Social media posts where employees harangue their bosses or mock groups of people can backfire quickly, and these seemingly innocuous tirades can be the cause for a termination.
Ill-conceived Facebook, Twitter or even LinkedIn posts by employees can also lead to social engineers using the information as a method to broadside the company and attack its network. Social media snafus are quickly becoming ubiquitous.
Twitter posts by Sean Spicer, President Donald Trump's press secretary, on January 26 were not only random, but unusual. The absurd posts read, "Aqenbpuu," followed by "n9y25ah7" the next day. While these nonsensical posts did not affect Spicer's future in the White House, other employees who choose to rant publicly on social media may not be so fortunate.
The beauty and horror of social media is the speed and the reach, said April Masini, a New York-based relationship and etiquette expert and author.
"You can just as easily tweet something fabulous as you can a faux pas which becomes a nightmare," she said. "Hitting send or submit or tweeting or posting too quickly — which we're all guilty of doing, because we're all doing too much at one time at some point in a normal day — can mean big problems."
If you realize your mistake, deleting the post does not ensure that a co-worker did not see it and instantly take a screenshot.
"It's very easy to share personal information to the world accidentally," Masini said. "It can be a nightmare, and the reality is that fast and furious is fabulous until it's an accident."
Even innocent information can be easily leveraged by a good social engineer to gain physical entry into buildings or hacking into a company's networks, said Nathan Wenzler, chief security strategist at AsTech Consulting, a San Francisco-based security consulting company.
"There are so many avenues in which you can twist information to your advantage, so that the lines between business info and personal info can get blurred very easily," he said.
While few people heed the suggestion of not posting on social media when they are on vacation or working out of town, the recommendation should be take seriously, Wenzler said.
A burglar who is attacking someone directly could steal pertinent business information such as work badges and computers that can be leveraged to conduct attacks against the business.
"For a motivated attacker who may be targeting a specific company, even personal information can be very valuable to be used to break into company's physical or virtual environments," he said.
Employees should be wary of posting information that includes days and times when they will be out of the office or on vacation, descriptions of how user names are created internally such as my company uses first initial followed by last name for my login or names and contact information of co-workers, Wenzler said.
"The information can be used by a social engineer as an alternate way to try to get information about the company such as Joe posting on Twitter that Jane in the accounting department shared a funny meme," he said. "The hacker finds Jane's contact information and calls her saying, 'Joe just asked me to contact you to see if you could help me.'"
When the hacker refers to Joe, it gives him instant credibility, which also increases the odds that Jane will be willing to help and offer the information the hacker is seeking.
While the days of companies blocking employees from the use of all social media might be nearing an end, because they hinder business growth, companies are struggling to stay abreast of the growing number of social networking options as more crop up to meet the demands of various age groups and cultures. Managing email; the social channels; public instant messaging such as AIM and Skype; corporate instant messaging such as Skype for Business, Jabber, Slack, Bloomberg or Reuters messaging; and texts has been a challenging task as data from surveys demonstrate that many companies are lagging behind and not supervising these forms of communication.
A survey of 221 compliance executives at financial service firms conducted by Smarsh, a Portland, Ore.-based provider of archiving solutions for compliance and e-discovery, found that 48% of companies said social media was the number one channel of perceived compliance risk. Companies said that even if they attempted to ban the use of social media, they have minimal or no confidence that employees would comply, with only 30% for LinkedIn, 41% for Facebook and 45% for Twitter.