13 December 2017
Social media part 3 - Protecting your digital assets
Social media platforms, such as LinkedIn, Twitter and Facebook, are fantastic tools for promoting and building a company’s brand, as well as gathering intelligence on markets, customer opinion and on possible recruits.
But, whilst social media offers fantastic business opportunities, it’s very easy for companies to fall foul of data protection and employment laws when vetting potential recruits. Employers also need to ensure that social media is used appropriately by employees, and, importantly, to successfully protect their digital assets from being shared or stolen online.
In our new series of Social Media Advice Guides, we look at how you can protect your business across the entire employee lifecycle, including:
This guide, Protecting your digital assets, looks at:
- The risks to your digital assets from within
- Consequences of those risks – the case of Morrisons data breach
- How to protect your digital assets from being shared – six simple steps
Social media – Protecting your digital assets
The theft of digital assets, including confidential client and company information and intellectual property, trebled between 2009 and 20131. Of course, a fair amount of that loss can be put down to external theft, but that is not always the case.
There are increasing tales of disgruntled employees sharing confidential information on line, as well as employees taking digital assets with them when they leave. With more and more business assets being embodied in digital form, the negative impact on the business of such loss is only likely to increase.
Naturally, social media is exacerbating the problem, as people have the ability to share information via social media sites is quickly, widely and very, very easily.
Unfortunately, the cost to organisations can be significant, as the supermarket chain Morrisons recently discovered when an employee caused a serious data breach.
Stolen from within
In July 2015, a Morrisons employee was accused of handing over the supermarket chain’s entire 100,000 employee payroll database containing names, addresses and bank details to journalists. The reason he did so? Allegedly he harboured a grudge against his employer over a disciplinary action.
Morrisons claims that the cost of fixing the data breach has cost the business in the region of £2 million, although the price of mending the trust between the business and its employees, and the impact on its reputation, is likely to be immeasurable. But it could have been so much worse.
Had Morrisons pay roll data fallen into the wrong hands, the exposure of the confidential and sensitive information could have constituted one of the most series data breaches in British corporate history.
The information was, in fact, sent by email, but this case serves as a very good example of the impact of digital data breaches, however they might be sent into the outside world.
A point to note. The European Parliament has recently approved a draft data protection law. Should this be implemented, companies could be fined 5% of their global turnover in the event of a serious data breach. Definitely one to watch.
Of course, the stealing or sharing of company assets by employees, digital or otherwise, is sadly always a potential risk. But there are measures that companies can put in place to mitigate those risks and put themselves in a much stronger position should any digital assets be stolen within the remit of criminal, defamation and libel laws.
Protecting your digital assets from internal sources
Following these steps will put your business in a far better position should digital assets go astray:
- Clarify what information is confidential, as well as what you consider intellectual property
- Be very clear about what sources of confidential information are included, such as client and prospective client data held on social media sites like LinkedIn
- Make sure your restrictive covenants are clear – when an employee leaves they should be in no doubt what client and prospective client data needs to remain firmly within the business
- Don’t wait until an employee resigns to clarify what is legally yours, as by then it will be too late – state ownership of digital assets clearly within employment terms and conditions
- Update your existing policies so they extend to protect your digital assets, and include any necessary wording in employment contracts, handbooks and in your policy on use of social media in the workplace. For example, intellectual property, confidential information and restrictive covenants extend to include outlook contact databases
- Educate staff about your policies and what would happen should those policies be breached.
There is not doubt that the need to protect an organisations digital assets from being shared or stolen, and particularly via social media, is becoming increasingly paramount.
Organisations that don’t take action will find out the true cost when something does go array, and by then, of course, it will be too late because the damage will be well and truly done.
For more information on how to develop a social media policy for your business, contact us on email@example.com or call +44 1534 747559 or +44 207 740 3237.
A Pdf copy of this advice guide is available below.