Use social media safely
Social media can help your business reach customers, increase sales and drive awareness. It allows for open two-way communication with your audience. However, there are also risks associated with social media.
It is important to manage employee use of social media to protect your business' reputation. You should take steps to secure your social media accounts from cyber security breaches. You should also be aware of the legal implications of social media.
This guide explains how to manage social media security. It also provides advice for managing social media and the employment relationship and details legal implications and best practice using social media.
Manage social media security
Tips on how to keep yourself secure when using social media including using safe passwords, controlling access and being aware of spam and phishing scams
Whether you intend to join one or a number of social media platforms, security should be at the top of your agenda. With the rise of identity theft, fake emails and security threats to small and large companies, ensuring you are using social media securely is essential.
Online Security for social media
Each time you login to use a social media platform, you expose yourself and your business to attacks from hackers and other malicious groups. However, there are many steps you can take to help prevent identity theft and threats to your security. Follow the guidelines below to ensure you use social media safely:
- Keep your login details secure and regularly change your password. Use a strong complex password that is over eight characters long and contains capital letters, symbols or numbers.
- Keep tight control of who has access to your corporate accounts and what they can view, post and edit. Some staff members may only need to be able to access analytics data, where others may need full admin permissions. Ensure that anyone leaving the business can no longer get access, either by changing passwords or removing their admin permissions.
- Be cautious of anyone who contacts you unexpectedly on social media claiming to be a reputable organisation. This could be a phishing attack. Phishing is where legitimate-looking emails or messages seemingly from a reliable source, eg a bank or another business, are used with the aim of obtaining personal details.
- Watch out for corporate identity theft. Your business name and branding could be used on social media by criminals posing as your business to gain users' trust. This could be part of a phishing scam or an attempt to gain high numbers of followers that can be sold on. You can report fraud to Action Fraud.
- Never reveal any sensitive information about yourself, your business or your customers without first checking the credentials of the enquirer.
- If you access social media via wireless internet access, ensure you have adequate security to protect your wireless network from eavesdropping and hacker attack.
- Avoid opening message attachments from unknown sources - or if known - eg from a fellow employee, check with the sender first if the attachment isn't something you expected. Don't open attachments such as those ending with '.exe' (an executable file) or those with the '.scr' which is the file extension used for Windows screensavers, as these can also be Trojans that can infect your computer.
- Be wary of clicking on links added to messages in any social media platforms that you use. These include links to current events, entertainment news or other links to high traffic sites. These links can take you to phishing websites and have the potential to infect your computer. If clicking on a link, always check the website address when you get there - ensure that it looks legitimate and you are where you think you should be.
- Avoid clicking on advertising emails and popup boxes and be cautious of any application that wants to install itself on your computer.
Social media and the employment relationship
Things to consider when employees use social media including developing a social media policy, monitoring social media, legislation and network security
The use of social media at work presents new opportunities to businesses but also new responsibilities regarding employees using the various sites.
Social media impacts many aspects of the relationship between employers and employees including the recruitment process, discipline and grievance, inappropriate conduct, bullying and harassment and breach of confidentiality.
To find out more about the impact of social media on each of these aspects, you can read Labour Relations Agency guidance on social media and the employment relationship.
Develop a social media policy
Having a written social media policy for your business provides clear guidelines for employees on what they can and cannot say about the company. It also helps to protect you against liability for the actions of your employees and helps them differentiate between their private and professional lives.
For more information on developing a policy, see managing social media in the workplace.
Monitoring social media
The Employment Practices Code (PDF, 225KB), which is produced by the Information Commissioner, states that it is usually intrusive to monitor your employees.
If you wish to monitor your staff, you should be clear about the purpose and satisfied that it is justified by real benefits. The employee should be aware of the nature, extent and reasons for any monitoring, unless (exceptionally) covert monitoring is justified. However, covert monitoring of employees can rarely be justified.
There are ways to help to control the usage of social media sites through your IT security and if needed, restrict or block access to certain sites.
These include using firewalls, web security tools and ensuring you have antivirus software to detect and prevent viruses. See protect your business online.
Dealing with improper use through disciplinary action
You should treat improper use of social media as you would any other type of alleged misconduct. This would involve an investigation and consideration of suspension or other precautionary action followed by disciplinary action if appropriate.
Read more about disciplinary procedures, hearings and appeals.
As a business owner, you should be aware of the broad range of legislation which has an impact on social media in the workplace.
This legislation includes:
- The Data Protection Act 2018 - the Act requires anyone who handles personal information to comply with a number of important principles.
- The General Data Protection Regulations (GDPR) - this forms part of the data protection regime, together with the new Data Protection Act 2018. It introduces new rules on the processing and safeguarding of personal data.
- Malicious Communications Act 1988 - makes provision for the punishment of persons who send or deliver letters or other articles for the purpose of causing distress or anxiety.
- Communications Act 2003 - this Act makes it a criminal offence to send or cause to send '...by means of a public communications network a message or other matter that is grossly offensive or indecent, obscene or menacing character.'
The Labour Relations Agency (LRA) runs a series of good practice seminars covering many aspects of employment relations matters including:
- Social media and the employment relationship
- Handling discipline and grievance
- Conducting employment investigations
For more detailed information, see managing employee use of social media.
Legal implications and best practice using social media
Legal considerations when using social media including how to protect your brand, privacy, data protections and complying with online advertising standards
Using social media exposes your business to direct contact with public opinion and comment. It is important to consider how to operate within the social media environment, whether on external sites or social tools on your own website. Understanding the legal pitfalls and maintaining a professional approach can help to protect your reputation and business.
Protect your brand
It's important to consider monitoring social comments. If you host a forum or encourage blog comments, you may find that some users post inappropriate comments. This could include:
- Inappropriate language - if your customers are likely to be sensitive to certain language, make sure you have a system for monitoring all new posts before they go live.
- Libellous material - you may be held responsible for any user comments on your site that insult or libel someone. Make sure you monitor what users are saying.
- Damaging comments - while customer opinion can be useful, you don't want to have too many negative comments about your business. If you find this is the case, look into the reasons behind the comments and try to put things right.
While you should try to protect your brand and your site from potential threats, this should be balanced with maintaining brand honesty. Site users should feel that there's an open and honest, two-way exchange of ideas and opinions. This will build trust between you and your customers and encourage loyalty.
If you do receive negative comments, respond in a professional and positive way and address the issues raised. It is also important to monitor the social buzz or chatter around your brand to see how your business is being talked about on other websites, so that you can respond accordingly.
There are a range of paid for and free services that will help you monitor what people are saying about your brand online. For example, you can set up Google alerts to notify you by email of mentions of your brand across the web and different types of social media. These tools can also be used to keep up-to-date with what is being said about your competitors - helping you understand your market better. Think also about how you can secure your brand identity across different social platforms - avoiding misrepresentation by third parties.
You should position your marketing strategy on the social web very carefully. Any campaigns should be designed with the social web in mind. Avoid simply placing the same messages you use in other marketing channels into a social web context. Instead, tailor your campaign so that it will sit comfortably with both the site and its users.
Social tools on your website
Many social media tools allow easy integration with your own website. Before you launch any new features on your website, make sure you have thought about the legal aspects. For example, social media tools often ask for users' personal details. Managing these details can be straightforward, but you must make it clear to your users what you are and are not responsible for.
Make sure you have the following on your website:
- a disclaimer - setting out the limits of your legal liability
- terms and conditions - letting users know what they can expect from the site
It would be wise to consider using text and image filtering or a comment approval process. This will reduce the risk of inappropriate or offensive material being put onto your site.
Complying with online advertising standards
The Committee of Advertising Practice (CAP) Code's remit has been extended to include any online advertisement or statement that's intended to sell products or services. This includes non-paid-for space under your control on social media sites, as well as marketing material on your own website.