Social Media Security Policies Lagging Adoption

In August of 2010, the social network IT Toolbox released their latest study on the use of mobile and social media technologies in the enterprise. The survey included over 2200 IT professionals from 109 different countries. One of the areas of the survey included questions about corporate guidance and security policies. While Social media use in the workplace increased 35% to an average of 5.88 hours per week, guidance for using these tools continue to lag adoption. According to the survey, more than 53% of IT professionals state that their company does not have a social media policy or they are unsure if one exists.

When developing policies for social media (and any other technology for that matter), there are two key points to consider: (1) What are basic risks that policy controls are designed to minimize, and (2) who is the target audience for these policies? Addressing the first point will determine which specific policies to write. Answering the second will determine which policy documents should contain each of these new policies, and will also point to the possible need for additional security awareness training. As an example, let’s use a sample policy from our PolicyShield Security Policy Subscription:

Policy: Employees are prohibited for posting information about Company X activities on social networking sites unless these have been explicitly approved by management.

In this case, the policy is targeted and end-users and should therefore be included in either a standard Internet Acceptable Use policy or a separate document devoted to Social Media. Other policies, for example those that may restrict access to these sites via network firewalls, would be targeted at technical personnel and be part of policies such as a Network Security Policy.

For organizations struggling to adopt policies for new technologies, our PolicyShield Security Policy Subscription may be an ideal solution. It was designed specifically to address the introduction of new technologies and the associated risks, including those of social media as well as over 200 other security and data privacy topics.