What are the chances that your customer will have groups of employees using an unauthorised social media platform to communicate? With over 3.4bn Social Media users, according to a recent report and at least 65 social networks globally (QQ, Viber or LINE anyone?), the chances are that even if they say they aren’t, they probably are!
However, for IT teams trying to guard against the unauthorised use of Social Media in their business, these platforms create a major headache when trying to deliver security, protect personal data and ensure business continuity. If your customer hasn’t started to manage their use of social networks yet, here are a couple of good reasons for them to start!
Social networks are driven on personal data and almost all social media platforms are tied to a mobile phone and personal information, which is used to manage the account. With no central administration of the groups and structures that are created, the IT team becomes powerless when trying to protect privileged information.
Take the example of an employee leaving the company and someone forgets to remove them from a group on Whatsapp. They now have access to information that they no longer have a right to view and the IT team have no visibility of the information being shared outside their business. A strong case exists for this to be considered as a security breach, or incident.
eDISCOVERY AND DATA RESIDENCE:
Can the business conduct a full eDiscovery sweep of content on Social media, in the event of an information access request? The data resides on external servers that the IT team won’t be able to access and, of course on personal storage, which might be owned by the employee and outside of the network. To compound this issue, the data may be held in other countries, where privacy laws are less of a concern.
Another WhatsApp-related example here to make the point: WhatsApp has no storage capability- which is great, right? Not so, because people then backup their chats to their personal iCloud or Google accounts, which is really bad from a company perspective. Now, both Apple and Google have a copy of the data. If your customer wants to detail how they store client data securely, they then need to mention that Google and Apple have a copy and it’s also (possibly) held in personal consumer storage.
If the business can say, without hesitation, that people are only using it for non-work-related activity then that’s fine. More likely, if customers are finding that their teams are using it for business use, then there is a genuine GDPR risk around the data being accessed by people who shouldn’t, and the discoverability of data.
IS THERE ANOTHER WAY?
We’re not here to talk about a total ban. Social media clearly has a role to play in helping teams to collaborate and drive efficiency, but it has to be delivered as a centrally managed and compliant solution, if we are to avoid many of these issues.
We’ve already talked about the value of Microsoft Teams. The fastest growing business application for Microsoft, ever, is a good starting point for customers who are already on-board with Office 365. In truth, the majority of customers will want to find a progressive solution to the use of social media, as a blanket ban rarely works. This makes social media compliance another great chance for resellers to sell services; Audits, migration of other approved networks into a single solution, user adoption strategies and training… the list is endless.
Why not message me for a chat about how Marathon can help you ;-)