Social Media Workplace Risks

For many young and not so young workers social media is an important part of their lifestyle.  They do not simply want to consume this media but take part and receive virtual and real world rewards for their efforts.  Building up and maintaining a suitably large user base will bring in funds either directly from the platform or through sponsored content.  Keeping the ball rolling requires a constant stream of new content but can lead to enough income to live on independent means as a professional influencer.  TikTok for example runs a creator fund paying out for content with over 100,000 views in 30 days from accounts with over 10,000 followers. Many will never reach this level of involvement but will upload content in the hope of monetising their efforts in the future or to simply to see a steady increase in followers.

While social media use can be seen as a relatively harmless pastime it can impinge on the world of work and the security of the workplace.  Platforms come and go (MySpace and Yahoo groups are long gone) but all thrive on users and content.  A simple work policy is not to allow any work activity to be posted on social media.  Instagram and TikTok are likely suspects; both with wide user bases and worrying but popular content tags such as #dayatwork.  The obvious danger is that some confidential activity may be accidentally captured causing harm to the employer and leading to unexpected disciplinary action against the employee.

Even if a complete ban is in place it is hard to enforce a total stop on smartphone use or what those devices might be used for.  Some companies are relatively liberal in what their employees can do in work time as long as work targets are met.  These companies could gain a publicity benefit from this social media presence and the benefits that their employees are seen to enjoy.  The employees derive some relief from the pressures of essential work but could fall into the trap of accidentally exposing confidential data.  Michelle Serna uploaded a video to TikTok of a spilled coffee at her workplace at health tech company Visionable.  She did not realise that a company meeting could be heard in the background.  The next day she was fired on the grounds of negligence. Even in cases where full details of an employer are not directly shown in a social media feed it could be possible for someone to deduce this by joining the dots between various posts and linked accounts.

There is far less control over those working from home.  A remote working machine may be locked down or tied to a virtual device within the workplace but there is no way to guarantee how a worker uses their own devices. Any prevention relies on an individual’s contract of work.  Any disciplinary action is going to take place after a data leak has been detected.

BeReal launched with the hook of having its users share an image within a 2 minute window.  TikTok Now followed on with the option of a 10 second video at a TikTok directed random time of day.  Both are a threat to workplace security as although the user is not forced to contribute if they do so while at work the range of ‘safe’ subjects to capture will be limited.  The BeReal solution is especially vulnerable because although the user can retake images the photos from the front and back of the phone are uploaded without any prior filters or editing.  The dangers from revealing computer screen or work notice board information are obvious.

The best way to manage social media leaks is through staff training and agreeing conditions as to what can or cannot be done in the work environment.  This must include those working on flexible terms from remote premises.  Enforcing any such policy depends on being aware of any potential leaks.  Indiscrete use of a camera at work is a clear warning but in many cases the ‘offender’ is unaware of any harm that they may be doing and the organisation is unlikely to pick up on isolated posts within the ocean of social media.  Scammers and hackers do use social media accounts for their own criminal ends often wheedling access to private groups.  Employers will rarely have the time or resources to do this and also need to consider the privacy of their staff.

There is a compromise of allowing employees some interaction within the corporate social media yet keeping overall control on exactly what is posted.  Care still needs to be taken to release content that shows the organisation in a favourable light yet discloses no confidential data.

More from Security


eCommerce Shop Scams

Data from Security Research Labs has revealed a China based fake shopping network that they have named ‘BogusBazaar.’  They claim that: ‘As of April …

Read post


Lockbit Ransomware Takedown

In February 2024 the UK National Crime Agency released details of how the NCA and other international policing agencies had disrupted the actions of …

Read post


UK Cyber security breaches survey 2024

Lies, damned lies, and statistics (attributed to Disraeli) The UK Cyber Security Breaches Survey 2024 was published on 9th April 2024.  Not surprisingly it …

Read post


Digital Gift Card Issues

Both Apple and Google offer gift card services for use on their App stores.  Just as it states on the tin the card can …

Read post

Sign Up

Sign up to our newsletter list here.

    Successful sign up

    Thank you for signing up to our newsletter list.

    Check your inbox for all the latest information from Kindus