An increased presence on social media sites such as Facebook and Twitter means credit unions must decide whether to allow employees access to these outlets using credit union resources.
If you currently use social media in your marketing strategy or will soon, your credit union should consider risks such as harm to your reputation, viruses, malware, and data leakage—as well as harassment, discrimination, and employment-related defamation.
Due to these risks, an across-the-board ban on visiting social media websites using credit union resources may be appropriate. However, if you decide to allow access, a social media use policy should be developed and communicated to staff.
Failure to clearly outline the credit union’s social media use expectations through a written policy can significantly increase risk. Consider the following:
• Compliance risk. Compliance requirements must mirror those used when advertising on your regular websites.
• Network security risks. Users are more likely to trust information received via e-mail and messages from “friends” than strangers.
Users often are quick to click on links or open attachments received from their “friends” and unknowingly release viruses and malware.
• Data leakage. Beware the implications from information employees post on social media websites. Disclosing too much personal information may expose employees to identity theft.
• Reputation risk. Employees and others may post comments that may be viewed as unflattering to the credit union and other objectionable material that could harm the credit union’s reputation.
• Litigation risk. Advertising and personal injury is an injury to a third party that may be brought about by information posted on your social media website.
If you allow access to social media websites via credit union resources, we recommend considering the following best practices:
- Define social media usage expectations clearly in your policy;
- State that employees may only access social websites consistent with the credit union’s security protocols (i.e., they may not circumvent information technology security protocols);
- Educate staff on the risks of exposing confidential information about their employer, other employees, volunteers, and members;
- Monitor social media use via credit union resources;
- Outline expectations for reporting policy violations;
- Enforce policy violations in a nondiscriminatory manner;
- State that retaliation for reporting violations is not tolerated; and
- Define personal off-duty use of social media. For example, supervisors should not “friend” their direct reports due to the potential sharing of personal information.
Employees should maintain a professional presence, remembering they’re responsible for content on their publicly accessible social media pages where they could be identified as an employee of the credit union.
Require employees use a disclaimer such as, “The following comments are my own. They’re not made on behalf of the credit union and are not intended to represent the credit union’s positions, strategies, or opinions,” when generating content that deals with the credit union or individuals associated with the credit union.