WFH: A Smart Time to Revisit Employee Use of Social Media

Employers have their hands full when it comes to monitoring online activities that could hurt the brand or violate the organization's core values.

Jennifer DeTrani & Landon Winkelvoss, General Counsel/EVP, Nisos / VP of Content and Co-Founder, Nisos

July 2, 2021

5 Min Read
Dark Reading logo in a gray background | Dark Reading

It's a complicated time to be an employer. From ensuring compliance with state-by-state employment law regulations, to providing an OSHA- and EEOC-compliant workplace in the new "work-from-home/now-come-back-to-work" normal, human resources departments have their hands full.

Layer on the due diligence that employers are undertaking to ensure that their workers are not plotting nefarious activities or propagating extremist disinformation online that could negatively affect the brand, core values, codes of conduct, and safety of individuals both inside and beyond the workplace and that complexity becomes even more cumbersome.

Financial institutions uncovering and exiting employees for administration of extremist websites sound like prime-time dramas. However, they are real-world examples of where having a strategy for exiting dangerous employees from the workplace is a best practice now that home and work boundaries are increasingly blurred. And with most employers monitoring their workforces, it's becoming increasingly important to understand why more workers are under review.

The Cost of Free Speech
While the First Amendment grants all Americans the right to free speech, few corporate, legal, or HR teams have the appetite to proactively monitor their employees' non-work-related social media presence. This so-called Online Disinhibition Effect (ODE), coupled with the perceived anonymity of the Internet, can empower people to freely express their opinions about almost anything, from restaurants and political candidates, to foreign policy and ethnic groups, forcing employers to rethink traditional HR modalities that keep work and private domains separate.

Organizations must consider their public reputation — the brand, the company's board, and executives — who all have a stake in ensuring that extremism and other hate-based sentiments stay far from the workplace. When does it make sense to investigate reported behavior and when does it make sense to turn a blind eye? While extremely fact-specific, the ability for investigations to be actionable depends on whether extremist online content violates the company's policies embedded in its employee handbook, code of conduct, onboarding materials, or state-based privacy laws.

Once these policies are in place, a transparent culture of "see something, say something" can often be fruitful, allowing others within the organization to point to behavior that requires a deeper review.

Building a Compliance Framework
Legal and human resources are aware of the need to update employee handbooks to advise employees that all company-owned equipment will be subject to reclamation, monitoring, and examination, in line with a legitimate business purpose, which is necessary given federal laws that restrict workplace monitoring. However, not all in-house counsel and operation teams include proper language in handbooks to ensure that remedial action can be taken for social media postings by employees when not on company equipment or time.

Legal and HR practitioners must notify their employees of the company's ability and intentions to monitor, investigate, and take action for behavior that crosses the line, whether it takes place on corporate devices or online. If the notification language gets embedded in the code of conduct or BYOD policy, make sure there is a nexus between such policies and the employee handbook so that consent can be demonstrated.

Effective Monitoring in the Workplace
In reality, few companies have an appetite for devoting resources to monitoring employees' non-work-related social media proactively for threats, and such an approach would be ill-advised.

However, an agile security team that quickly responds to reporting on threats can benefit from focusing on:

  • Disinformation

  • Outlets that can be prioritized

  • Account(s) or handle(s) being used

  • Technical signatures cloaking true identities

While these elements may appear more manageable, corporate devices are the most efficient means to determine if an employee violated code of conduct or use of corporate systems by engaging in illicit or suspicious activity. Internal investigations and security teams must have visibility into appropriate endpoint, network, chat, email, and application log traffic to engage these types of investigations. Finally, they have to maintain a robust "outside the firewall" external threat-hunting capability, including open source and Dark Web intelligence attribution research, technical signature analysis, and direct threat actor engagement.

When to Take Action and When to Stand Down
After policies are established, tested, and the security team implements a monitoring strategy, they will be operationalized. Threats of violence using corporate or personal devices can justify termination of the offending employee. However, if an investigation finds allegations of membership in a known extremist group, even with robust policies in place, termination can still be controversial, therefore needing a stronger security, legal, and HR coordination. Depending on how robust corporate policies are and subject to state privacy laws, termination can typically occur when a corporate asset is used to participate in or solicit violent extremist activity during work or in off-work hours, including use of company email.

However, participating in or soliciting online extremist activities without the incitement of violence after work hours on personal devices may present an edge case that may not be actionable. In this situation, additional monitoring may prove necessary, to a point. The question of when to stop monitoring an employee is another issue that employers will have to address on a case-by-case basis.

Within any investigation, fact patterns are rarely black and white. It's important to get ahead of these issues before a significant event or violence occurs and an employee shows up on the front page of the news, forcing the company to do damage control. Close coordination between human resources, legal, and security functions within an organization, in conjunction with an open culture that empowers the reporting of abusive or threatening behavior, can stop violence and negative brand impact before it happens.

About the Author

Jennifer DeTrani & Landon Winkelvoss

General Counsel/EVP, Nisos / VP of Content and Co-Founder, Nisos

Jennifer DeTrani

Jennifer DeTrani is General Counsel/EVP, Corporate Secretary and Head of Culture of Nisos, a Managed Intelligence™ company that focuses on helping clients develop an effective response to advanced cyber threats.  Jennifer is a visiting fellow at the National Security Institute at George Mason University's Law School, and serves on the executive leadership team of SunLaw, a non-profit that focuses on the education and advancement of in-house leaders.  Jennifer has a demonstrated history of creating mission-driven results in the cybersecurity, information technology, secure communications, and software industries. In addition to building in-house teams, she focuses on  compliance, innovation, outreach and education within the legal community, with a focus on technology, security and privacy. Prior to Nisos, she co-founded a secure messaging company, Wickrl, ran a solo law practice, practiced corporate law in BigLaw and served as a federal prosecutor at the Department of Justice.

Landon Winkelvoss

Landon Winkelvoss co-founded Nisos in 2015 and serves as its VP of Content. His vision as a founder was to deliver intelligence community-level insights to blue chip companies to enable a stronger defense and more effective response against advanced cyberattacks, disinformation, and abuse of digital platforms. Prior to founding Nisos, he spent 10 years as a Technical Targeting Officer for the US government, including multiple warzone deployments and overseas postings. Landon is a regular contributor to numerous publications on cyber intelligence and investigations, including Security Week and SC Magazine. He is also host of  The Cyber5 and Know Your Adversary, podcasts designed to educate and highlight security best practices and notable cybercrime investigations. 

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights