Phish to fry: Security as part of an effective social media policy
As workplaces get to grips with the internet and social networking, many employers are taking the sensible precaution of implementing a policy for appropriate use. A social networking policy should cover a number of issues, such as data protection, acceptable behaviour and disciplinary procedures. It's sometimes overlooked but just as important to include something about network security.
Many security features, such as firewalls and anti-virus software, are often managed by dedicated IT personnel. But no matter how sophisticated technical measures are, it only takes one member of staff to click on the wrong link, and the door to sensitive and confidential corporate information is left wide open.
One of the main threats from cyber criminals is 'phishing'. By sending emails pretending to be from trusted sources, well-known organisations, or even friends and colleagues, phishing emails hope to trick people into revealing passwords, usernames and any other information that can be used for hacking or financial gain.
Recent research has found that more than a quarter of office workers don't know what phishing is, and nearly a third don't routinely report suspicious emails to their IT department. The same survey, from PhishMe, found that three in five will eventually fall for a phishing email if they don't know what signs to look for. Such signs might include suspicious sender addresses, poor grammar and spelling mistakes, unusual content and generic greetings.
Acas can you help your organisation with Social media and how to develop a policy. Acas also provides training on issues related to social media and the internet, including effective management of employee use of email; courses are listed under Staff surveillance.
Visit the Acas Training and Business Solutions area for more information.