The use of collaborative social media within teams has quickly become the new norm for workplaces, whether you’re working in tech, finance, recruiting, or practically any industry across the board.
Boasting improvements in productivity, collaboration, and employee engagement, companies have jumped on board to implement enterprise social media networks like Slack, Microsoft Teams, Workplace from Facebook, and Chatter throughout their organizations.
But while groups and chats may speed up employee recognition, knowledge sharing, and daily decision making, internal communications also bring along a number of risks in compliance and litigation that can be easily overlooked.
Here are a few risks to keep in mind before rolling out enterprise collaboration tools in your workplace, as well as some helpful advice for how to mitigate the issues that may arise with each problem.
1) Sharing of personal information
Information can flow a lot more freely in group chats and private conversations, and with a more informal tone, security processes are often overlooked. An employee communicating a change of social security number, address, or private health concern with HR risks having that information stored within the platform. In the unfortunate case of a data breach, this could be easily accessed.
Recognizing the abundance of personal information online, new regulations like the GDPR are coming into play to protect the personal information of customers, clients and employees. Organizations can now face significant fines according to the law if they fail to put systems in place to protect personal data.
How to mitigate the risk
Clearly communicated policies around acceptable and expected use of these platforms is the first step for any business that’s looking to reduce the likelihood of personal data being shared (and exposed) in this manner.
Make sure that your workforce is left in no doubt of the correct way to use these resources, and schedule regular mandatory training to keep teams updated on internal policies, and reminded of the necessity for these precautions.
Keyword and text pattern monitoring can prove a very effective strategy with regard to keeping personal information off the unauthorized channels of collaborative social media. Pagefreezer offers this functionality, meaning that alerts can be set for specific types of information (i.e. credit card numbers) meaning that it can be swiftly and efficiently dealt with before an issue arises.
Read more about how to comply with the GDPR when using collaborative social media networks here.
2) Information leakage of confidential company/client/customer information
In the same way personal information can be shared, this free flow of information between employees and departments can put confidential company, client, patient, or customer information at the same risks. Credit card information, passwords, deal documents, and sensitive information about unreleased products and services can live in chat conversations and be handled with far less security. This can lead to cases of IP infringement, credit card fraud, or other non monetary consequences like the loss of client trust.
How to mitigate the risk
To avoid sharing this sensitive information on internal social media, again your internal policies will play a key role. It's also key to explore how technology can help you keep track of conversations.
Again, keyword monitoring can be a huge help here, notifying you when such information has been shared in your platform, and flagging it for removal.
Comprehensive archival of your internal social media can also help you to guard against issues in this area. Pagefreezer archives all of your workforce’s conversations in real time, even capturing deletions and amendments. This means that if sensitive information was shared, and then deleted in an attempt to avoid detection, you’d still be able to easily identify the original source.
Learn more about our PageFreezer's social media monitoring and archival by requesting a demo here.
3) Harassment, cyber bullying and inappropriate employee conversations
Conversation conducted over internal social media platforms lacks both verbal and physical cues in the workplace, and as a result, miscommunication of tone and intent can be common. Private chats and online interactions hidden from the public eye can open up avenues for the potential of harassment, cyber bullying, and other inappropriate conversations between employees that can easily go unnoticed (such as the sharing of NSFW memes.)
According to the Federal Rules of Civil Procedure and Federal Rules of Evidence even private conversations are subject to eDiscovery in the case of litigation. Employers can face claims from potential employees, employees, contractors and third parties, and in these instances, digital evidence to support litigation can be requested.
If information from your chats, groups timelines is ever requested for a lawsuit, you must be able to produce this data, correctly formatted and in a timely fashion. Simple screenshots lacking metadata won’t do.
How to mitigate the risk
In order to ensure that you’re protecting your workforce and presenting the important resource that internal social media can represent as a valid so it’s important to invest in an archiving solution that meets data authenticity and integrity standards by adding digital signatures and timestamps to all your online data.
Additionally, by working with a solution like Pagefreezer, you’ll be confident of your ability to produce complete records from any point in time. If posts or private messages are deleted in an attempt to destroy evidence, you’ll still be able to access the original content.
All elements of messages sent and received will be preserved perfectly, right down to the emojis used (which can have a surprising amount of sway when it comes to the interpretation of content’s tone!)
Finally, keyword monitoring can again play a protective role in ensuring that the platform you provide to your workforce remains a safe and secure space for collaboration. Inappropriate content can be quickly identified and removed, and the author identified.
Three steps to internal social media best practice
To avoid compliance and legal risks that can potentially cause serious fines and damages to your organisation’s reputation, the following three approaches can help to ensure you have a solid information governance program in place when using enterprise social media communications :
1) Implement and evaluate your internal social media policies
- Dig up examples of existing social media policies and tweak to fit your company needs. The Hootsuite policy has a few good pointers.
- Determine the “dos and don'ts” when using internal social media platforms, especially with regard to sharing sensitive information.
- Stress the kinds of information sharing that are prohibited on the networks used (i.e credit card information, addresses, personal matters, etc).
- Be sure to include spotlights on cyber-bullying policies, anti-harassment policies and social media communications expectations in your code of conduct.
2) Stay proactive in your compliance with general and industry-specific recordkeeping regulations
- Stay on top of your industry’s record-keeping regulations (i.e for financial services, SEC Rule 17-a3 and 17a-4).
- Use Google Alerts to subscribe to alerts on regulation updates and be sure to keep up on changes to the laws affecting you.
- Educate yourself on new regulations like the GDPR as they come into play.
3) Use strong archiving technology to retain your online records as official evidence
- Learn the differences between using a traditional CMS backup vs archiving vendors
- Evaluate your options for archiving solutions with careful consideration of vendor shortcomings
Want to learn more? See how Pagefreezer assisted a leading financial institution with the secure enterprise collaboration recordkeeping of data for 80,000 employees.