As a small business owner, you’ve done your due diligence regarding cybersecurity at your organization. You’ve updated your devices and ensured employees are trained on phishing attacks. Your data is backed up, you and your employees use strong passwords, and you have a plan for a ransomware attack. You’ve even purchased Cyber Liability insurance just in case your business needs it. But have you considered your employees’ social media use? It can be easy to overlook social media, as this is typically something employees use in their personal time, but even one employee oversharing information on social media can cause a cybersecurity risk for an organization.
Social media risks
How can employees’ social media use impact a business? Any information that hackers can find can help them target an organization. So, if employees don’t have strong privacy settings, they can inadvertently reveal information about the company to everyone on the internet if they post about their job. On photo sharing sites, an employee could share a selfie with a computer screen in the background, exposing confidential information about a customer. Hackers can use information from employees to send them targeted phishing attempts, making it more likely that the employee will fall for the phishing attempt.
Cybersecurity tips
What can an employer do about the risks posed by their employees’ social media use? While employers can’t dictate what employees do during their personal time, employers can create policies that prohibit employees from posting photos of their workspace or computers. It’s also helpful to provide employees with training on the privacy settings on different social media platforms and encourage them to utilize the strongest privacy settings instead of posting things publicly. Finally, providing ongoing training and reminders about phishing attempts can help employees protect themselves even if they’re targeted specifically.
Additional cybersecurity resources
Keeping devices safe with software updates
Defending your business against ransomware attacks
Crisis communication after a security breach