Home Professionalisms Social Media Policy Tips For Small Businesses

Social Media Policy Tips For Small Businesses


by Peter LaMotte, Senior Vice President at LEVICK

social media business

Social media has become an inextricable part of everyone’s life — both personally and professionally. The good news is, for most small businesses, sites such as Facebook, Twitter, and Yelp can dramatically increase the size of their target audience almost overnight. These sites also serve as an invaluable venue for collecting customer feedback – both good and bad – and present a great opportunity to build brand awareness and brand loyalty.

But, as with our personal use of social media, there are plenty of security risks and red flags as well. Too many small business owners fail to acknowledge these risks or take action to minimize the threat to their companies.

Even businesses that do see the threat aren’t in agreement on the best way to counter it. “Some companies restrict internal access,” notes Robert Siciliano, personal security and identity theft expert. “Others may prevent employees from having any corporate association outside of work on their own social platforms. This is due to the fact that whatever an employee says outside of work publicly can have a significant impact on the organization.”

So how should small businesses address the security risks involved in allowing employees to use social media on the job?

Adopt a policy and offer guidelines.

Security experts strongly urge businesses of any size to institute a social media policy. Such a policy should determine employee access and outline appropriate and inappropriate types of behavior. It can also set the stage for training in the proper use of social media for business purposes.

Here are some suggested guidelines and reminders that all employees should understand:

Be selective in your choice of social networks.

Before joining any social network, employees should carefully assess its privacy and security settings. Sites with vague or non-existent security settings are too risky for employees to use.

Nothing ever goes away.

It’s worth reminding employees that whatever they post online stays online, including embarrassing photographs from the company picnic or sarcastic remarks about their boss. When they are active on social media while on the job, they effectively represent the business as well as themselves.

Password protection is a top priority.

“The most common way people use to get into a Twitter or Facebook account is by simply obtaining someone’s password, then logging into the system,” notes IT security expert Patrick Lambert. “If your organization’s Twitter account has 20 different employees who know the password, then the risk just went up exponentially.”

Here are frequently cited tips for creating effective passwords:

  • Use capital and lowercase letters, combined with symbols and numbers.
  • Devise separate passwords for different social networking accounts.
  • Change these passwords frequently.

“A common way that hackers break into financial or other accounts is by clicking the ‘Forgot your password?’ link on the account login page,” notes the security experts at Microsoft. “To break into your account, they search for the answers to your security questions, such as your birthday, hometown, high school class, or mother’s first name.”

Therefore, if and when a social media site offers the option, take time to make up your own password questions — with answers impossible for hackers to uncover through a quick online search.

Get IT involved.

If your small business employs one or more IT professionals, they should play a critical role in enforcing the social media policy. Since their expertise is needed to monitor employee compliance with the policy, it’s important that they stay current with ever-changing social media security risks.

At the very least, businesses need to implement and maintain strong anti-virus protection and stay aware of the importance of updating security patches when needed.

Any business that sees high (or even steady) employee turnover is also susceptible to security threats. “Too many organizations sign on for social accounts once, and then the password stays the same,” Lambert says. “Whoever created the account originally may not be with the company anymore, employees come and go, and before you know it, no one knows how many people actually have access to that account.”

Maintaining up-to-date lists of employee access and participation greatly reduces the risk of the bad guys hacking your small business’s social media account.

Banning on-site use won’t work.

For better or worse, banning social media in the workplace is not a good idea. Any employee determined to access Twitter or Facebook during office hours can usually find a way to do so, thus presenting other security issues for your business.

It is far better to instead adopt a sensible policy, ensure employee compliance, and train them to harness the power of social media for the good of your bottom line.


peter-lamotte-photoPeter LaMotte is a Senior Vice President at LEVICK and Chair of the firm’s Digital Communications Practice. He is also a contributing author to LEVICK Daily, where he routinely writes about social media marketing and online reputation management.