An article from DRI ANZ.
We should make it clear from the outset that social networks like Facebook are not themselves the villains. The risks for businesses are in the ways that employees use these networks. Neither are we talking about employees being distracted from their ‘real’ work by spending too much time communicating via social media. Many enterprises that tried to curtail or ban access to social media found that their actions caused more problems than they were supposed to solve. The immediate problem is in fact one of security awareness and best practices.
Social networks are, as their name suggests, designed to get people to communicate with one another. Naturally enough, members of a social network will offer and exchange personal information – names, hobbies, interests and so on. They may also discuss what they do professionally. There are already limits to this: for example, company confidential information should not appear on an employee’s social media page or profile. But other dangers exist too, such as employees using the same password for their social network account as for the applications and systems they access at work. Hackers know that this is often the case and target social media users to hack their passwords for this reason. Access to the social media login information then helps a hacker to attack the business for which the social media user works.
This can be dangerous. It can also be frustrating, given the potential benefits that social media like Facebook, Twitter, YouTube and LinkedIn can have for businesses. The resilience and availability of social networks can make them a valuable means of communication in crisis situations, especially if other channels have failed. Basic information security education should therefore be provided to employees, as well as common sense guidelines for using both personal and professional accounts. This helps turn Facebook and other social media from potential sources of disaster to resources for ensuring business continuity.