The explosion of social media has created an entirely new threat vector for security managers. While on one hand a company may have implemented a series of well-designed policies to protect its image and proprietary property, all those efforts may be for naught if they fail to take into consideration the dangers posed by employees posting communications on websites like Facebook, Twitter, LinkedIn, and MySpace.
To help security executives navigate this new minefield of risk, James Burke and Elizabeth Ho Sing, attorneys with the law firm of Wilson Elser Moskowitz Edelman & Dicker LLP, spoke during an educational session at the ASIS 2011 conference in Orlando to provide some basic guidance on the subject.
In today’s society, Burke admitted that it is not feasible for an organization to think that it could implement a blanket policy completely restricting the use of social media in the workplace. Indeed, many companies are now encouraging their employees to use these sites as a way to get out their message.
What’s important for these companies, according to Burke, is that they create a social media policy that explicitly details what an employee can or cannot do.
“A clear policy is what is going to protect you in a litigation environment,” Burke told attendees.
Burke said an organization’s social media policy should include several common sense guidelines such as; prohibiting the disclosure of confidential or proprietary information; forbidding the posting of material or non-public information; compliance with company policy and all applicable laws; full disclosure by the employee of who they are; avoiding negative communications; and, prohibiting the posting of false or misleading communications.
Companies should also include a provision in the policy to reserve the right to access and monitor an employee’s social media use.
“If your policy is clear and your employees don’t have an expectation of privacy, that is going to preserve your right to monitor,” explained Burke.
According to Ho Sing, an employee’s social media communications can be useful should an instance of litigation occur and can be used for a number of things including; investigating fraudulent claims; violations of non-compete clauses; discrediting claims of sexual harassment; impeaching witnesses; depositions; settlement negotiations; potential witnesses; and, jury selection and juror misconduct.
Ho Sing added that many people fail to realize the gravity of their communications on social media websites. She cited a case example in which someone claimed to have suffered a debilitating injury to their wrist on the job, but through Facebook, it was later discovered that this person shoveled heavy snowfall from around their car.
“People don’t necessarily think before they post,” she said.