Posted on

3 Important Ways to Secure your Business’ Social Media Accounts

There is no doubt that social media has emerged as an important corporate branding tool. This ubiquitous, cost-effective tool for marketing, promotion, and communicating with customers is both advantageous and precarious. The cleverest campaigns can go viral, gaining the attention of broadcast media and drawing widespread attention to your brand. However, equal levels of negative attention, and potentially legal action, is directed at a brand when social media goes wrong.

McDonalds was caught in a precarious situation recently when its Twitter account was hacked and they were left apologizing and cleaning up the mess. The tweet read “@realDonaldTrump You are actually a disgusting excuse of a President and we would love to have @BarackObama back, also you have tiny hands.” McDonalds responded by posting a statement “Based on our investigation, we have determined that our Twitter account was hacked by an external source. We took swift action to secure it, and we apologize this tweet was sent through our corporate McDonald’s account.”

Compromised social media accounts are not the only risks to consider. Posts created by authorized account users can also pose a threat to a company’s brand. So, what are some steps you can take to mitigate risk? MessageWatcher suggests three important measures.

  1. Monitor your Social Media Accounts

The MessageWatcher solution allows you to define key words to search in your company’s social media accounts. You will be alerted immediately when an account is compromised or an inappropriate post is made in any of your social media platforms. You can expand the search to include your employees’ personal accounts, as well. You will be able to respond quickly to any content that does not comply with your marketing strategy.

  1. Implement Social Media Guidelines and Provide Training

Don’t assume that your employees know what is or is not appropriate content. When you establish clear rules about social media, you will mitigate future misunderstandings and missteps. Creating social media guidelines and imparting those to employees will reduce the risk of an employee mistake.

  1. Prevent External Sources from Gaining Access

There are a few steps you can take to reduce the risk of your accounts being hacked.

Review your privacy settings on all of your accounts when you set them up, and review them on a regular basis. Select a strong password and change it frequently.   Use different passwords for different accounts. Always log out of accounts on shared computers, and be cautious while using public Wi-Fi, as sensitive data can be easily exposed on a public Wi-Fi network.

While these steps may not be foolproof, they will lessen the risks.   Reviewing your social media strategy and policies on a regular basis is likely to keep your company safeguarded.

Posted on

Managing Public Records Requests for Electronic Communications

Public Records Requests, Freedom of Information Act and More

Technology has certainly made communications easier and more mobile than ever across all mediums. This also expands the realm of public records requests from the media, citizens and other organizations.

Reduce ediscovery costs with MessageWatcher

The Technology Opportunity and Challenge

Prior to 2006, the challenge of managing communications and producing records was controlled through email and how digital documents were stored on an organization’s central file server. In the last decade, the combination of cloud-based platforms for business and the proliferation of smartphones and tablets has exacerbated the creation of electronic records – while making the governance of those records a significant headache.

Now public records can include:

  • Email,
  • Documents stored anywhere from a file server to any cloud platform (e.g. Box, Dropbox, Google Drive, One Drive),
  • Social media messaging and posts,
  • Text messaging,
  • Websites and blogs.

This can make satisfying a public records request quite a challenge if you have to navigate numerous systems, accounts and technology mediums to acquire the data necessary.

Determining Archiving Needs for Public Records Requests

The most critical components of archiving in light of potential public records requests are communications between employees and officials and the public (from constituents to other private sector individuals and organizations). By looking at the possible segements of electronic communications – this can help you identify your requirements and build your list of questions for potential providers.

Mediums of Communications for Archiving

Email – email remains the core messaging tool for business of any kind, from government to private sector. The volume remains extremely high due to the solutions put in place for organizations – from Google for Work to Office 365 from Microsoft. Email also generally contains the most data, from longer form messages and conversations to attachments of all kinds (including potentially sensitive information)

Documents – these span all possible types of files created in day to day operations, from letters and memos to reports, spreadsheets, drafts of legal work, schedules, task lists and more. It is essential to standardize on one platform (be it cloud or offline) so as to make certain all files are in a central repository for backup and supervision and retrieval of data for requests.

Social Media – while not a medium for full conversations like email, social channels continue to expand to incorporate engagement that includes questions and answers and other conversations as well as private messaging. It is absolutely now a channel to archive and supervise in conjunction with your email archiving.

Text Messaging – relatively new to public records requests, however, now should be treated just like email. Insure you can capture text messages from your organization-owned mobile devices if employees and officials can send and receive text messages (including pictures).

Websites and Blogs – don’t overlook this area of your communications. The publication of schedules for meetings, articles and commentary from your organization as well as the sharing of documents created are found here. If they pertain to an issue within a public records request, you may need to be able to “go back in time” as to how a website looked on a certain date.

Take this list to your archiver and review how you can capture data in these areas. The convenience of having one central dashboard for retaining, supervising and retrieving electronic communications for public records requests could save days or even weeks of time in the traditional research and assembly for these requests.

Posted on

Archiving Key to Cyber Security Plans

Archiving and Cyber Security

Much like some organizations found themselves unprepared for massive amount of data coming from the business use of social media in recent years, a wave of security fatigue is already emerging for many managers responsible for protecting operational data. The onslaught of news covering cyber security attacks and data breaches are daily. Paired with an always on stream of doom-sayers, organizations are challenged to stay current and ever feel that they are addressing their cyber security risk.

To set your perspective, let us agree that nothing can be made “un-hackable”. Assuming that means we need to determine what are the steps we can take to shore up our defenses to reduce the risk of compromise in our organizations. One area beyond the firewalls and gateways is operational data. This data is, at the core, the electronic bits and bytes that make up nearly all of doing business day to day from an information point of view.

This includes:

  • Messaging, from email to social media, websites as well as text messages,
  • files ranging from reports, correspondence, contracts and other documents,
  • images, video and audio and other more dynamic data, and
  • meta data, such as dates and times and related information that helps define this data.

Where will we find the largest store of this data? Primarily in your archiving and governance platform(s).

While these data can be spread across multiple online and offline locations, the email inbox remains one of the core destinations where all of these data converge. Likewise, that now means it also syncs beyond the organizational computer to tablets and smart phones (and various cloud backup platforms).

While this may make you even more queasy, consider that if more than 100 billion business emails* are being sent per day, the optimal place to insure a secure, accessible archive and backup is your email archiving solution.

This means:

  • Your core operational data is secured in an off-site backup (beyond compromise if your primary network is breached)
  • This data includes communications (email, social, web and text) and the subsequent standard and dynamic attachments of files, audio and video already
  • This data store is easily searched and reported on, with support for not only standard governance needs but also supporting regulatory and other legal elements, for compliance and/or litigation.

By considering your governance and archiving platform(s) as elements of your overall cyber security risk planning – you can balance the resources you need to secure your operational data with strong partners whose sole focus is providing strong, scalable solutions for these needs.

To learn more about how archiving is as key to cyber security as it is compliance, contact us.

*Radicati Group: Email 2015-2019: http://www.radicati.com/wp/wp-content/uploads/2015/02/Email-Statistics-Report-2015-2019-Executive-Summary.pdf

Posted on

Avoiding Archiving Fines: Review of Policies & Tech

Avoiding Archiving Fines for Email and More

Archiving and supervision as a process have been in the lexicon of most businesses since at least the late 1990s. However, avoiding archiving fines seems to continue to elude some organizations. Capturing electronic communication – be they for regulatory purposes or just good record keeping – should be in the “DNA” of any organization as good governance.

Of course in many industry segments – financial services, government and healthcare to name a few – it is mandatory. However, for the vast majority of organizations, having a record of what has been “said and done” allows you to manage and defend yourself, your organization and the brand.

Email Archiving WORM Storage and Policy Reporting

Year over year, the fines and penalties continue to mount, even for something as mainstream (now) as email archiving. Even in the last six months we have seen fines both large and small, for failure to supervise email communications as well as for failure to properly design secure storage for retention of email messages.

Consider the addition of social media, blogs as well as text messaging as now largely normal daily activities, and the job of oversight, storage, reporting and exporting data becomes overwhelming. Avoiding archiving fines does not have to overly complicated.

Email, Social Media, Text Messages and More

There are key steps you can take to insure you not only have the right policies and procedures – but that they are evolving with your organization and the technology you use.

Review Consistently and Often

The days of just a cursory annual glance at your handbooks, policies and procedures are long gone. Not only does technology change at a breakneck pace – but so likely is your business and customers. Often this may be more subtle than you might imagine.

For example, the combination of smart phones (iPhone, Android, et al) the mass popularity of Facebook and YouTube have pushed even the most tech averse individuals to heavy daily use of their mobile devices. This has resulted in more than 50% of ALL Internet traffic being mobile. This means a higher proclivity to:

use a mobile device for business and personal apps throughout the work day,
message more informally across email. social media and text channels,
and visit web sites in mobile browser versus returning to laptop or desktop.
Just that simple shift has implications on your policies and procedures for:

general electronic communications use,
accessing the Internet from organization devices and networks,
email and social media policies,
mobile device policies.
Beyond that – are you archiving and managing all of those various communication types?

Building electronic communications policies and procedures into a quarterly review process will help keep you prepared. Likewise, speak with your vendor(s) providing archiving and automated reporting to insure your keyword and phrase policies are accurate and automated. Perhaps most critical, make certain your storage is non-delete and secured – as fines and legal damages can be most painful around inappropriate storage that leads to lost or deleted data.

Posted on

Cybersecurity Tips for Avoiding Fines

Cybersecurity Errors Can Be Inadvertent and Still Generate Serious Fines

The human element remains a significant component of the risk in assessing cybersecurity standards and policies for your business. You can invest in the hardware and software to protect your networks, data and systems – however – it is equally as critical to invest in the training and procedures review.

A number of areas require consideration to ascertain your risk. The core areas are:

Use of personal mobile phones and tablets for business purposes
Use of personal email addresses (non-company domain – i.e. Gmail, Yahoo, et al)
Use of non-company cloud services, such as Dropbox, if they are not business sanctioned

This is where most inadvertent violations can occur in the name of convenience or efficiency. However, regulators and the rules do not leave space for this gray area. As we can see in a recent finding and fine by the Securities and Exchange Commission, a firm was using a virtual fax service where the email address for fax delivery was not a company domain email account. This resulted in six figure fines against this firm.

The firm in question may not have intentionally sought to use a non-company email address with the fax service, however, incoming faxes containing client confidential information were stored outside of the certified data storage for the firm. Thus not only was it not archived, but stood in violation of cybersecurity policies and procedures.

Bring Your Own Device (BYOD)

There is nothing inherently wrong with choosing a BYOD policy for your business. Yet it cannot be selected with an informal approach. Allowing employees to use personal devices requires you to think through your overall policies and procedures, but especially those relating to cybersecurity.

How will you secure business data allowed to be accessed and possibly stored on the personal device?
Can you archive and supervise the business activity on that personal device?
Can you insure, to the extent it is possible, that employees will only use authorized apps and methods to communicate and store business data

Email and Cloud Storage

Defending against inadvertent or purposeful use of non-company email and storage services can be a bit more challenging. Your published electronic communications policies, provided to each employee, can define what services to utilize as well as what platforms and techniques are off limits.

However, a core step you can take is by utilizing the reporting available in your archiving platform. If you expect to see fax traffic and communications from some or all personnel via company email, your archiving platform will present audit reports on volume of these communications in aggregate as well as by each employee.

You can take the steps, with your archiving vendor, to setup reports looking for faxes and related files/data that you expect to see in the archives.

When in doubt, take the time to assess how you handle mobile devices, email as well as cloud storage services to insure your company has a grasp on where you will need to defend yourselves with technology as well as policy.

Posted on

Can a Tweet Attract a Lawsuit?

It has been clear since 2010 that social media use in business is both a critical communications tool – and one that needs governed as email is. Otherwise you may answer the question, “Can a tweet attract a lawsuit?” as yes.

The opportunities to reach across the demographics of the markets you serve and to your customers are extraordinary with social media. This is why insuring your social marketing initiatives are shored up with a proper supervisory framework and records retention is essential. What triggered the latest concern over the legal impact of tweets? Kanye West.

Can a Tweet Attract a Lawsuit? How to Avoid it

Before you grin and think “we are not in the entertainment business”, what he did was issue a tweet that is interpreted as legally binding with the use of a single word! You can read the article here at Corporate Counsel. Mr. West tweeted about his forthcoming album release earlier this year that it would “never” be on iTunes or Spotify, but only on Tidal (an artist-owned streaming service). The wrinkle? His album was in fact released on both iTunes and Spotify a couple months later after several million folks registered their name, email and credit card on Tidal’s service. There is now a class action suit gaining momentum.

Likewise, before you dismiss his tweet as that of a celebrity – Mr. West is absolutely also a business person who has a very lucrative brand with the same liability issues as any company as it relates to public communications.

Three Steps to Governing Your Social Media Initiatives

There are three central components to think about when considering the impact of a tweet.

This issue can be largely avoided through having a clear policy and training in place for how social media will be used and by whom Technology makes it possible to supervise, archive and review social media communications – both pre-publication and post-publication. This same archiving with policy and reporting means you’d find a tweet like this in near real time and could address concerns rather than missing it or ignoring it. Like any electronic communication, social media requires governance in business, some of it mandatory due to laws and regulations. Equally as valuable is making certain you govern it even when rules do not apply – to defend for possible litigation.

If you would like to learn more about how to solve the social media challenge in your business, don’t hesitate to contact us today.