top of page
  • Writer's pictureESET Expert

Social media in the workplace: Cybersecurity dos and don’ts for employees

Do you often take to social media to broadcast details about your job, employer or coworkers? Think before you share – less may be more.

For many of us, showcasing parts of our day-to-day on social media has become a staple of our everyday lives, and that includes our working lives. On one hand, it keeps our friends and acquaintances up to speed with what we’re doing without necessarily having to exchange messages; on the other hand, it introduces various risks that could affect our employers, colleagues or, indeed, ourselves. In the worst-case scenario, it could even jeopardize your employment should you breach company policies.

Indeed, one recent survey shows that most small business owners realize that their employees’ use of social media apps represents a cybersecurity threat. With the right approach, however, there are ways for employees to use social media without exposing themselves or their employers to unnecessary risks.

Do know your company’s policies

As an employee, you’d probably want to tout your company credentials and bona fides to boost either your profile, your company’s brand, or both. One of the quickest and best ways to do that is through social media platforms. And while you may be acting in good faith and trying to promote it, you may cause more harm than good (and even break some of your company’s internal rules).

If you want to post about your work or your employer, the best way to go about it is by going through your company’s guidelines and policies on social media. In case there aren’t any or you’re confused about what you can and cannot do, you should talk to a representative from your human resources department, who should be up to date on all the of the company’s policies.

Do use apps on work devices with extra care

Company-issued devices are a mainstay of corporate life. While they are mostly used for work on- and offsite and allow colleagues to keep in touch with you in case of an emergency, companies often allow them to be used for personal stuff as a perk. However, that doesn’t mean that you have carte blanche to do with them as you please. Remember these devices are still monitored by your company’s admins and connected to the company network, so a lot of your activities can be reviewed. On that note, social media platforms are rife with scams, so, if you are duped by a phishing campaign or dubious scam links, it can lead to your company’s systems being compromised or infested with ransomware, keyloggers and other types of malware.

In the case of these devices, it’s the company and the admins that are, for the most part, responsible for their security. This means they have to institute cybersecurity best practices, implement the use of reputable security solutions, and have a proper patching strategy in place. But that doesn’t mean you don’t have to do anything – you have to update and patch your devices whenever you are prompted to do so. And you should be aware of common scams you might encounter on popular social media platforms such as Facebook or Instagram. Additionally, clicking on links to dubious websites that might compromise your devices might at best get you a few stern looks and probably an earful, or, at worst, even get you fired.

Don’t overshare – even if you care

Much has been said about oversharing on social media, be it about your personal life or the personal lives of the people around you like your family, friends, and even children. However, the same applies to your professional life: by oversharing information about your job you are inadvertently putting yourself and your employer at risk. For example, sharing too many photos from your workplace may allow threat actors to get a good lay of the land and make their lives easier if they would want to test your company’s physical defenses. Or, with your personal details, adding too much information on social media can make it easier to impersonate you, and commit identity theft.

That being said, there are a number of things you can do to mitigate most of the risks associated with oversharing. The easiest step is to limit and curate what you share on social media – don’t share photos or information that reveals too much about either you or your employer and their offices. Review your social media settings: not everything you do needs to be shared with the wider public, so limit it to people you know and trust. Auditing your Facebook privacy settings wouldn’t hurt either. You should apply this advice throughout your online presence, not just to the work-life side.

Don’t be careless with workspace photos

Office photos – whether your home office or your employer’s – tend to be popular on social media, since people want to share how hard they work or show off how organized their workspace is. But these photos can be a bit too revealing if you’re not careful. Are you aware of what was visible on your desk when you posted the photo? The photo could hold a smorgasbord of sensitive information – you could have documents on your desk that pertain to your employer’s intellectual property or company secrets, a sticky note could have your login credentials on it, or your computer screen may reveal a client’s sensitive data. This could cause you to run afoul of data regulation laws, which come with hefty penalties to your employer.

The simplest thing you can do? Don’t post said desk photo. If you’re still adamant about posting it anyway, take a long and hard look at your work desk and assess if anything that would be visible in the photo could pose any kind of security risk. Then proceed to remove it or cover it and while you may consider obscuring it with photo editing software, that may not always pan out the way you hope it will if you’re not well-versed in using such software.

Final thoughts

Navigating the waters of social media platforms in the early 2020s can be a handful, especially with threat actors becoming more creative than ever with their scams and strategies to infest devices with malware. And the stakes are even higher, since nowadays people like to share every aspect of their day, work-related tasks included. This presents a threat vector that could be exploited by cybercriminals.

However, mitigating the risks isn’t that hard – you have to remain vigilant and have a healthy dose of suspicion when it comes to stuff you encounter on social media, be on top of your company’s policies, and follow cybersecurity best practices instituted by your IT department. More often than not, this should keep you on the straight and narrow and protected from most threats.


bottom of page