Social Media and the workplace – Harnessing brand advocates or wasting company time?

Jul 29, 2021 | Cyber Security

A flippant tweet from an employee could spell a PR disaster for your organisation, even from their personal account,especially if customers and business associates are amongst their followers. Can appropriate social media use be left up to your employees’ discretion? Or, as is the case with more and more organisations, is it time to create a social media policy?

Social media at work
Over the last 20 years, social media has become an integral way of life, especially for the millennials and the generations Zs. Businesses quickly cottoned on to the fact that their customers were all on social media, and networks started allowing them to advertise to their user base. Today, it is likely that your organisation uses more than one social media platform to promote your products and services and engage with your customers. Your employees are also on social media, connecting with friends and family and networking with colleagues and contacts. Business and personal use is hard to separate as your staff use social media to find out about work related subjects, new job opportunities and interesting stories about other members of staff. However, the things that your employees say and do online can have a positive or negative effect on your company brand or reputation.

In many workplaces, staff are able to gain unlimited access to the Internet, either via their work computer or their own mobile phone, and it is likely that they are using social media during their breaks and often throughout their working day. Figures from a study conducted by HR consultancy, Croner suggest the average UK worker spends 13 hours a week on social media during working hours.

Some companies choose to ban the use of social media at work completely, the obvious reason is to prevent the time-consuming distraction from work. This is even before we mention the security risks of opening private accounts and accessing personal data on work devices. Posting on social media while at work also opens up the temptation to comment about the work place, perhaps even vent about something that is going on. This can lead to negative and unprofessional material being posted online which could harm your organisation.

It is usually the marketing department that takes care of an organisation’s official social media accounts, using this medium to drive awareness and ultimately sales. However, as the algorithms on social media channels get increasingly sophisticated, it is becoming a challenge for companies to get any organic reach or engagement. Even if they have the budget to pay for targeted advertising, many consumers simply don’t believe them.
Let’s consider a few facts.

  • One of the most effective ways a company can build awareness is through word of mouth.

  • Trust in authority is declining across every type of institution, and customers are more likely to turn to people they know or who they can relate to get recommendations.

  • Collectively, your employees will have up to 10x the social following that your organisation does.

  • Social media platforms promote personal posts ahead of business posts (because they want businesses to pay for ads).

With this in mind, some organisations have taken the daring step to open the doors for their employees to speak on behalf of the company to their massive and trusted personal networks. These companies internally promote their vision to their employee’s to ensure their  ‘buy in’, and then recruit some of the employees as brand ambassadors for the company. Chosen employees would then be provided with pre-approved content to share with their networks on their personal social media accounts.  It is certainly not for everyone, and serves as an example of the vast differences in permitted social media use. 

Have clear rules and guidelines

So, whether you wish to harness your large employee base to advocate on your behalf, or prefer to protect your obscurity online, the rules need to be clear.

It is highly recommended that organisations take steps to future proof their online reputation by creating social media policies for their employees and contractors.  Providing “best practice” social media training for all employees is also a good idea.

You will need to ensure that your social media policy is right for your company.

  • Who can officially speak on behalf of the company and who can’t

(When someone has identified themselves as an employee in their social bio, but plans to express their own opinions on politics, etc. you may wish to ask that employees add a disclosure that states: “All opinions expressed are my own.”)

  • What is, and is not, acceptable conduct and content

  • What social media use is permitted during working hours both on company owned internet devices and on personal devices.

  • Be clear about the boundaries of what employees should and shouldn’t be sharing

  • Procedures for handling conflicts or crises

  • Encourage employees to follow your official accounts and to engage positively

  • Educate on social media best practices

It is recommended that an organisation creates relevant policies that reflect their specific risks. As risks are ever changing, policies need reviewing on a regular basis. IASME Governance is a risk based security standard that includes the Cyber Essentials technical controls and covers the GDPR requirements. In addition, the IASME Governance certification covers security training and management of staff,  policies and  procedures, security monitoring and backing up, incident response and business continuity.

IASME Governance




Find out more about the IASME Governance scheme here.