The Chief Information Officers Council has released a new report that provides guidelines and recommendations for federal agencies looking to adopt a safe and secure social media strategy. In addition to advising that agencies develop a social media policy and risk management program and assess potential threats to federal employees, infrastructure and information, the report emphasizes the importance of providing annual security awareness training to federal employees.
Specifically, the council advises that agencies provide specialized training to federal employees on what information they can share and with whom they can share it and how they should identify themselves on social media Web sites, depending on their official role. Agencies also should provide guidance and training based on updated social media policies and guidelines, provide guidance to employees to be mindful of blurring their personal and professional life and provide operations security awareness training to educate users about the risks of information disclosure when using social media. Agencies also should educate employees about social networking privacy controls and about specific social media threats before they are granted access to social media Web sites, the report states.
It's no surprise that officials are placing such a huge emphasis on the importance of training when it comes to adopting social media tools across government. As I've said before, there's a lot of research out there that the millennial generation poses a greater risk to security, largely because they access Web 2.0 platforms much more frequently at work than do older employees. But I believe this perceived line among the generations is blurring, especially as these tools become more widely accepted among people of all ages in government. As a result, the development of training for federal employees on the appropriate uses of social media platforms is critical.
"Users are almost always the weakest link in an information system, and may inadvertently divulge sensitive information through a social network," the report states. "Few effective technical security controls exist that can defend against clever social engineering attacks. Often the best solution is to provide periodic awareness and training of policy, guidance, and best practices."
Brittany Ballenstedt
Brittany Ballenstedt writes Nextgov's Wired Workplace blog, which delves into the issues facing employees who work in the federal information technology sector. Before joining Nextgov, Brittany covered federal pay and benefits issues as a staff correspondent for Government Executive and served as an associate editor for National Journal's Technology Daily. She holds a bachelor's degree in journalism from Mansfield University and originally hails from Pennsylvania. She currently lives near Travis Air Force Base, Calif., where her husband is stationed.
JOIN THE DISCUSSION
By using this service you agree not to post material that is obscene, harassing, defamatory, or otherwise objectionable. Although Nextgov does not monitor comments posted to this site (and has no obligation to), it reserves the right to delete, edit, or move any material that it deems to be in violation of this rule.