Does your organisation use social media as part of its approach to communications (both internally and with external stakeholders)? This might include the use of LinkedIn, Twitter, Facebook or other webtools. If you do, then perhaps you might consider having in place a level of control to protect both your staff and your own reputation.
By using these tools, your staff expose themselves to risk. There are examples of employees in the workplace with a social media presence related to their work becoming targets for insults and threats, often from anonymous abusers.
If your organisation uses these tools it too can be subject to abuse – which may be someone submitting false derogatory reviews or even using it as a way to gather intelligence on your operations.
Examples:
- In 2014 two internet trolls were jailed for sending abusive messages to Caroline Criado-Perez, who led the successful campaign for a female figure to appear on Bank of England banknotes.”
- “Stella Creasy, a Labour MP, received similar threats, leading to a prosecution and a jail sentence for their author.”
- “A woman who tried to set fire to her former workplace after being fired has been told by a judge to get over it and get another job. The 43 year old employee bombarded the Coffee House in East Yorkshire, with repeated nuisance calls, glued the door locks, and on one occasion daubed the business’s windows with purple paint
- Whilst HMV was making 60 employees redundant; Community Manager, Poppy Rose, live tweeted the whole event to HMV’s 62k followers. Within one day, HMV’s Twitter following had risen to 73k followers – but for the wrong reasons!
So, what should employers be doing to help, and support individuals deal with trolling whilst also protecting the company reputation?
If your business expects employees to maintain an active presence on social media as part of their day-to-day work then you have a “duty of care” for any abuse they suffer just as you would have if they were verbally abused by any customer, client or employee of your company – that’s the law!
Companies who fail to protect their staff and who are knowingly putting them at risk of depression, anxiety or stress without adequate support can be found to be complicit. This is not negated should your employee(s) be forced to resign as a result of online trolls because their managers failed to support them.
One of the areas that companies fall down on via their Human Resource department is that there are often very strict protocols for dealing with employees who abuse social media but not for those employees who are abused by social media trolls.
Ask yourself:
- Do you have basic staff training that includes dealing with trolls when using social media in a profession capacity?
- Basic staff training to ensure that they know how to block unwanted contact?
- Basic staff training to ensure they know how to report incidents to you, their employer?
and
- Have a process in place on how to immediately take abusive comments down from the site
- Have a process in place on when and how to bring in the authorities for further action
- Have a process in place to support and reassure the employee who was ‘doing their job.
Now let’s turn it around. Can your employees using social media create a risk to your company reputation?
Do you have a policy for employees’ personal social media use – explained to all and inclusive of staff training (where appropriate). For example, do you stop them mentioning the business in their private social media presence?
Do you have a good policy on passwords and the use of social media? How easy is it now on social media sites to see photographs with children’s names, educational backgrounds giving specific information that could possibly be used for passwords, dates of birth etc. The list is endless, so think on …. Hackers are clever!
A good Social Media Policy should be about appropriate usage (not a total ban) which outlines company acceptable behaviour by your employees. You cannot discipline if your employees do not know worktime rules.
The questions for employers to ask prior to producing a social media policy are:
- How will it fit with your business?
- Do you want employees showing business information on social media?
- Do you require to limit employees use of social media?
- Should you have a dedicated and designated social media person?
- Do you clearly differentiate between ‘work’ use of social media and ‘personal’ use of social media?
Your policy should give guidelines on how to manage, for example, emails to and from friends and clients of employees re photos/jokes/videos (YouTube) etc. Without a thought through and explained policy employees will each have a different idea of what is or is not accept able social media practice.
So, remember when you are planning your information security protocols that it’s not just about how you store and keep safe your clients and customers data, nor how social media can expose your organisation to risk, it is importantly also about the safety of your employees and your company reputation when using any form of social media in a business capacity to enhance your business products and services and to allow your employees to also use personal social media – so ensure you also keep both your reputation and your employees safe.
There is an International Standard available – ISO 27001 –which has the framework necessary to ensure your Information security is robust, tested, audited, protects the data and social media sites for your employees, customers, clients, contractors and importantly, your own company reputation.
To learn more about this framework and the international standard, check out our ISO 27001 Foundation course which covers policies, awareness and mobile devices and social media safety referred to in this blog.
QCS International provide on call, practical consultancy and training courses on Information Security and outsource services to those clients who do not have a dedicated IS Department. For a chat, call David Evans on 01236 734447 or info@qcsl.co.uk