The guide includes this advice for companies:
Agree whether your company policy is to allow access to Twitter. There is often a clear business case for using Twitter; so be realistic about whether users should be using it. It may be that don’t feel comfortable allowing blanket access to Twitter to all employees, so you could consider granting different access rights to different groups. For example, it may be important for customer-facing or product development staff to use Twitter to communicate with customers or test groups. If you do allow universal access, consider recommending Twitter tools that should and shouldn’t be used; and stay up to date with development and use of those tools.
As with any interactive media tools, keep a close check on productivity. Make clear to employees that wasting company time on personal activity is not acceptable, whether this is spending time on Twitter, Facebook, personal email or the telephone. Give clear guidelines as to how much time spent on personal contact is acceptable. Ensure clear objectives and targets are set by the HR team or line managers, and are being met. If they are, then productivity is not an issue.
Educate your employees about the risks of giving away personal details on Twitter, as on any other media. Don’t give away your Twitter password, or information on Twitter that could expose any of your other personal account passwords. Commonly, these include: date of birth, mother’s maiden name, father’s first name, pet’s name, key home address details and such like.
Downloading malware from unknown sources
Twitter is often used to share information and web links, photos or video links. Make it clear to employees that they should never click on a link they don’t trust, or that is sent by someone they don’t know personally. This may sound obvious, but with the rise of the ‘social web’, it is a point well worth re-iterating. URL-shortening tools such as tinyurl or bit.ly can cloak websites that are being used for malware downloads or phishing attempts. Some of these URL shortening tools have a ‘preview’ function, which allows you to view the URL before you click through – these have been developed as a result of increased security concerns and are worth using.
Associated reputational risks
As with other social media, make it clear to your employees that they have a contractual duty not to bring their company into disrepute. This includes talking about company business on public conversation networks such as social networks or microblogs.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.