
The COVID-19 pandemic-induced lockdown saw organisations worldwide facilitate work from home (WFH) or work from anywhere (WFA) as the new normal. Employees were equipped with new and advanced technologies to access official applications and tools for work as well as personal devices. Remote working saw blurring boundaries between official and personal time and one of the outcomes that emerged was employees accessing social media applications while carrying out the official work. Essentially, all it took was a tap or swipe to launch into the realm of social media.
The inevitable rise of social media (risks)
As per the Digital 2021 Global Overview Report, active global social media users are over 4 billion and, on an average, spend over 2 hrs per day on social media. The numbers have increased over past 3 years by more than 1 billion and are now close to over 53 per cent of the population worldwide.
The pandemic curtailed in-person interactions, leisure outings and recreational activities, and this led to social media filling the void in many ways. However, today’s remote working set-up where employees are often using their personal devices for office work, including policies such as Bring Your Own Device (BYOD), organisations can get exposed to several risks. The indispensability of social media cannot be disputed but lack of proper cyber hygiene can potentially lead to cyber-attacks with confidential and sensitive official data being leaked inadvertently. The consequences from a reputation, financial and even legal and regulatory standpoint can often turn out to be detrimental to the brand. A recent decision by the autonomous body, an honourable court, upholding an employee’s termination for violating the employer’s social media policy has stirred this debate further.
According to an EY-ACFE report, Reshaping the future of compliance with emerging technologies, 52 per cent of the respondents stated that risks arising from social media have risen in the last 1 year. The switch from traditional to remote working can be deemed one of the major reasons here. For example, photos posted on social media platforms related to official work may have confidential or sensitive information visible in the background such as passwords, details of important clients or assignments. Employees may comment or post on certain topics and unknowingly share critical information. There have also been several cases of social engineering as well as ransomware attacks.
The road to social media compliance
The rapid proliferation of social media should have organisations undertaking rigorous compliance measures to mitigate possible threats. With many large companies announcing ‘permanent’ WFH or WFA, implementing a robust social media policy should be a prerequisite in the new normal. The social media policy acts as a guide for employees to understand various issues, controls and repercussions emanating from using social media at work. In addition, organisations should arrange training, and awareness camps so employees can understand the nuances, be mindful about the company policy and aware of new risks that may arise in today’s fast changing digital world.
Remote working has led many companies to increasingly use eLearning through virtual trainings, bite sized digital learning capsules, workshops, and awareness camps, making the process modern, customisable, and interesting. eLearning also allows companies to incorporate interactive components, let employees move at their own pace, and even adjust the modules so employees only have to go through topics that align with their role.
An organisation's social media policy should clearly establish the expectations, as well as dos and don’ts to be followed by the employees in order to be compliant. Training efforts – whether its classroom or virtual - on social media compliance should highlight and encourage the following to all employees:
The power and influence of social media is unparalleled, and the reality is that it is rising at a drastic rate. Its utility and impact in the workplace – remote or hybrid or traditional - will be imperative as it becomes even more ingrained in personal and professional lives. With the future of work here now, organisations will have to be flexible while parallelly managing new risks, strengthening compliance processes, and enhancing internal controls. All these are fundamental to safeguard against the potentially damaging side of social media. Training and communication are also instrumental here to elevate employee awareness and knowledge on social media threats, compliance measures and means of mitigation.
Views are personal. The author is Partner, Forensic & Integrity Services, EY.