Get real about BeReal: Employees' social media use is threatening company data

Tweeting, Instagramming and even TikTok-ing through the work day has become a common (and even encouraged) practice. But are those seemingly harmless social media habits creating potentially harmful cybersecurity risks? 

On average, organizations experience 13 data exposures and risks per employee per day, according to Code42, a risk management platform. Of actual recorded breaches, one-third are caused by employees. And many of those accidents are traced directly to social media use. 

"When we think about data breaches we always think of really big sensational targeted attacks, right? Like millions of credit card numbers getting processed," says Michelle Killian, director of information security at Code42. "But you've got an employee who's thinking, 'it's just [a picture] of my screen,' when  it might actually be information on someone's insurance application or a code for a new product release. They're not thinking that sometimes it does just take one." 

Read more: 40% of employees are frustrated by too many workplace logins — and it's creating cyber risk

Social media data breaches accounted for 56% of total data breaches in the first half of 2018, according to ITWeb, a business technology media company. As social media platforms continue to evolve and the boundary between work and home is blurred, the number of potential breaches is expected to get worse. BeReal, a social media app that launched in 2020 and has grown in popularity throughout the pandemic, is a prime example of this easy-to-ignore risk, according to Killian.

BeReal prompts users to take a picture of what's in front of them at a particular but random time of day, while simultaneously capturing a selfie. It's intended to document an authentic experience and reaction, but in a work-from-home world, many of these images feature employees' work-issued laptops and equipment. 

"Posting these normal everyday things are leaving breadcrumbs that create the ability to tell a bigger story, and that story could be something that's tied to your work," Killian says. "Think about mergers and acquisitions, something that is very sensitive in nature. Just having snippets of screenshots over a series of days or weeks could tell a very important story." 

But gone are the days where employers were universally strict about  employees' internet presence. Instead, certain industries have social media as a critical ingredient to success, whether through recruiting or marketing or audience outreach. But in a world where data breaches can put as much as 20% of a company's annual revenue at risk, according to Code42, it's imperative that employees understand best practices on social media platforms, as much as they do when using any other workplace tool. 

Read more: Lack of employee training is behind 80% of company data breaches

"COVID has shown in these last few years that the space between personal and professional is an intermingled dish — it's all blurred," Killian says. "People are going to be on social media at the same time that they are working on a proposal for work. We need to accept that one. But now that we've accepted that, we have to get really good at educating."

Killian suggests organizations create a culture of communication and visibility, rather than restrict employees' use of social media. If and when a problem or concern arises, educate them in real time. For example, if an employee is uploading a file to Facebook from their work computer, flag it and make sure to explain to the employee why that act was dangerous. 

"There's education that is really compliance-focused and really isn't meaningful [to employees]," Killian said. "Instead, it's really about creating good common security sense in your users. Whether I've got a user who is uploading a ticket to ZenDesk or trying to capture screenshots, or posting their latest BeReal, [give them a foundation to know] how to do it the right way, and maintain their safety and security."