New Guidance Requires Social Media Security Policies

In January 2013, the Federal Financial Institutions Examination Council (FFIEC) posted a set of proposed guidelines for financial institutions to maintain compliance in the world of social media.   The document entitled “Social Media: Consumer Compliance Risk Management Guidance,” includes a number of specific recommendations for financial institutions that must protect customer information.  The FFIEC security requirements are key for GLBA compliance.

People + Information = RISK

As is often the case with security recommendations, information security policies are a key part of the equation.  In fact, one of the key “reputational risk” areas highlighted in the document concerns employee use of the social networking sites.   To quote from the official document:

“Financial institutions should be aware that employees’ communications via social media—even through employees’ own personal social media accounts—may be viewed by the public as reflecting the financial institution’s official policies or may otherwise reflect poorly on the financial institution, depending on the form and content of the communications. Employee communications can also subject the financial institution to compliance risk as well as reputation risk. Therefore, financial institutions should establish appropriate policies to address employee participation in social media that implicates the financial institution.”

After the comment period is complete, some version of these guidelines will be part of the official requirements. Accordingly, institutions will be expected to use the guidance in their efforts to ensure that their policies and procedures provide oversight and controls commensurate with the risks posed by their social media activities.

While these requirements are for financial institutions, the lessons are valid for every organization.  Studies show that 80% of employees access some type of social networking sites at work.  And where there are people and information together – there is risk.

Sample Social Media Security Policies

Does your organization have Social Media Acceptable Use Policies in place?  The PolicyShield Security Policy Subscription includes sample documents including Acceptable Use of Social Networking, which provides policies for safe use of online communities and social sites.  An additional sample, Corporate Use of Social Networking provides policies for organizations that are actively using social media to engage customers.  Don’t reinvent the wheel!  We have incorporated the latest social media risks into our standard security policy templates.