Because of their nature, the use of social media websites increases a company's exposure to cyber threats such as malware and phishing attacks. With many users accessing their social networks from computers in the workplace, often these issues are simply caused by an unaware employee clicking on the wrong link or unknowingly downloading a malicious file. This is an obvious liability risk for companies who can, and should, take steps to prevent it.
"Hackers have good social engineering skills. They know how to get to people. They know how to get those people to click on the wrong button, and social media is a big platform for such attacks," Meredith Schnur, Senior Vice President of the Professional Risk Group at Wells Fargo Insurance, said in an interview.
A company whose policies, procedures and safeguards are inadequate will face more liability in case of such an attack. Additionally, many times criminals will set up "spoofed" company websites in order to trick unsuspecting users into entering their personal or company information. For example, a criminal may set up a fake website of a bank that so closely resembles the bank's real website that a user might not notice and then enter their account information and password. In some cases the company whose website has been spoofed may face liability.
"Companies have to educate and train their employees so they know what they should and shouldn't click on, and how to recognize an email that appears suspicious," Schnur says.
Schnur says that many companies are having difficulties addressing these security risks and they need to understand that if an employee is doing personal social media surfing during business time, the company is going to be liable for any security problems that may arise. Companies should be aware that these exposures may or may not be covered under traditional technology and business insurance policies.
"As long as your company owns and controls the computer system that has experienced unauthorized access-regardless of where it comes from-the company has the responsibility and the liability for it. You have to make sure that your network security and your privacy policies are prepared for that risk," Schnur says.
Intellectual Property and Trade Secrets Risks
Companies are also subject to further risk through potential infringement claims brought about by employees posting or re-posting copyrighted material on social media sites. The company faces liability in situations where the safe harbor provisions of the Digital Millennium Copyright Act (DMCA) do not apply.
"When you're dealing with content and social media, it's really the same thing as any other intellectual property risk. Companies should focus on remaining in compliance with the DMCA and establishing the correct clearances to avoid posting any infringing content," Schnur says.
Additional issues may arise if employees disclose trade secrets during discussions on social media websites. Companies should be aware that most network security and privacy insurance policies would not cover trade secret disclosure unless there is unauthorized access by a third party, not an employee.
"The policy will only respond when an outside person or persons hacks into your computer system to access that trade secret information. Because many trade secret claims involve an authorized employee taking secrets and giving them to someone else, this coverage is very limited from both a social media and a network security standpoint," Schnur says.
Disclaimer: The views and opinions expressed in this article are those of the individual sources referenced and do not reflect the views, opinions or policies of the organizations the sources represent.