Staying Secure on Social Media

Posted on May 14, 2019 - by Darren Gallop - in Building Your InfoSec Program

Social media is an almost unavoidable part of our daily lives. Whether that be personal use or professional, we’re exposing ourselves every day.

This is why, as business owners, we need to consider if we’re allowing our team to access social media on their own devices. Or on company devices, that are connected to the company’s network. For your marketing team, those are tools they likely access every day.

Many traditional organizations like the military or government are known to block social media on their networks. For them, this makes sense because it reduces the risk of highly sensitive data from falling into the wrong hands.

But does this practice make sense in a small-to-medium sized business? I’m going to say no, it doesn’t. If you’re a small business trying to get off the ground and make some noise, social media is where you need to be.

If you’re in agreement with my outlook the first thing you’re going to want to do is to make sure that there is a clear policy around proper social media technology use. An example of a detail you’d want to include in the policy is to only be participating in legal activities on company devices and networks.

Also, you may want to consider how much time can be spent on social media. From a productivity standpoint, this can get off the rails you’re not careful.

Security and Your Social Media Policy

In terms of securing the devices, you want to ensure they won’t be subjected to any threat while people use them.

You want to first consider how you can “harden” the device. Hardening is a basic practice on how to make the device more secure. It involves things like not using the admin login for general daily use, turning on encryption, and activating your firewall. This will go a long way to help make your devices more secure.

Social media accounts can get hacked. Do you have an incident response plan?

Most important of all is user training. We know that employees are the weakest link when it comes to information security. So make sure that you’ve educated your team on internet safety best practices. They should have an understanding of things like phishing and other social engineering attacks.

You might want to have other policies that help keep your employees keep company social media accounts safe, like requiring strong passwords and the use of password managers.

In the end, I recommend that you allow your employees to access social media as long as they are aware of the risks and what to look out for. Don’t forget to have security controls in place to make it safe for them to do so.

DO you have a policy or training to help your employees keep your business secure?


Get custom information security policies generated for your business in minutes. Securicy guides you through creating, implementing, and managing your cybersecurity plan.

Try Securicy Free

About the author

Darren Gallop is a tech entrepreneur, information security expert, Techstars alumni, board member, and the CEO of Securicy. He co-founded Securicy and led the team to develop a SaaS product that guides businesses through creating, implementing, and managing their information security and privacy compliance program. Gallop previously co-founded Marcato and was CEO there for 10 years, until the successful event management software company was acquired by Patron Technology. He is fluent in English, French, and adept in Spanish. Gallop spends much of his non-work time traveling or engaging in the outdoors. Swimming, fly fishing, canoeing, camping, and surfing (basically in that order). He is from Nova Scotia, Canada.