Out-Law / Your Daily Need-To-Know

Businesses often lack controls to prevent employee breaches of confidence through social media, says KPMG

19 Oct 2012, 9:59 am

Many businesses lack sufficient controls to prevent staff breaching client and company confidentiality through postings they make online, a cyber security expert has said.

One in four high-level company executives have admitted that "sensitive information" has been posted on sites such as Facebook, LinkedIn or Twitter, according to research conducted by accountancy firm KPMG.

Although many organisations block staff from accessing social media at work, the research has shown that one in three staff at the surveyed firms have been able to "circumvent security protocols on their work devices" in order to access the sites. The research also identified a lack of training on social media use within companies, according to KPMG.

Martin Jordan, KPMG's head of cyber response, said that businesses should remember that there are other online forums beyond popular western social media networks that staff may engage with. He said that the businesses may wish to set out rules for staff to govern the use of secure information and how staff interact online.

"Too many organisations mistakenly believe that the likes of Twitter and LinkedIn are the only social media sites to worry about, but their popularity in the UK does not make them a unique threat," Jordan said. "In an increasingly global world, with satellite offices and customers around the world, attention must be given to country-specific social networking sites such as those in China and parts of the Middle East."

"Even at a local level it is amazing how the simple tricks are the ones that are missed. How often, for example, are passwords changed? How many are too simple to be safe?" he added. "No one is suggesting draconian measures are the answer to protect company reputations, but adopting an ‘ostrich approach’ will not make the problem disappear. At the very least business leaders need to find the balance between doing the right thing for their staff, their reputation and their clients and this often means imposing measures to clarify acceptable levels of communication online."

Companies that adopt a relaxed view of their staff's social media activity could be "exposing themselves to unnecessary high levels of risk," Jordan said, according to KPMG.