Narrative review: Social media use by employees and the risk to institutional and personal information security compliance in South Africa

Abstract

Social media platforms have become essential to organisations in developing countries as they can offer a business advantage. This comes with security risks and privacy concerns as numerous scientific literatures have testified. Although the majority of employees are using social media privately and at the workplace (using the same device such as a smartphone), some organisations have not effectively established information security awareness programmes to protect their electronic information backbone. It is a fact that professional hackers are prowling constantly to gain access to systems of organisations and sometimes employees make naïve mistakes that can open the door to cyberattacks, which exploit vulnerabilities in the organisation’s system. The current Coronavirus Disease 2019 (COVID-19) crisis is a prime example where employees and students are encouraged to work from home. No organisation does have complete control over the security measures each employee has in place for his or her private connection. This study applied a desktop review to identify the cyber risks associated with social media use at the workplace. A scoping literature review gathered the data following a qualitative approach. The theories of reasoned action and deterrence were used as a theoretical foundation for the study. A model is proposed to enhance employee information security compliance when using social media at the workplace and demonstrates how awareness strategies can be employed to improve employee information security compliance. It is recommended that organisations implement methods to minimise social media risks to ensure that the integrity of information is preserved through these awareness programmes to employees.