When it comes to social media, the tide has changed rapidly in corporate America. In just a few short years, businesses have moved away from strict social media policies and towards activating their workforce into evangelists, eager to share with their respective audiences the good news of their employer's brand story.
And for good reason - there is plenty of data to suggest that people want to hear from real individuals, and that employee advocacy programs can have a direct positive impact on sales, employee retention, and brand awareness. Save for instances where a business is in a highly regulated industry, it would seem difficult to justify not participating in employee advocacy.
As companies roll out these programs to their employee base, many leverage sophisticated training modules, rich media toolkits, gamification apps, and the like - all aimed at maximizing ROI while mitigating exposure for the enterprise. That said, there's a singular omission from many of these programs that puts companies, and individual employees, at risk.
What you're missing is cybersecurity basics, particularly phishing.
What is phishing?
Simply put, a phishing incident occurs when a hacker sends you a communication that looks legitimate with the aim of getting access to your data. An example would be an email from a friend you haven't heard from in years who suddenly needs money in order to return home from overseas. Phishers have gotten increasingly more sophisticated in an effort to get you to click on a link or disclose your banking info.
Why do social media leaders need to care?
Phishing is growing an at exponential rate - up 250% in Q1-16. And, phishers are rapidly moving out of email and onto major social networks to target victims. But for all the effort your IT team has put into training employees how to spot phishing emails, very little has been done to train employees to spot phishing tweets and comments, making them a particularly sweet target for bad actors.
I recently sat in on a live demo from cybersecurity start-up ZeroFox, and watched them phish hundreds of Twitter users in real time. Without diving too deep into the technology (though here's a great explainer), the bottom line is it was quick, efficient, and alarming. Thank goodness they're one of the good guys. Both the malicious tweet and the malicious phisher accounts looked very real. Were I not watching their process live, I would have easily clicked on the tweet I received.
Had I clicked, the possibility that I'd become a direct access point for hackers to infiltrate my corporate infrastructure is very real.
And that's the rub. When it comes to keeping data safe, your employees are typically your company's weakest link. So, here are five quick phishing tips to incorporate into your advocacy program to keep your employees and your employer safe.
5 Social Media Phishing Tips for Employee Advocates
- Eyeball others. If the user behind the social message seems suspicious, he probably is.
- Click carefully. Generic URL shorteners (e.g. - bit.ly, goo.gl, etc) used in social media increase the risk of clicking on malicious links. If in doubt, don't click. Do a web search for the content instead.
- Read and re-read. If the text or tone of the tweet/post is garbled or feels pieced together, that's a red flag.
- Share wisely. Hackers can use that info to phish you (it's called spear phishing).
- Spring clean. If you're no longer using MySpace, FourSquare, or other social networks, shut down your old accounts.
By failing to include basic phishing and cyber safety training within your employee advocacy program - including regular reminders - you may be unknowingly opening your organization to financial and competitive risk.
On the upside, by incorporating these basic tips, you'll find that an ounce of prevention, in this case, really is worth a pound of cure.