Personal information has become the currency of the digital economy. Despite growing awareness of the importance of protecting one’s right to privacy, many people find themselves sharing, providing, conveying and divulging information across multiple platforms and devices as part of their daily ritual of engaging, trading and communicating with others. Unfortunately, it is exactly this carefree mindset which plays into the hands of lurking cybercriminals and can also impact employers.
With social media a cornerstone of daily life for most individuals, it is easy to succumb to the lure of posting all your personal data online, presumably only for your followers to see, but often quite easily accessible to the world at large. Information about travels, hobbies, partners, work, interests and everything in between is laid out on a silver platter for criminals to profile and identify unsuspecting victims to target for hacking, impersonation and other fraudulent intentions.
With cybercrime a global phenomenon and South Africa having the dubious honour of being one of the leading countries falling prey to cyberattacks, it is vital that persons and businesses take note of this risk and take steps to protect themselves.
When one considers that still more than 80% of data breaches result from human error or negligence, it speaks to the danger of employees creating opportunities for a business to suffer from an attack or data breach.
Employees have social media accounts and online presences that make profiling possible. And they may be unaware or insensitive to the lurking dangers posed by cybercriminals, taking little or no steps to protect themselves, like ensuring proper privacy settings on accounts, setting secure and complex passwords, using different and impersonal passwords for different accounts etc. Often employees even use the same or similar passwords on their social media accounts as for a work account. If the personal profile is compromised, it becomes easy to also compromise work accounts that the employee has access to. If an employee's personal account is hacked it can also be used to impersonate that employee towards customers or partners, so compromising the employer.
Clearly the lines of personal and business risk become blurred when an employee’s accounts are compromised, as this may not only be harmful to the employee but also the employer.
So, what can employers do to limit this risk?
Probably the most important aspect is awareness training on how to secure your personal accounts, set good passwords, and avoid certain types of public information sharing. To help reduce the ‘human error’ aspect, understanding the risks and what good practices you can implement, can go a long way to reducing this risk.
Adding a policy framework for allowed social media use, password management, device management etc. are also tools that can help a business create a secure environment that will help limit the impact on the business should an employee’s personal accounts be compromised.
Ultimately, the focus of an employer should be to create a separation between the impact on the employee and business in the event of a compromise through training, clear policies and a secure security environment.
For assistance with establishing the necessary policy frameworks for your business, reach out to our Compliance Team to help ease your social media headaches.
Visit our Compliance Team page.
Disclaimer: This article is the personal opinion/view of the author(s) and is not necessarily that of the firm. The content is provided for information only and should not be seen as an exact or complete exposition of the law. Accordingly, no reliance should be placed on the content for any reason whatsoever and no action should be taken on the basis thereof unless its application and accuracy have been confirmed by a legal advisor. The firm and author(s) cannot be held liable for any prejudice or damage resulting from action taken on the basis of this content without further written confirmation by the author(s).