Post on 26-May-2020
Social Media – Be Aware or Beware!
Presented by
Debra Pagel, Director, Human Resources Consulting
Wisconsin Government Finance Officers
AssociationApril 10, 2014
2 ● sch en cksc.co m
Social Media – A Revolution or a Fad?
3 ● sch en cksc.co m
Today’s Learning Objectives:
1. Selected social media technologies and how they are used today
2. How local governments are using social media 3. Risks associated with use of social media technologies 4. Controls to help organizations manage these solutions 5. How might social media be used in the future 6. Resources for additional information
5 ● sch en cksc.co m
Donut Story of Social Media
6 ● sch en cksc.co m
Why Should Government Use Social Media?
• Interact and engage with citizens and stakeholders• Improve quality of government services• Share news, successes• Answer questions, diffuse rumors• Share helpful information• Highlight volunteer opportunities• Update the public on emergency situations• Personalizes your government – not a nameless,
faceless entity
7 ● sch en cksc.co m
• Launched in February 2004 (Mark Zuckerberg)• Used to stay connected with friends and family• There were 1 million active users in 2004• 1.11 billion monthly active users at the end of March
2013• During March 2013, on average 665 million users
were active with Facebook each day• Fastest growing demographic: 55+• “Friend” individuals or “Like” governments/
brands/celebrities/products
Winnebago County Sheriff’s Office
City of Appleton Public Works
10 ● sch en cksc.co m
• Launched in July 2006• 140 characters to share whatever you want• 554 million users and 58 million tweets per day (May
2013)• “Follow” other people/organizations on Twitter• Wefollow.com to find people to follow
City of Stevens Point
12 ● sch en cksc.co m
• Created in May 2003, the largest professional network on the Internet with 225 million members (as of June 2013)
• More individual (rather than organization) focused, but a good recruiting tool– Focuses on the professional profile, achievements and
activities of users– Individuals “connect” with others they know
• From an organization standpoint: share news, information
• Users can “follow” your organization to receive these updates
City of Green Bay
14 ● sch en cksc.co m
You Tube
• Post a variety of videos to make your page interactive• Make biography videos and introduce your team to
the community• Make videos about local happenings• Make informational videos about some of your most
frequently asked questions
Fairfax County, VA
16 ● sch en cksc.co m
Social Media Management Tools
• Some tools are free• Can manage multiple social media networks on the go• Update, view, and comment wherever you are• Schedule updates• Paid tools are more robust and have reporting
options
TweetDeck HootSuite
17 ● sch en cksc.co m
Monitor
• You must know what is working and what is not!• Do you respond to comments, questions, or messages
on the same day they are posted (or within 24 hours)?
• Do you review your accounts for any inappropriate comments or posts and remove them timely?
• Do you use a social media disclaimer to help avoid unnecessary situations and also refer to the disclaimer when addressing inappropriate posts?
18 ● sch en cksc.co m
So Let’s Talk About Risks…
• Social media content is forever
• There is no cost to join many of the social media sites
• There is little or no verification to become a member
• Information on social media sites is not validated
19 ● sch en cksc.co m
Managing Access
• Rogue (unauthorized) social networking sites• Unauthorized or accidental posts:
– Well-known example – 101 characters– The tweet was posted in March 2011 by an employee of
News Media Strategies on Chrysler's Twitter feed. The message was meant for the employee’s personal Twitter account.
“I find it ironic that Detroit is known as the Motor City and yet no one here knows how to @#*& drive.”
20 ● sch en cksc.co m
Managing Access – Mitigating Strategies
• Maintain separate personal and business membership accounts (do not use the same user ID and password)
• Conduct all work-related social media activities at work on government-owned equipment
• Restrict access to only those employees who are responsible for your social media site
• Monitor your social networking sites for connections to potential rogue sites
21 ● sch en cksc.co m
Operational Threats
• Reduction in associate productivity –social “notworking”– Social networking now accounts for over 20% of all time spent
online in the U.S.– Studies show that over 70% of Facebook users access the site
during work time
• Disclosure of sensitive information
22 ● sch en cksc.co m
Operational Threats – Mitigating Strategies
• Monitor website traffic and restrict access to sites that pose significant risk
• Provide employee, business partner, and citizen education and awareness programs
• Maintain policies with sanctions / consequences for noncompliance
• Maintain crisis communication and incident response programs
23 ● sch en cksc.co m
Identity Theft
• Profile Information– Contains answers to security challenge questions– Could provide attacker information for social engineering
• Malware / Social Engineering– Malicious e-mail attachments– “Clickjacking” – tricking a user into clicking on something
different than what they think they’re clicking on– Malicious applications / malware– Phishing– Spear phishing
24 ● sch en cksc.co m
Information often collected during social interactions:• Birthdate• Birthplace• Marital status• Mother’s maiden name• City and state• Phone numbers• Email address
– Friends and relatives
• Education• Employer/work history• Pet’s name• Father’s middle name• Lifestyle – hobbies, music,
activities• Travel locations and plans• Current location
Personal Information
25 ● sch en cksc.co m
Identity Theft – Mitigating Strategies
• Use effective privacy controls• Monitor privacy security configuration settings• Review your social media privacy policy• Provide awareness programs for employees and
customers• Do not open e-mail attachments from addresses you
do not know• If unsure, ask or call before clicking
26 ● sch en cksc.co m
Identity Theft – Mitigating Strategies
• Maintain effective anti-virus and firewall protection• Install security updates for common client software
such as Microsoft, Adobe, Flash Player, Java, and RealPlayer
• Enable your browser’s security configuration settings• Use strong/complex passwords• Prohibit installation of unauthorized software
27 ● sch en cksc.co m
Key Objectives of HR With Social Media
• Develop appropriate policies and procedures
• Train managers and employees on the potential risks and best practices regarding the use of social media
• Investigate complaints of noncompliance
• Mitigate and manage exposure to risk
28 ● sch en cksc.co m
Primary HR Use of Social Media
• Recruiting Candidates– Over 50% of organizations frequently scan various social
networking sites for recruitment purposes• Seek professionals who might not otherwise apply or be
identified by recruiters• Less expensive method of recruitment• Increase employer brand and recognition• Target candidates at specific career levels (most
successful in recruiting mid- to upper-management level positions)
29 ● sch en cksc.co m
Primary HR Risks in Social Media
• Pre-employment screening– Potentially obtaining information that is inappropriate or
illegal to use in the hiring process (e.g., age, race, color)– Potentially inaccurate information as information on social
networking sites may be susceptible to manipulation
• Lack of coordination with other policies, i.e., Code of Conduct, Harassment, GINA, etc.
• Unfair labor practices• Safety
30 ● sch en cksc.co m
Primary HR Risks in Social Media
• Lack of separation of personal and professional communications
• Social engineering/unintentional security risks• Disclosure of intellectual property of other sensitive
information• Loss of employee productivity
– Email: 2-4 hours per day– Social media: 1-2 hours per day
31 ● sch en cksc.co m
Controls to Consider with Social Media
• Perform a risk assessment – 4 key areas:1. Organization reputation2. Regulatory and compliance violations and penalties3. Legal and privacy matters4. Operational matters
– Employee productivity– Release of confidential information– Introduction of malware– Direct attacks through social engineering– Business continuity issues for digital business
channels
32 ● sch en cksc.co m
Controls to Consider with Social Media
• Establish a social media policy• Monitor compliance with social media guidelines and
regulations• Post disclaimers related to handling of privacy
information• Configure appropriate privacy configuration settings• Obtain “second set of eyes” for content prior to
posting• Monitor all social networking sites regularly for
anomalies
33 ● sch en cksc.co m
Policy Components
• Define your government’s meaning of social media• Do not restrict your employees from discussing the
terms and conditions of their employment with other employees
• Do prohibit unauthorized disclosure of confidential or proprietary information – e. g., customer information, employee names, strategic plans, etc.
• Do not allow placement of any disparaging posts regarding vendors, suppliers, citizens or other stakeholders
34 ● sch en cksc.co m
Policy Components
• Do not allow use of intellectual property and/or copyrighted materials without expressed permission
• Indicate that your government will monitor employees’ use of social media
• State that employees have no expectation of personal privacy when using social media sites
• Limit and/or prohibit the use of social media during business hours unless it is work related
35 ● sch en cksc.co m
Policy Components
• Require work-related social media activities to occur at work and on government equipment
• Ensure the policy only contains factual statements about your organization, information from the organization website, and/or information that is considered public domain
• Prohibit personal point-of-view statements from employees to be posted on government sites
• Prohibit employees from speaking on behalf of, or as an agent of your government, when engaged in personal social media activities
36 ● sch en cksc.co m
Policy Components
• Establish that employees are to maintain professional and ethical standards and guidelines of the government while working on social media sites
• Prohibit violation of any other government policies while working on social media sites
• Do not allow installation of unauthorized software• Manage a formal process for reporting violations of
social media policies that may occur
37 ● sch en cksc.co m
Policy Components
• Include a sanction statement that indicates the violation of the social media policy may result in disciplinary action, up to and including termination and/or civil or criminal prosecution
• Require employees to acknowledge the policy on at least an annual basis
38 ● sch en cksc.co m
Policy “Gotchas”
• Stay aware of the developing landscape of social media and the implications on social media policies and practices
• Recognize that social media is an evolving area of employment law and an area that needs to be monitored regularly to ensure effective and ongoing compliance
• Don’t under-estimate the value of maintaining a formal strategic plan for social media and ensure your government policies and procedures align with that plan
39 ● sch en cksc.co m
10 Social Media Mistakes to Avoid
1. Flying by the seat of your pants (skipping the plan)2. Using too much automation3. Broadcasting or sharing only your content4. Being inconsistent5. Lacking personality6. Ignoring feedback7. Assuming that social media is easy8. Spamming9. Posting the same content everywhere10. Repeating mistakes
40 ● sch en cksc.co m
What Should an Audit of this Area Include?
• Governance / strategic planning / policies and procedures
• Ownership of social media sites• Risk identification and mitigation processes• Site change management• Use of technology to allow/disallow/monitor site access• HR involvement• Training / awareness programs
41 ● sch en cksc.co m
What Should an Audit of this Area Include?
• Data classification of information on social media sites
• Security/privacy authentication controls for sites• Security/privacy access controls over sites and data• Tools to protect the infrastructure from
viruses/malware• Tools to monitor usage and effectiveness of sites• Incident response program• Backup and recovery of social media sites and data• Third party vendor controls (if your sites are
externally hosted and/or managed on your behalf)
42 ● sch en cksc.co m
Social Media in the Future!
• Remember that social media is not about:– Technology– Products– Your government
• Social media is about:– Connecting– Communication– Relationships– People– People helping people
43 ● sch en cksc.co m
Social Media in the Future!
• It’s about the future of your government• It’s about being engaged with your citizens,
employees and stakeholders• It’s about reaching large populations almost instantly• It’s the new “Weapon of Mass Discussion”• It’s about (you fill in the blanks…)
44 ● sch en cksc.co m
Social Media in the Future!
• In the book by Dale Carnegie called “How to Win Friends and Influence People,” he included the following quote:
“If there is any one secret of success, it lies in the ability to get the other person’s point of view and see things
from that person’s angle as well as your own.”(Henry Ford, 1937)
• That’s really what social media is all about – getting perspectives to find clarity and meaning in your vision
45 ● sch en cksc.co m
Social Media in the Future!
• In the book by Steven Jones titled “The Emergence of the Digital Humanities,” was the following quote:
“Cyberspace, not so long ago, was a specific elsewhere, one we visited periodically, peering into it from the
familiar physical world. Now cyberspace has everted. Turned itself inside out. Colonized the physical.”
(William Gibson, 2010)
46 ● sch en cksc.co m
In Closing – Communication is Key!
• Embrace social media in your organization• Train managers and employees on your social media
policies, procedures, and practices• Regularly share news and updates• Ensure your employees are well-trained on the
functionality of your social media sites so that they can use such sites to the government’s advantage while mitigating potential risks
• Enjoy the ride!
47 ● sch en cksc.co m
Internet Resources
• Ponemon Institute –www.ponemon.org
• Privacy Rights –www.privacyrights.org
• www.cfo.com• www.cio.com
– “How to Guide for Facebook”– “How to Guide for Twitter”– “How to Guide for LinkedIn”
• ISACA – www.isaca.org
• ITGI – www.itgi.org
• NIST – www.nist.gov
• State Laws – www.ncsl.org
• Social Media Examiner –socialmediaexaminer.com
• Social Media Today –socialmediatoday.com
48 ● sch en cksc.co m
DEBRA PAGELDirector of Human Resources Consulting715-675-2351debra.pagel@schencksc.com
Questions?
Wisconsin Government Finance Officers
AssociationApril 10, 2014