Most organisations are aware of high risks in social media but are they geared up to fight these risks?

While most organisations broadly understand that there are risks associated to social media, they still have not been able to clearly identify these and how these risks can damage their enterprise. I don’t see many organisations who have a social media policy or a policy for consumerisation of IT. As people understand social media risks, they’ll start incorporating these policies.

How do you approach social media in your organisation?

We have a fairly well written social media policy for our own organisation. The emergence of social media over the last decade has become an important medium for employees to collaborate with colleagues and getting valuable marketing insights and ideas by interacting with customers.

Managed social media could be a valuable asset for an individual employee and the company as a whole. It allows employees to engage with public networks to build their own network and strike a meaningful strategic dialogue with customers and prospects. Employees should always use their real name and disclose their association with the company in any conversation or forum where the context
is relevant. Employees also need to ensure that whatever they talk about the company needs to be completely accurate. If you’re not a subject matter expert on something related to the company, you should avoid being a part of that argument.

Employees also need to be very careful about what information they give out on these forums. At times, without realising employees give out information about company roadmap and other sensitive information. Such instances can cause huge losses to the company. Social media makes every employee a company spokesperson. Therefore they need to be very careful about what they say about the
company.

What are the key threats in social media?

Phishing is one of the biggest threat in social media. Social media is a very fertile ground for social engineering and phishing. Social media also gives a different dimension to public relations because a person who is relatively untrained in PR can actually create a disaster for the company on social media by stating something incorrect or partially correct.

Educating the employees is the only way to contain the risks in social media. Most of the data leakages that happen through social media, happens unintentionally and therefore, employees need to be educated about what information they can share on social media and what they cannot.

Most organisations do not patch non-PC devices. Is this a big security threat?

Unpatched non-PC devices can be a huge threat to an enterprise. With so many choices in smartphones and tablets in the market, enterprises soon would not have an option but to allow employees to carry their personal devices to work and allow these devices to be a part of the enterprise network.