Employers have often struggled with balancing the use of social media by employees in the workplace, but banning social media platforms outright has tended to fail.

While managers can easily implement the enforcement of rules by simply blocking access on internal networks, employees find loopholes such as utilizing alternative networks or a personal smartphone or device to access social media.

Employees are not detracted by the fact that companies have initiated policies where they can monitor the use of social media, and the lack of privacy has not proved to be a deterrent.

Prohibiting the use of social media was launched with other intentions in mind, such as thwarting hackers.

"Enterprise security teams need to ensure that there are no backdoors for sensitive data to travel outside controlled area via social networks," said Dan Lohrmann, chief security officer at Security Mentor, a Pacific Grove, Calif.-based provider of security awareness training. "Various services and tools are constantly looking for data leakage and/or comments and opinions that may case brand damage."

Hackers prowl the internet and data stemming from connected devices seeking personal details which can in turn help them target and infiltrate a company.

Companies have fought back by keeping detailed records of their staff actions off of social networks.

"This is especially true concerning corporate leadership," he said. "However, this information can also become evidence in legal cases regarding employee personal lives and/or even become a target for hackers to steal."

Another loophole occurs when employees reuse the same passwords for their social media accounts as the systems they log onto at work, making the job of the hackers fairly easy.

"Hackers who gain access to passwords from online destinations like Yahoo mail, often try those same credentials elsewhere to see if they work," said Lohrmann.

Employees who want to protect their jobs should avoid posting anything online, even in closed social media communities that "they would be ashamed of if the entire world were to gain access to the materials," he said.

Dividing the inseparable fabric which has been created by intertwining your digital footprint from both your work and personal life can no longer occur, said Joseph Carson, chief security scientist at Thycotic, a Washington D.C. based provider of privileged account management  solutions.

"The frequent and pervasive use of social media networks, working from home or when traveling, and the Internet of Things (IoT), which connects all kinds of household devices means that cybersecurity is no longer just the responsibility of your company IT department or government but the responsibility of everyone who uses the internet," he said.

When companies attempt to halt the use of social media in the workplace, the move is backwards, rather than forward, Carson said.

"Any attempt to block or prohibit social media will likely result in employees finding ways to circumvent restrictions and significantly reduce the security benefits as a result," he said. "Every employee is now a walking internet access point so companies will find it almost impossible to restrict social media access technically other than just a verbal or policy based restriction. Companies who restrict and prohibit internet access will find it difficult to attract future talent."

Instead, companies should approach the potential of threats online by educating both managers and their employees on the benefits and threats of social media for the business as well as improve "cyber hygiene" and ensure that your company policies cover the acceptable use of social media in the workplace, Carson said.

The top electronic communications compliance concern for businesses is non-email communication, including social media, according to a June 2017 compliance survey, said Ken Anderson, vice president of marketing at Smarsh, a provider of cloud-based information archiving solutions.

Blocking employees from Facebook, Twitter, LinkedIn or Instagram is not an effective strategy for firms, he said. Instead, social media can be used to maintain a competitive advantage.

"They need to be found and available through the channels in which their customers and prospects prefer," Anderson said. "Clients expect to hear from their advisors and interact with them on social, especially Millennials."

The survey also found that even when companies ban social media, the risk exists because employees often do not adhere to it. Proving that the prohibition works is often a difficult task and 67% said they have minimal or no confidence that it exists for LinkedIn while it drops to 57% for Twitter and 51% for Facebook.

"Firms that ban social media use aren't in a good position, either from marketing or compliance standpoint," he said. "It's a much better strategy for a firm to create a social media policy, train advisors on social media use, and use technology to automate supervision of communications on social."

Image placeholder title

Blocking social media sites is an extreme policy, said John Michener, chief scientist at Casaba Security, a Redmond, Wash.-based ethical hacking firm. A more effective method is to utilize penalization to obtain real deterrence.

"A company has to be able to back up its threat and be consistent in how it does so or the policy won't work," he said. "An employee is far less likely to violate a corporate policy if he thinks he might lose his job or be forced into unpaid time-off as a result."

Although employees can turn to social media and be unproductive, hackers will want to spread malware though Twitter, LinkedIn, Facebook or Instagram by hijacking accounts.

"If your employees are regularly engaged in personal social media accounts on company-owned devices, they are more at risk of being compromised by scammers and that in turn means the company is more likely to be hacked as a result," Michener said. "All it takes is one infected computer or one hijacked email account to take down a company. If you don't take this threat seriously, you will pay the price."

Blocking sites such as Twitter can be impractical since employees may need it in order to be effective, said Larry Johnson, CEO of CyberSponse, an Arlington, Va.-based cyber incident response firm.

All it takes is for a hacker to gain access to one employee's social media account and they can seek methods to "escalate privileges and spread laterally across the company network by scanning for connected devices and accounts, reusing personal passwords against various business accounts and contacting other employees through hijacked accounts," he said.

"Employees are also more susceptible to scammers during the holidays because they are stressed out, worried, distracted and sentimental," Johnson said. "This plays into the social engineer's handbook because scammers typically prey upon three base emotions of anxiety, fear, greed and sympathy when they target individuals through email, social media, phone calls or other methods."

More of What's Trending on TheStreet: