Interns: Cyber Security & Social Media Policies

Topics: Small Business Advice

With the arrival of summer, college students across the country get ready to start internships at companies both large and small. Their goal is to learn about a particular industry, gaining the knowledge and skills they’ll be able to utilize for future job opportunities.

interns undergoing security awareness training

Hiring interns can be extremely beneficial for small businesses as a way to recruit and train future employees. In a tight job market, you can build relationships with these young and eager individuals, getting to know their personalities, their work ethic and how they adapt to your company culture. However, while the experience is valuable for both parties, it’s important for organizations to keep in mind that Generation Z is one of the most enthusiastic groups of social media users to enter the workforce. And, while sharing their excitement for their new position can help promote a small business in a positive way, the information they post daily can also be a veritable treasure trove for hackers.

Social Media in the Workplace: Reasons Small Businesses Need a Social Media Policy

Seemingly harmless posts on social media sites like Facebook and Instagram can include a variety of sensitive information interns may not even think about. For instance, the layout of the office building, desktop applications and the names of digital files, employee calendars, email accounts and even passwords left on sticky notes by a laptop, can easily lead to a cyber security breach. Sometimes, excited interns may even post a photo of their new badge. This might seem like no big deal to the average social media user, however, hackers can easily use that image to produce fake badges to allow them access to the building or other secure locations.

This is why it’s vital that businesses of all sizes create a social media policy, which helps explain:
  • The proper, clear and consistent messaging to customers and the media that follows brand standards
  • Keeping confidential or proprietary information as secure as possible
  • How to properly represent the brand online including the use of company logos, trademarks or copyrighted information
  • Social media activities that could be considered discriminatory, harassment or other forms of misconduct
Remember, even if employees post comments on social media as an individual, people may perceive such comments to be made on behalf of the company – especially when the company is listed as the employer on the individual’s profile page.

Cyber Security Awareness Training for Employees

Simple human error is a main contributing factor to the large amount of data breaches organizations of all sizes experience every year. In fact, while 48 percent of these breaches are caused by hackers, the other 52 percent can be attributed to human error or system failure. Implementing a cyber security awareness training program can help ensure all employees clearly understand the security policies of the company, as well as the potential risks associated with a data breach – including data breaches that are caused from oversharing on social media platforms.

All employees, including interns, should have a thorough understanding of the types of behaviors that could increase risk. Cyber security awareness training should start with the C-suite, who is responsible for designating the budget for such programs. A few features the training should include are:
  • Tips for creating a strong password. Secure passwords are often the first step in protecting sensitive data, so employees should be aware of best practices like using a mix of numbers, letters and characters, avoiding keeping passwords out in the open and sharing them with their coworkers.
  • Cyber security drills. These “live fire” training exercises help employers understand how great a risk they are at for a data breach caused by employees. To evaluate how educated the team is, some organizations may send out emails that simulate a phishing scam, asking employees to open an attachment or click a suspicious link.
  • Ongoing evaluation of systems and employees. Consistently evaluating possible vulnerabilities can also help organizations understand their risk for a cyberattack. Monitor any potential weaknesses among employees and the systems utilized on a daily basis.
  • Consistent communication. All security policies, including the social media policy and cyber security policy, should be widely communicated throughout the organization. Keep all employees aligned on best practices through regularly scheduled training procedures.

Cyber Liability Insurance from AmTrust Financial

Keep your small business protected from the costs associated with a variety of cyber security attacks with a Cyber Liability Insurance policy from AmTrust. Cyber liability coverage helps protect your company from a range of cyberattacks, and AmTrust is committed to evolving our coverage as new cyber threats emerge for our customers. For more information, please contact us today.

This material is for informational purposes only and is not legal or business advice. Neither AmTrust Financial Services, Inc. nor any of its subsidiaries or affiliates represents or warrants that the information contained herein is appropriate or suitable for any specific business or legal purpose. Readers seeking resolution of specific questions should consult their business and/or legal advisors. Coverages may vary by location. Contact your local RSM for more information.

Time Zones