Your employees are using social media. Are they a security threat?

Whether or not they're using company computers may be irrelevant.

You've heard cybersecurity experts, corporate investigators and HR managers say it a million times: The biggest threat to corporate security are employees who haven't been properly trained and/or don't understand the risks. And that's true.

However, while many companies focus on the obvious types of corporate crime - data theft, fraud, embezzlement, etc. - they don't always realize that their employees can be divulging information more or less 'innocently' via social media.

We were reminded about this when we saw this infographic recently - and happened to listen to this Reply All podcast about how easy it is for even the most savvy internet users to get phished, and for that phishing to extend into their workplace (it's worth a listen, if only as a cautionary tale).

It isn't necessarily a cybersecurity issue

Now, we're not cybersecurity providers or experts, but we do undertake corporate investigations, and we know that stuff can happen on social media that's less about 'cybersecurity' (i.e. a bad actor getting into your server and stealing your data) and more about basic competitive privacy.

For example: Your senior team is in a Zoom meeting with a potential new client that's supposed to be top-secret because the client is working with a competitor and doesn't want them to know they're in the market for a new supplier. You've included a couple of junior team members, who happen to have side hustles as 'influencers' on Instagram and TikTok. After the meeting, one of them posts a story on their Instagram teasing a fantastic new assignment they're about to have, and the other one posts a TikTok about how to present yourself at work in order to get included in high-level meetings.

They haven't said anything specific, but as it turns out, one of the employees at your competitor's company sees their stuff, recognizes a face or a background in the images and videos - and suddenly they're alerted to a possible problem. They call the client, the client is annoyed that your firm can't seem to keep a secret, and suddenly the whole deal is off the table.

If you're not a big social media user yourself, this string of events may sound unlikely. But in fact, now that more of your workforce is working from home and the lines between 'work' and 'side hustle' and 'off hours' are blurrier than ever, this kind of thing is happening way more often than you think. And while in an onsite office environment, you may be able to forbid or even prevent (via a firewall) use of social media sites, this is almost impossible to achieve in a remote or hybrid work model.

So what do you do?

It's tough to put any kind of blanket social media ban in place - you can't really prevent your employees from setting up an Instagram account and sometimes posting pictures from an evening out with co-workers. But you can provide the information they need to make better decisions - and you can start by showing them this infographic to get them thinking.

Social media security in the workplace by Profile Investigations