kreizihorse - Fotolia

Get started Bring yourself up to speed with our introductory content.

What are enterprise social media best practices for CISOs?

CISOs need to follow certain enterprise social media best practices if they want to safely maintain public profiles. Expert Mike O. Villegas has ten best practices for social media.

I've noticed a trend of chief information security officers (CISOs) maintaining an active presence on social media. Is maintaining a high profile on social media something you recommend for CISOs? With so much information passing through social media, is it beneficial -- or would it open up the CISO and her associated organization to more trouble? What are some enterprise social media best practices for CISOs?

There is danger in using social media. People can track your whereabouts, they can find out if you are traveling and not at home, they can look at your connections and deduce things about your interests, hobbies, family and your employment. Identity thieves sometimes send friend requests tailored just for you to look like it's coming from a friend, but a closer look reveals it is bogus.

A recent article in Dark Reading listed the top 10 CISOs that use Twitter. The list's top three CISOs are from Deloitte, Yahoo and US Bancorp. Their tweets are focused on technology and cybersecurity, parsed with occasional words of wisdom. What they do not share are personal facts about their lives, loved ones or their opinions of controversial religious or political views. They might have other personal Twitter or Facebook accounts for that but they appear to separate the personal from business.

The question is whether visibility in social media would be detrimental to the CISO or possibly spill over to their place of employment. Only time will tell the full extent of possibilities, but there is already the occasional loss of employment or lawsuits for that inappropriate Tweet or Facebook post.

If you're going to use social media, it's critical to make smart choices that couldn't negatively impact you or your organization. Here are ten enterprise social media best practices for CISOs and other professionals:

  1. Keep a separate account for family and friends and set privacy settings. Make it a closed user group so you can share what you are proud of.
  2. Do not use social media as a channel to denigrate anyone personally.
  3. Do not share personal information such as your home address, birthdate, personal emails, or pictures of your family, spouse or children. Use closed groups such as "Family" on Facebook to restrict such information and share it with only people you know.
  4. Do not share any information about your company or employer that could show it in a bad light. This would be what some call a career limiting move.
  5. Keep your tone civil, professional and respectful. We can bash hackers, terrorists and criminals, but temper it with prudence.
  6. If you choose to use humor, make sure it is not derogatory in word, against ethnic groups, races, or controversial ideologies such as religion, politics or lifestyles different from your own.
  7. Be careful who you add to your friends list. Always vet who they are. Look at their profile to see who their friends are and how many they have before you let them into your inner circle.
  8. Change your password periodically as you would any other account in business or personal life. There is a reason as CISOs we require sound password syntax rules with 90-day change intervals.
  9. Be consistent in your messages for whatever you are advocating. Tweets years past do tend to resurface if you're not careful and consistent.
  10.  And, please. Do not tweet and drive.

Ask the Expert:
Have questions about enterprise security? Send them via email today. (All questions are anonymous.)

Next Steps

Learn the SOX compliance requirements for social media

Check out these five social media rules that encourage success and some best practices for employers monitoring social media

This was last published in November 2015

Dig Deeper on Social media security risks