- posted by John E. Surrette, CPA, Senior Audit Manager in the Business Blog
We spend a lot of time talking about the obvious when it comes to fraud; how the fraudster is trying to misappropriate corporate assets for personal or professional gain, how personal greed outweighs the moral and ethical principles that the majority of us abide by, what we need to do to protect ourselves from these threats. While it is critical that we make sure these concerns are addressed, there are other threats that may be present but are not as evident due to their nature and therefore are disregarded during an organization’s risk assessment.
Let’s think for a minute what we, as a society, have been surrounded by for the past several years. It started with reality television, expanded with the advent of texting, and now includes the ever present forces of Facebook, Twitter, and LinkedIn. There is a whole generation of people in the workforce today who think that everyone in the world is concerned with their every move, whether it be heading to lunch, going on vacation, or laying down for a nap. Now I know you might be thinking that I’m starting to drift away from my point (or any point for that matter), but bear with me.
My concern is this – with this generation (which is not necessarily defined by age but rather the need to tell everyone everything about themselves) so concerned about telling the world what they are doing, what might they tell the world about your organization? There are a lot of things happening in your organization on a daily basis, and I know that there are a lot of those things that you may not want to see posted on the front page of the paper for the world to see. Although it may seem like common sense, some of your employees might not think twice about throwing up a post on Facebook about the proposal they are working on, talking about confidential information, or the fact that they are completely unsatisfied with their working conditions and are looking for another job.
So, I ask, what are you doing to make sure your employees aren’t out there virtually airing your dirty laundry to the world? If you said nothing, you are not alone, as this threat hasn’t been around for that long and chances are it hasn’t been an issue for you yet. My question is, why wait?
If you don’t already have one in place, now is the time to get a social media policy implemented in your organization. This will help lay the groundwork for the acceptable use of social media in your organization and makes it very clear that there will be consequences if your employees do not follow the policy. If you are not sure as to what to include in such a policy, here are some tips:
•Ensure your employees know that the use of your corporate computer system is a privilege and not a right, and must always be used in a manner to further the objectives of the organization.
•Hold employees personally accountable for anything they post on blogs, message boards, etc., that relate directly to your business.
•Make sure your employees understand that there is NO PRIVACY on the web. Anything posted on the web can be retrieved for YEARS after it is posted.
•Make sure your company’s intellectual property is treated as confidential in all settings (virtual and physical), and ensure employees understand the sensitive nature of that property and how important it is to your organization.
•Encourage the positive uses of such mediums including what is considered acceptable content and what is not acceptable.
•Have your employees sign the policy asserting that they have read and understand it.
There are numerous other items you can include in your social media policy, but the key thing is to make sure it is tailored to your organization and effectively communicated to your employees. In addition, by implementing such a policy, you are showing them that you are aware of the positive impact that these tools can have on your organization and that you not adverse to using new technologies to promote your business. Please let me know if you would like help in getting such a policy instituted in your organization.