Guest Column | December 18, 2017

New Year's Resolution: When Setting Archive Policies, Don't Forget Social Media

Social Media Health Policy

If you don’t read anything else about data management and protection as we enter the New Year, there’s one resource that should be at the top of every organization’s list, in every industry. It’s a brand-new Osterman Research Report that shares Best Practices for Archiving and Securing Social Media and Collaboration Platforms.

The reason that this report is so important to your organization’s plans for 2018 from a business, legal, compliance, and IT perspective is revealed by one of the white paper’s primary findings: the vast majority of organizations of all sizes are severely lacking in their data management and governance policies when it comes to social media and other cloud collaboration platforms.

This is a major omission, especially when we recognize that most organizations do have well-established archiving policies in place for corporate email and file shares. While securing email is a great start, it’s certainly not enough in today’s world, where countless organizations have found themselves caught in a compromising position caused by a malware infection that infiltrated via a social media channel or collaboration system — most commonly Facebook.

While some companies may feel secure using non-enterprise social media tools without retaining social media content from their non-enterprise accounts, this is foolish, since such tools are unlikely to protect account access and content beyond the degree required to satisfy corporate security policies. Yet even though fewer than three in five organizations retain social media content from their enterprise accounts, these social platforms often contain important business information, just like corporate emails do.

With this in mind, I suggest that every company put the following item at the top of their list of New Year’s resolutions this year: Consider and implement the five best practices below in the context of proper management of social media and collaboration tools.

Ask Questions To Learn Why Social Tools Are Used

IT administrators and other decision makers can’t determine how to properly manage their company’s social media without first gaining a full and complete understanding of exactly how social media and collaboration tools are being used throughout the organization. Ask the questions below as a starting point to gather intelligence from key stakeholders that will illuminate corporate usage of social platforms and collaboration tools. The answers to these questions are what should drive decisions about the level, policy, and technology implementation required to manage these tools:

  • Are employees and/or managers using personally managed social media tools to send out business content (for example, links to corporate documents)?
  • Are any employees using their personal social media accounts, on their own smartphones or other devices, for informal, non-business-related communications? What about on company-owned devices—how is social media used there?
  • Is social media being used as a tool by the marketing team to send out corporate messages, offers, or announcements?
  • Is social media one of the tools that employees use to communicate with business partners, prospects, or clients? If so, which types of social accounts are they using—personal and/or corporate?
  • In what ways are regulations or laws governing the company’s social media posts (or are they)?
  • Has the company created an ROI analysis to determine how, where, and why social media should be used, or is the process more haphazard?
  • Does the organization monitor social conversations to see which ones might affect the brand/company either positively or negatively, and can the organization join the dialogue?
  • How do users access their social media tools—using a website, desktop app, or mobile phone app, for example?

Develop Detailed Social Policies

Armed with the answers to the usage questions above, decision makers next need to consider developing a thorough, written social media policy—regardless of whether the company uses non-enterprise tools like Facebook or an enterprise-grade social media solution. When developing the policy, ensure that it is integrated with the company’s overall communications policies, clearly defines the acceptable use of social media, and also states the right to monitor social media communications. Additionally, make social media policies granular so that different roles can be subject to different policies. The policy should also:

  • Define which social/collaborative tools are acceptable. The social media tools approved for business purposes — and just as importantly, which ones are not approved — should be spelled out in a corporate policy. Be sure to specify not only the approved social media sites themselves, but also the approved devices through which the sites can be accessed.
  • Determine who ultimately “owns” social media contacts. Every social media policy should consider succession planning. In other words, when an employee leaves the company, the corporate policy should pinpoint who “owns” the followers or friends that were collected on a corporate account.
  • Communicate consequences for policy breaches. Social media policies should clearly note the consequences for employees of any policy violations.

Continuously Manage How Staff Use Social Tools

Even after communicating social media policy, it’s important for organizations to deploy the right technologies for help monitoring social media posts for policy violations. Technology solutions can also help on the front end when it comes to malware, providing proactive protection. Three best practices in this arena include:

  • Educating users about the dangers of oversharing sensitive information on social media and accepting “friend” requests from people they don’t know.
  • Scanning for malware since many types of threats can enter an organization through social media, such as ads in Facebook or malicious links in tweets.
  • Restricting access from users as needing and monitoring outbound content—this is especially critical in industries that are heavily regulated.

Archive Business Content From Social Tools

It’s important for IT to maintain an archive and log of all critical content in social media and collaboration tools. If in doubt, it may be smart to archive all social content rather than risk that some vital content could be missed. Each organization’s strategy, though, should largely depend on the industry in which it operates, as well as management’s risk tolerance and the advice of legal counsel.

When archiving and logging, it’s key to use a solution that ensures transparency into the identity of the people who use social media tools in the company, and that content can be tied back to each employee’s corporate identity. Also remember to retain the context of social media posts rather than just monitoring them. And don’t forget to archive business information in text messages, since regulatory bodies like FINRA have determined that information sent via text must be retained like other electronic communications.

Use Enterprise-Grade Solutions

At the end of the day, many of the organizational problems that come from social media are a result of employees using non-enterprise tools in the workplace, like Facebook. As a safer alternative to safeguard corporate data, decision makers should think about changing this form of social out with an enterprise-grade social media or collaboration solution. It’s nothing against Facebook, it’s just that enterprise-grade tools offer features and functions that can address many of the security and archiving concerns that are raised by consumer-focused tools.

As you ponder adding these five best practices to your New Year’s resolutions, I’ll leave you with this thought: social media usage—both from “official” corporate accounts and employees’ personal ones—is on the rise. As organizations grapple with how to manage and monitor these various forms of social media and the content that flows through it, IT decision makers must consider the value of a solution that can archive multiple content types, not just email or just social media. A single archive managed via a single interface will blow a set of siloed solutions out of the water from an efficiency standpoint, as well as a security one.

Bill Tolson is Vice President of Marketing for Archive360.