INFORMATION SECURITY AWARENESS

Posting Personal Identifiable Information (PII) and

Business sensitive information in social media/online
what are the Security Risks?

What is a risk of posting company information on social media?

 Using social media can expose company, and misuse could harm
organizational.
 Breaches, cyber security incidents, operational disruptions, compliance
violations, legal action, system compromised, and negative feedback. These
risks can have serious consequences, including reputation damage and
financial and/or legal repercussions to the business.
What kind of risk are you exposing when posting your personal identifiable information
to on social media?

 Cyber bullying, Identity Theft and Fraud: Sharing personal information, such as
your full name, date of birth, or home address, on social media puts you at risk
of identity theft.
 Cybercriminals can exploit this information to impersonate you, open fraudulent
accounts, or carry out financial fraud.

Scammers can use the information you freely give out on social media — your posts,
profile, and behavioral data — to spy on you, scam you out of money, or steal your
identity. Even worse, data protection issues and privacy loopholes mean that you are
likely sharing personal data without your knowledge.
What are the benefits can social media bring to the employee and the organization?

 Of course, there are plenty of good reasons for employees and organizations to
use social media.

1. It can enhance marketing campaigns.

2. Announce news or critical information. Increase employee awareness.

3. Raise the profile of an organization.

4. Social awareness channels can be used to monitor risks and threats against

a government or critical infrastructure.

5. Firms may also want to monitor social media channels for trending

information technology.
Nowadays, cybercriminals are becoming stealthier and smarter. Even photos you post
on social media platforms may lead to information leakage and scammers can use this
against you as well as our organization.

Use of social media by employees can impact the company’s brand as well as
endanger the institution or employees themselves if not properly managed and
regulated - bad actors could use social media to identify where a person works, the
division in which they work, and possibly their physical location.

The potential harm is higher for high-risk employees such as senior executives or
those with authority to execute financial transactions. Over the past years, privacy
practitioners advocated that individuals must limit their desire to let the world know
what they are doing and where they are doing it to prevent too much information being
shared online.

Be mindful - Posting your information that provides location, cybercriminals can use
as their initial acquired information from which to begin their attacks. An example of
this is social events and conferences, imagine if you post photos that include the
location you, announcing that you're not at your home, this could give criminals the
chance to target your place of residence if they know where it is and may impersonate
your identity and take advantage of your absence for competitive intelligence and
personal gain.
How to mitigate risk from social media?

Limit Social Media Usage: Encourage

students and staff to limit personal use
of social media platforms during school
hours to minimize distractions and
potential safety concerns.

Authorized Educational Use: Permit

access to social media platforms for
educational purposes only, with
approval from teachers or
administrators, ensuring that it aligns
with curriculum objectives and
enhances learning experiences.

Ensure Device Security: Emphasize the

importance of device security by
enabling features such as password
protection, antivirus software, and
ensuring regular software updates to
safeguard against cyber threats.

Approved Platforms Only: Use only

approved social media platforms for
educational activities within the school
environment. Before introducing new
platforms, conduct a thorough review to
ensure they comply with school policies
and pose minimal risks to students and
staff.

Protect Personal Information: Educate

students about the importance of
safeguarding personal information
online, including avoiding the sharing of
sensitive details such as addresses,
phone numbers, or financial information
on social media platforms.
Promote Digital Citizenship: Foster a
culture of responsible digital citizenship
by teaching students how to critically
evaluate online content, engage
respectfully with others, and understand
the consequences of their online actions.

Follow School Policies: Encourage

students and staff to adhere to school
policies regarding social media usage,
including guidelines for appropriate
conduct, acceptable content, and
reporting procedures for any incidents of
cyber bullying or harassment.

Cyber security Education: Integrate cyber

security education into the school
curriculum, providing students with the
knowledge and skills to identify and
respond to potential risks associated with
social media use, such as phishing scams
or identity theft.

Parental Involvement: Engage parents in

discussions about social media use and
safety, providing resources and guidance
to help them support their children in
navigating online environments
responsibly.

Staff Training: Provide training and

professional development opportunities
for school staff to stay informed about
current trends and best practices related
to social media use in education, enabling
them to effectively support students and
address any concerns that may arise.
Tips to Safeguard Your Privacy on social media:

 Don’t share your live location or daily routines.

 Don’t share identification numbers.

 Only accept connection requests from people you know.

 Tighten your profile's privacy settings.

 Watch your back when out in public using/browsing online.

 Pay extra attention to security alert emails.

 Delete unwanted, unused, obsolete, or unsupported social media

applications in your device. Once you discover that your corporate

account is compromised or if you discovered a potential threat,

immediately report it to the Data Privacy Officer.

Dear Leaders/Supervisors and Managers, Please disseminate/cascade this Security

Awareness Notice to your subordinates. If they do not have email access, please
ensure they get access via printed or other media. You may also use your regular team
meetings to discuss the material.

Thank you,