While they offer rich possibilities when it comes to reaching a variety of individuals and communities in innovative ways, social media and ICT present security issues all their own.
Many of us may know how to use the internet, social media, mobile phones and tablets, and other tools that are so prevalent that we’ve almost come to take them for granted in our lives, both personal and professional. But fewer are those of us who understand the intricacies of the policies and laws that govern conduct and how information is shared and stored on these platforms and technologies.
As an organization, and an individual, it is worth taking the time to reflect upon the implications of social media and ICT with regard to the security of yourself, your organization, and, very importantly, the people that you serve.
You can capture the fruits of your reflection in a document that outlines the potential security issues identified, the measures put in place to address them and your course of action should any other issues or situations arise. Because social media and ICT platforms and technologies are ever-changing and evolving, you will likely have to reconvene and modify this policy on a semi-annual or annual basis and/or as new issues arise.
You may want to consider the following questions as you carry out this process:
- How are we using social media and ICT in our work?
- What is the mandate of our organization, and how may it be compromised or challenged by social media and ICT activities and processes?
- Who is responsible for this work and how might they be affected by it?
- Are their certain measures that need to be put in place to protect the staff’s emotional, psychological and physical well-being?
- When staff members log on to social media accounts and other platforms and technologies, are they using their own name or the organization’s?
- What are the implications of this for them, and for the organization?
- How are you separating and distinguishing between personal information and organizational information?
- Are staff members expected to monitor and take part in social media and ICT activities outside of work hours?
- Who accesses the services and work that you are carrying out on social media and ICT, whether intentionally or not? What are the potential ramifications of your work on these users?
- What are the policies and rules that have been put in place by the different social media and ICT platforms and technologies that you are using? How do these affect your own processes and regulations?
- Are the platforms and technologies that you are using nominal, confidential or anonymous for the users? (ie do you know the name and identity of the person that you are delivering services to, does your staff, do users know among themselves, and who has access to this information?)
- What are the explicit or implicit international dimensions of your work?
- For example, is your server based in your own country or another country, and what rules and laws is it governed by? (please refer to the Hustle Netreach case study to see a practical example)
- How are you collecting and storing data and information about your work? Does it include any information that could link back to the people you are reaching?
- How is the data you are collecting about your activities and your clients secured, and what measures can be put in place to avoid accidentally sharing this information or to protect it from hacking?
- Do you have obligations to report certain activities or situation that are occurring on these platforms and technologies?
- If so, what are these and to whom must you report them?
- How will this affect the people that you offer services to, and how can you best maximise their privacy and their right to access information freely, while also supporting their safety?
For example, the National Network to End Domestic Violence (NNEDV) (United States), has developed a Tech Safety App, exploring harassment, impersonation, cellphone safety, device safety, location safety, and online safety. Under each category, more information is provided with specific explanations on what someone can do if they are being harassed as well as privacy tips that can be used to increase privacy and security.
Ultimately, it is important to consider the security and safety ramifications of your social media and ICT activities and interventions, to maximise the wellbeing of all those who are involved in or affected by it.