by: Joni Lovingood, Senior Consultant Risk Management, CUNA Mutual Group
An increased presence on social media sites such as Facebook and Twitter means credit unions must decide whether to allow employees access using credit union resources. If you currently use social media in your marketing strategy or will soon, risks such as reputation, viruses, malware and data leakage as well as harassment, discrimination and employment-related defamation should be considered.
Due to these risks, an across-the-board ban on visiting social media websites using credit union resources may be appropriate. However, if you decide to allow access, a social media usage policy should be developed and communicated to staff. Failure to clearly outline the credit union’s social media usage expectations through written policy can significantly increase risk. Consider the following:
Compliance risk: Compliance requirements must mirror those used when advertising on your regular websites.
Network security risks: Users are more likely to trust information received via email and messages from their “friends” than strangers. Users are quick to click on links or open attachments received from their “friends” and unknowingly release viruses and malware.
Data leakage: Beware of the implications from information posted on social media websites by employees. Disclosing too much personal information may expose employees to identity theft. Employees may inadvertently post confidential information about the credit union, members, or their co-workers.
Reputation risk: Employees and others may post comments that may be viewed as unflattering to the credit union and other objectionable material that could negatively impact the credit union’s reputation.
Litigation risk: Advertising and personal injury is an injury to a third party that may be brought about by information posted on your social media website.
If you allow access to social media websites via credit union resources, we recommend considering the following:
- Clearly define social media usage expectations in your policy.
- State that employees may only access social media websites consistent with the credit union’s security protocols (may not circumvent IT security protocols).
- Educate staff on the risks of exposing confidential information regarding their employer, other employees, volunteers and members.
- Define personal off-duty use of social media.
- Supervisors should not “friend” their direct reports due to the potential sharing of personal information.
- Employees should maintain a professional presence and remember they are responsible for content on their publicly-accessible social media page(s) where they could be identified as an employee of the credit union.
- Require employees use a disclaimer such as “The following comments are my own. They are not made on behalf of the credit union and are not intended to represent the credit union’s positions, strategies or opinions,” when generating content that deals with the credit union or individuals associated with the credit union.
- Monitor social media usage via credit union resources.
- Outline expectations for reporting policy violations.
- Enforce policy violations in a non-discriminatory manner.
- State that retaliation for reporting violations is not tolerated.
JONI LOVINGOOD is a senior consultant, Risk Management with CUNA Mutual Group. She can be reached at 704.236.8294, or at email@example.com.