Social Media Usage in the Enterprise


With the onslaught of SMAC – Social Media, Analytics, Mobility and Cloud Computing – in our personal as well as professional lives, we are spending a huge amount of time and energy in a digital world. Many organizations are faced with the challenge of how to handle and even leverage these technological innovations to gain a business advantage. This article looks at the aspect of social media and how best an organization may decide its stance with respect to allowing or disallowing users, access to social media sites from work.

Social media communication concept

What is social media?

Social media refers to those websites where users interact with each other based on common interests and much of the content is user-generated. The most common examples of social media are of course Facebook, Twitter, LinkedIn, etc.

Why are we opening up access to social media?

The main objective behind this step should be clearly articulated and spelt out for all employees to read and understand.

What aspects are to be kept in mind when allowing employees access to social media from within the network?

There are certain risks that we must be aware of when allowing access to social media

1. Loss of productivity

One of the concerns that senior management might have is that people will end up spending too much time on these sites and thereby reduce their focus from work. Studies have shown that a large percentage of access to social media happens during working hours even in cases where employers have not allowed such access on their networks. This means that employees in any case access these sites using their smartphones. One answer to this problem would be to allow access to these sites during specific times of the day – such as during lunch break as well as after working hours. This will give employees a targeted time during the day when they can use these sites and reduce their propensity to access them using their smartphones. Why increase one‟s data consumption when the company network allows me to access these sites during lunch and after working hours? We might actually see an increase in productivity from this approach. It is important to closely monitor social media usage and bandwidth consumption on a regular basis to avoid misuse.

2. Security risks

Often the content and links posted on social media sites can be used to compromise the user‟s system via a phishing scam or malware download. While this can happen in any case, the social media interactions happen with a certain level of inherent trust – the posts and links are from friends of mine and therefore must be valid to some extent. This can be mitigated by strong malware controls within the network as well as constant employee education. While we open up social media for our employees, we should combine it with an awareness campaign that helps them use social media in a secure fashion.

3. Employee privacy

Managers must be sensitized to not cross boundaries of social etiquette and laws around workplace harassment just because they are connected with their peers or employees over social media. This connectivity can create a false sense of intimacy where none might exist and cause relationships to sour. Certain boundaries must be maintained in social media interactions between employees – especially between those in management positions and their subordinates.

4. Disclosure of sensitive information on social media

Any instance of disclosure of company confidential information on social media should be handled with strict action and a strong message sent that these channels cannot be used for causing any sort of harm to the company or its reputation. Again, the employee awareness campaigns should help sensitize people to the proper usage of these channels and ensure they don‟t inadvertently disclose insider information even over chat.

5. Protecting company reputation

What employees post about the Company should be outlined – more along the lines of encouraging them to give positive insights rather than listing out too many restrictions, which might appear to be a curb on freedom of speech. The signal that should go out is that social media is a positive technology, and promoting the Company, its brand, and its practices on social media would help create a beneficial image for the Company and employees. Promote employees to use their common sense rather than treat them with kid gloves.

6. Other safeguards

The other guidelines we have in our acceptable usage guidelines for email and Internet should also flow through to social media – such as not posting content of a sexual nature or that which might break the country‟s laws or be considered racist or offensive.
Overall, the following steps should be taken:
1. Identify the purpose behind taking this step and make it public to all employees
2. Restrict use of social media to lunch break and after working hours
3. Monitor closely usage of these sites and alert employees and their managers if usage crosses acceptable thresholds
4. Educate employees to the risks of social media – even at home – this will encourage them to follow proper safety precautions both at work and at home
5. Create an acceptable set of guidelines and circulate them to all employees

Further reading:

Social Media Strategy, Policy and Governance
Enterprise Social Governance
Social Media Policy Template
Social Media Policy Template
Another template (4 pages)


  • K K Mookhey

    K. K. Mookhey (CISA, CISSP) is the Founder & CEO of Network Intelligence ( as well as the Founder of The Institute of Information Security ( He is an internationally well-regarded expert in the field of cybersecurity and privacy. He has published numerous articles, co-authored two books, and presented at Blackhat USA, OWASP Asia, ISACA, Interop, Nullcon and others.

Leave a Reply

Your email address will not be published. Required fields are marked *

For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

I agree to these terms.