Most corporations these days will have internal blog policies outlining what is acceptable to talk about on corporate blogs, on personal blogs and in the comments of other blogs. These boundaries not only protect corporate information but also set expectations for appropriate behaviour.
Now that the Internet landscape has changed, with the emergence of social networking sites such as Facebook and Twitter, it's important that companies consider the implications these technologies have on enterprise security. Not only should the same standards from the corporate blogging policy apply to social media, but additional considerations must be taken.
Because it is so prevalent and immediate, these social networking sites increase the risks for proprietary or confidential information being accidentally leaked. In addition, companies must set standards for appropriate conduct online.
When a personal account has many corporate followers, what is expected of that person's level of conduct? What level of personal tweets should be allowed on corporate accounts - and what is ok, vs what is clearly not.
The use of social networking sites within the enterprise also increases direct security risks. A lot of social engineering attacks are perpetrated on Twitter and Facebook, so it's important that enterprises use tools to safeguard against these threats as well as train employees to be vigilant for these types of attacks. One great piece of advice is to make sure employees do not use the same passwords for social networking sites as they use for enterprise accounts.
There are a number of great articles out there on how to create your social networking policies to cover the use of Facebook and Twitter. I'd like to recommend these two: How a corporate Twitter policy can combat social network threats and Security policies should include Twitter?. Though both are Twitter-specific, the same advice applies to other social networking sites.
Do you have a corporate social networking policy in place? Why or why not?