Network Security Risk:
Because of their nature, the use of social media websites
increases a company's exposure to cyber threats such as malware and phishing
attacks. With many users accessing their social networks from computers in the
workplace, often these issues are simply caused by an unaware employee clicking
on the wrong link or unknowingly downloading a malicious file. This is an
obvious liability risk for companies who can, and should, take steps to prevent
it.
"Hackers have good social engineering skills. They know
how to get to people. They know how to get those people to click on the wrong
button, and social media is a big platform for such attacks," Meredith
Schnur, Senior Vice President of the Professional Risk Group at Wells
Fargo Insurance, said in an interview.
A company whose policies, procedures and safeguards are
inadequate will face more liability in case of such an attack. Additionally,
many times criminals will set up "spoofed" company websites in order to trick
unsuspecting users into entering their personal or company information. For
example, a criminal may set up a fake website of a bank that so closely
resembles the bank's real website that a user might not notice and then enter
their account information and password. In some cases the company whose website
has been spoofed may face liability.
"Companies have to educate and train their employees so
they know what they should and shouldn't click on, and how to recognize an
email that appears suspicious," Schnur says.
Schnur says that many companies are having difficulties
addressing these security risks and they need to understand that if an employee
is doing personal social media surfing during business time, the company is
going to be liable for any security problems that may arise. Companies should
be aware that these exposures may or may not be covered under traditional
technology and business insurance policies.
"As long as your company owns and controls the computer
system that has experienced unauthorized access-regardless of where it comes
from-the company has the responsibility and the liability for it. You have to
make sure that your network security and your privacy policies are prepared for
that risk," Schnur says.
Intellectual Property and Trade Secrets Risks
Companies are also subject to further risk through
potential infringement claims brought about by employees posting or re-posting
copyrighted material on social media sites. The company faces liability in
situations where the safe harbor provisions of the Digital Millennium Copyright
Act (DMCA) do not apply.
"When you're dealing with content and social media, it's
really the same thing as any other intellectual property risk. Companies should
focus on remaining in compliance with the DMCA and establishing the correct
clearances to avoid posting any infringing content," Schnur says.
Additional issues may arise if employees disclose trade
secrets during discussions on social media websites. Companies should be aware
that most network security and privacy insurance policies would not cover trade
secret disclosure unless there is unauthorized access by a third party, not an
employee.
"The policy will only respond when an outside person or persons
hacks into your computer system to access that trade secret information.
Because many trade secret claims involve an authorized employee taking secrets
and giving them to someone else, this coverage is very limited from both a
social media and a network security standpoint," Schnur says.
Disclaimer: The views and opinions expressed
in this article are those of the individual sources referenced and do not
reflect the views, opinions or policies of the organizations the sources
represent.
This article was originally
posted by the LexisNexis In-House Advisory
For
more information about LexisNexis products and solutions connect with us
through our corporate site.