Put Social Media Policies On Your List Of New Year’s Security And Privacy Resolutions

Over at Baseline magazine this week, writer Nick Wreden has a good article on “Social Media Policy Development,” summarizing that organizations need to develop firmly written, clearly communicated policies around all types of electronic communications, including those conducted via social media channels.

This is still a sometimes-overlooked area of policy development and, if your organization hasn’t yet communicated specific policies around keeping confidential (or regulated) information secure over social media channels, I’d suggest you put this on your “to do” list for the new year.

Nick quotes our oft-cited statistics about data loss and social media in large enterprises, noting that our 2009 research found that “34 percent reported that a loss of sensitive information had affected business. The same study found that 13 percent had investigated troublesome Twitter usage, and 15 percent had disciplined employees for unauthorized posting of videos on YouTube and similar sites.”

Note that these numbers increased in 2010. As I always suggest when considering acceptable use policies for email, when creating these sorts of policies for social media, I’d encourage organizations to focus on the data loss and compliance risks associated with social media sites, not just the “time wasted” aspects of same.

Keep in mind that the cost of a single low-performing employee (who, for example, spends too much time at work engaged in non-work-related social media) is completely bounded by that employee’s salary (and such problems are fairly easily addressed). However, a single data loss/breach incident can cost hundreds of thousands or even millions of dollars in remediation costs, potential fines, brand damage and lost business.

The article over at Baseline has some other good suggestions around social media policy development and some real-world examples of what enterprises such as EMC, Xerox and Mel-O-Cream are doing to address the risks associated with social media.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Keith Crosley directs corporate communications for Proofpoint. Keith’s job entails the promotion of Proofpoint e-mail security solutions to press, analysts and the enterprise e-mail security market at large. His blog covers a wide variety of e-mail security topics including anti-spam, phishing, identity theft, data breaches and the policy, culture and technology issues that surround e-mail. Previous positions have included director, corporate communications at Elance, senior director, worldwide public relations at BroadVision and director of marketing at WiredPlanet.com. As a key spokesperson for Proofpoint and e-mail security evangelist/researcher, he takes part in television and radio appearances. Avocationally and semi-professionally, he is a filmmaker, musician and all-round multimedia enthusiast.