The rise of social media has ignited a societal change in how people across the world communicate and "stay in touch."1 These social networking websites allow users to create personal profiles, post comments, join groups, add contacts,2 and most important, find like-minded people with whom to share ideas, interests, and experiences. They give users the opportunity to link with others, both near and abroad, based on shared personal interests and business or academic affiliations.3 However, in the business community, social networking also makes companies more susceptible to corporate espionage, i.e., "clandestine techniques used to steal valuable information from businesses."4 This is caused, in part, by the fact that "[t]he general informality of social media sites like Twitter or Facebook encourages employees to let their guard down and casually share information without thinking twice."5 The risks created from social media use by employees are too great to ignore. For example, the development of "scraping" software allows cyber-spies to harvest personal details from thousands of users on social networking sites.6 When scraping software7 is targeted at the profiles of a certain company’s employees and the information gathered is reconstituted, it has the potential to alert a competitor to such things as a new product launch or internal strife at the target company. Further, even top level managers occasionally post less than flattering pictures of themselves on their Facebook pages, and such personal information can easily be used for blackmail purposes.8 These risks are reinforced by a recent survey of large companies that found the average corporation lost $4.3 million as a result of negative consequences associated with social media, with contributing factors including damaged brand reputation or loss of customer trust, loss of data, compliance costs, regulatory fines, litigation costs, etc.9 While these costs10 should not negate the value active social media use offers a company and its employees, and the added benefits that such use brings to a company’s marketing and brand recognition in a global market, it requires businesses to consider the growing need for adopting a comprehensive social media policy. One way to attempt to limit a company’s vulnerability to corporate espionage is to bar the use of social networks during business hours.11 For example, Porsche SE has "blocked employees from using Facebook to help reduce potential access points for cyber spies."12 Many commentators, however, suggest that companies should not reflexively ban the use of social media by employees, but rather develop a measured approach for effective and safe corporate and personal use.13 This approach is often preferable. While a company may attempt to regulate its employees’ use of social media during business hours by blocking access to certain websites, it is more difficult to prevent them from discussing their work life on their MySpace pages when they are in the comfort of their own home. Accordingly, while this article addresses a few of the innovative ways in which a company may be exposed to increased cyber-vulnerability through its employees’ use of social media, it in no way suggests that a blanket anti-social media policy should be adopted. Rather, a company should follow a policy that builds off of one of the many model policies currently available,14 and should find a balance that fits its own corporate structure.15 This article also offers suggested measures for companies to consider.
Let’s Just Keep This Among "Friends": Employees’ Natural Inclination to "Bare All" on Facebook, MySpace, Google+ and Twitter Puts Their Employers’ Interests at Risk
When Does Corporate Espionage Move From Competitive Due Diligence To Cybercrime?
The Corporate Response: How to Address the Social Media "Threat" Without Sacrificing Employee Morale, Marketing Opportunities, Innovation, Business Growth, and the "Plus" Side
To view additional stories from Bloomberg Law® request a demo now