Navigant's Cyber Risk and Information Security PracticeLearn More


Developing, Implementing and Enforcing a Social Media Policy25 January 2017

Policy Development

As social media is advancing and becoming more accessible, it can be difficult for users to separate their business and personal profiles. As a result, it is important for companies to develop and implement guidelines for their employees, in order to protect their personal information and internal company information.


There are several important concepts to keep in mind when developing a social media policy for your company. The first thing to determine is your organization’s definition of acceptable social media use. Other factors to consider are security settings, friend/follow requests, applications, postings, etc. While it would be ideal to keep all personal social media accounts separate from all company social media accounts, they sometimes end up coinciding, for example LinkedIn and Facebook. The following questions need to be addressed when developing a company social media policy:

  • What constitutes acceptable social media sites? What sites will employees be allowed to access?
  • Will employees be permitted to access social media sites while at work?
  • Are employees allowed to affiliate themselves with the company on their personal profiles?
  • Can employees post company information to their social media sites?
  • How will the policy effect company related social media accounts?


The implementation process is imperative to ensure all employees are aware of your social media policy. Employee awareness is a large security gap for most organizations. The following are some examples of policy implementation methods for your company:

  • Make sure that every employee reads and acknowledges the policy. This can be done easily with online portals that require verification of acknowledgement by employees.
  • Recording webinars or lunch & learns for your employees.
  • Sending out surveys or newsletters notifying users of the new policy.


Enforcing policies can be challenging, especially when it comes to social media. As you are developing a social media policy, focus on what your company can actually control. While stringent policies will be more secure for your company, they are harder to administer and often impractical. The following are tips for enforcing social media policies:

  • Make sure to use language that you will be able to apply. For example, using language such as, “Employees should not access social media sites,” instead of “Employees must not access social media sites.” It depends on what your company can implement and control.
  • Having clearly stated violations is important when it comes to imposing policies. Creating violations that will affect all employees, such as a loss of network privileges or possible termination of employment, grabs the employee’s attention making them more likely to oblige to the policies.
  • Monitoring websites, and if necessary blocking websites, is a way to specifically reinforce social media policies.
  • If you have company owned mobile devices, you can deny employee ability to access and download social media sites and applications.

Without policies, employees have no guidelines to follow and they make their own assumptions for what is permitted. Having firm policies in place eliminates employees guessing and provides them with structured guidelines. Not to mention, having security policies in place helps protect your company in case of a breach of data or even an unexpected audit.

For more tips on developing, implementing, and enforcing any security policies, see HERE, or feel free to contact us at 667-401-5108.

Work With Us Learn How