change after the Snowden incident but states that they do not expect it to come anytime soon. John Sano, a retired CIA official said, "Will this make any significant changes? I doubt it. Dianne Feinstein has legitimate outrage over this but saying we need to change the rules and actually creating a mechanism that will effectively change the rules and allow Congress to monitor it is a completely different story” (Curry, 2013).
It seem like Snowden’s leak was out of spike, however I do believe it is important for the government to monitor social media activities in order to prevent national security incidents. I would rather a little bit of “big brother” in order to prevent a potential threat, though I know other people feel differently. I’m sure social media played into this as people take to social media to complain, brag, and rant. It’s even been used to catch criminals who go on social media to brag after a crime; therefore I think it needs to continue to be used in order to protect national security.
Thanks!
Meagan
References:
Curry, Colleen. (2012). NSA Spying Will Continue Despite Snowden's Leaks, Experts Say. ABCNews.com. Retrieved February 26, 2014 from http://abcnews.go.com/US/edward-snowdens-leaks-lead-change-intelligence-experts/story?id=20713875.
Great point, Meagan. Thanks for the heads up to Kristen, who is in Group A. I'll try to contact her with encouragement to follow Group A members -- but you still get credit for attracting a follower!
DeleteMark
Hi Meagan,
ReplyDeleteI totally agree with you about understanding the importance of security at work - protecting the information of the company, your employees, your consumers, and yourself - but like you, hadn't always considered the importance of my social media safety. We sign up for so many sites and services and never think twice what information we are sharing and what privacy we are giving up.
Having gone through a data breach at your company, has your company stressed the message to clients about the ToS, and ensure they understand any risk? Is it something you find yourself paying more attention to, when it comes to any site requiring your credit or personal information?
Great post!
Sabrina
Hi Sabrina,
DeleteWe are absolutely stressing the importance of security as we are in contract negotiations with our clients. It is important for them to understand the measures that we are taking to protect their data, however, that it may require more effort from their end to maintain that security.
When shopping online, I find myself checking to make sure the webpage contains the secure payment verification signature at the bottom as well as the URL containing https instead of http. Https denotes a secure network so I feel better about entering credit card information on those pages. I also find myself using PayPal as that is a more secure form of payment and they required me to go through many verification steps when setting up an account.
Has the industry you work in been affected by the recent data breaches such as Target? What measures are you taking to protect your own data?
Thanks for your comment!
Meagan
Hi Meagan,
DeleteGreat questions. I would hope that all the recent data breaches have given everyone a heightened sense of protection and care over their privacy. I've asked a few friends this week about the steps they take in securing themselves on social media, and while some are very diligent about checking security settings, marking their profiles or photos as private, and practicing smart password safety, others assume if you are active on social media, online shopping, or any other activities that require personal data, you are assuming personal responsibility and the possible potential for information to be hacked. I myself have taken steps to actively update all privacy settings and passwords, and checking monthly statements and credit reports regularly. How have your activities changed in light of this week's lesson and the recent data breaches?
Meagan,
ReplyDeleteYou did a really good job of defining what social media is and what security issues people could face right from the beginning. I also liked the list of social media policies you put right under the definition. It would be great if all social media companies were able to offer privacy settings that were easy to use and advertised how to better use them. This would make people much more aware of not only what privacy settings we available, but also how to best use them to improve their online experience.
I agree with your checklist of social media privacy and security ideas. The part about passwords is interested because most people do not change their password often enough and many people use the same password for all of their accounts. I also liked that you touched on employers when talking about posting opinions on social media. Employers and social media can be a bad mixture because there are so many things that can go wrong. You do not want to represent your company poorly by posting something bad and you also have to be careful about posting information that is classified. One thing I learned from this is that people can find out information about you in a huge number of ways. The part about this that concerned me is that you do not even have to be the source of the information. Friends or family could post something about you that people could use. After learning all of this new information about privacy and security is there anything in particular that you found surprising in terms of how people can get information about you?
Great Post!
Hi Ian,
DeleteGreat question. As you also mentioned, I’ve never really considered the impact of a friend tagging me in a Facebook status on their page. I may have extremely strict privacy settings, however, their friends and possibly even the public, depending on their settings, may be able to see my whereabouts.
Another situation it made me consider is the all too familiar possibility of your cell phone getting stolen. Your phone is a goldmine if stolen, with social media sites, bank sites, private notes, email, and more. I’ve learned that it is extremely important to password lock your phone in case it is stolen or even if it happens to end up in the hands of the wrong person.
Thanks for your comments!
Meagan,
ReplyDeleteLove your post. The video is an easy depiction of what to do and what not to do online. I am very cautious when it comes to saying where I am on social media. I do say that I am "with" people in statuses however and I wonder if they have their location settings active, can someone find me through the person I say I am with based on where they are?
I guess that can relate back to choosing your friends wisely.
Education and training is a huge element to implementing social media policy. My experience with social media and the companies that I have worked for included some informational videos and brochures. Do you think companies should offer hands on assistance when using social media?
Hi Courtney,
DeleteI think that the Department of Defense Social Media training in our readings this week contained the perfect amount of detail and warnings for social media use. Per the National Labor Relations Board restrictions, companies need to be careful about how and what they restrict, thus, they should keep it more high level and stress the risks to personal and company security when using social media. I thought the interactive nature of the training module where I had to select icons and choose the correct solution to the situation really enhanced my learning of the social media policies.
Thanks for your comments!
Meagan,
ReplyDeleteNice post this week!
This piece stuck out to me the most: Managing internal and external hosted applications, including monitoring and reporting tools and techniques and testing and auditing.
Since I manage an internal social networking platform for my organization, any way in which to eliminate manual efforts we try to do. Not that technology cannot make errors, but human error certainly carries a greater risk. We have installed a flagging system which helps us to monitor to content, especially since one person cannot consistently or effectively monitor posts 24/7. This system intelligently marks designated words, phrases, links, etc. that are deemed inappropriate and immediately flags them for removal.
This article from Forbes discusses the Department of Homeland Security and their list of 'keywords' that are used to help monitor security through social networks: http://www.forbes.com/sites/reuvencohen/2012/05/26/department-of-homeland-security-forced-to-release-list-of-keywords-used-to-monitor-social-networking-sites/
What do you think of the list? Do you believe that this is an effective means of management for business organizations, or even personal accounts?
Sabrina,
ReplyDeleteGreat post! You know I did not consider the selection of "friends" as part of security plan. I realize that who has access to your profile can determine how others may have acess tp an organizations profile information. You made a good point about the use of passwords as well. A security breach of information whether public or private can be catastrophic. Having access to an organizations public profile would allow anyone the ability to alter or change info. This could be a potentially dangerous situation for the public image of the company.
ReplyDeleteDid you know that businesses all around the world are hiring people just like you to help manage their social media accounts such as Facebook, Twitter, and YouTube?
There is a lot of money in it, and the best part is that you don’t need any qualifications, prior experience or specialized skills. All you need is a few spare hours per week, a computer with an internet connection and a good knowledge of how to use Facebook, Twitter or YouTube.
https://clicktrix.com?david6854