Social media is an amazingly useful tool to share meaningful information (along with lots of drivel, humblebrags and photos of that amazing breakfast your friends are about to eat in Cancun). However, the ease with which social media can be used as a vehicle for sharing good information enables users to share some really stupid things, as well. The most recent case in point is the (now former) CBS Vice President and senior counsel who posted some very insensitive comments on Facebook about the victims of the horrific shooting in Las Vegas earlier this week. In 2016 a (now former) faculty member of York University in Toronto posted links on Facebook to anti-Semitic web sites and made a number of derogatory comments about Jews. Also in 2016, a (now former) employee of Express Oil Change and Tire Engineers in Alabama posted on Facebook that the wildfire victims of Gatlinburg, Tennessee are, “….mouth-breathing, toothless, diabetic, cousin-humpin, mountain-dew-chuggin, moon-pie-munchin, pall-mall-smoking, trump-suckin pond scum.” In 2013, the (now former) communications chair of the Democratic Party of Sacramento County, California tweeted to the senior communications adviser to Ted Cruz, “May your children all die from debilitating, painful and incurable diseases”.
These types of posts represent a lack of self-control, something of which the vast majority of us are guilty at one time or another (but, hopefully, in less public ways). But they also represent a massive liability for a company’s brand. In each case, the offender was fired by his or her employer, but that does little to mitigate the enormous damage that these types of posts can inflict on the innocent employers who get caught up in the firestorm that normally ensues after these types of posts go viral.
As an employer, what can you do about this? Here are some suggestions:
- First and foremost, establish detailed and thorough policies about what constitutes acceptable and unacceptable employee behavior, both during and after work hours. Obviously, an employer has less control over their employees when they’re not at work, but some reference to acting like a decent human being on a 24×7 basis while employed by the company is a good starting point.
- To back up these policies, provide good training for employees about how to respond to social media posts, how to avoid making inappropriate comments on social media, and how to escalate sensitive issues like customer complaints.
- Implement good monitoring, DLP and scanning technologies for all work-related systems, including social media. The goal is not only to identify intentionally inappropriate and mistaken posts from employees, but also to protect against data loss and malware infiltration through the social media channel, to identify if a social media account has been hacked, or to identify if someone is falsely purporting to be a representative of your company/brand.
- Archive content from your social media channels, including any employee posts made using company infrastructure. Having a good archive of social media content will enable decision makers, counsel, etc. to review social media posts for inappropriate content after the fact, and can be useful as part of litigation efforts and regulatory audits.
- For social media accounts under company control, enable appropriate access controls to minimize the potential for inappropriate posts.
- Where necessary, implement a supervisory program (something akin to what financial services firms do for broker-dealers) that will sample employee social media posts to look for violations of corporate policy.
We will shortly be publishing a white paper and survey results focused on social media security and archiving. Let us know if you’d like to see an advance copy of the survey results or the paper.