Social Media

Effective Use of Email

• Use of email requires the same care and imposes the same obligations as any other form of communication. Electronic mail is not the casual form of communication that many people believe; equally, it is not a secure form of communication and could easily be seen by someone other than the intended recipient.
• You should be especially careful to make sure that you do not inadvertently alter any contractual provision in an email.
• You should be careful not to write anything in an email that could be construed as harassment, bullying or be in way defamatory. Remember, deleting an email does not mean the email is no longer unrecoverable.
• You must not send emails for commercial purposes unrelated to the Union’s activities or for personal gain.
• If you receive communication marked private and confidential, you should not discuss or disclose this information to anyone outside of the distribution list for that mailing. It is the user’s responsibility to ensure that information is not disclosed without the prior consent of the sender unless you feel that the information breaches the law (see section above and the Computing Facilities Use policy).
• If you send any email to an outside organisation, the email will automatically have the following paragraph added before it leaves the organisation: WARNING - CONFIDENTIALITY NOTICE This e-mail and any files transmitted with it are confidential to Warwick Students' Union and are intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error, please contact Warwick Students' Union on enquiries@warwicksu.com.
• If you send a personal email, you must start the letter with the following paragraph and mark the email content as personal in the subject box: “This email is personal. It is not authorised by or sent on behalf of the sender’s employer. This email is the personal responsibility of the sender.”
• You are not permitted to send unsolicited bulk email (SPAM) from Students’ Union accounts
• Check your email on each working day or arrange for a duly authorised person to do so on your behalf. For extended periods away from the office such as conferences or holidays, switch on and fill out your ‘Out of Office’ facility which will let the sender know that you are away and when you will be back.
• Do not impersonate any other user when using email or amend messages received or sent.
• Do not create email congestion by sending trivial messages or by copying emails to those who do not need to see them.
• Do not pass on any chain mail which asks you to send to another ‘x’ amount of people. Delete any such email received.
• All staff / student address books and distribution lists are the property of WSU. You may not distribute or use any of the information contained within them outside of the Union without prior approval of the Chief
• Executive or President who will ensure that the disclosure complies with the Data Protection Act.
• We will not set email accounts to automatically forward to external accounts, including University email accounts.

Management of information contained in emails

• Email is not a file store - you should keep your inbox down to a minimum to avoid system problems for all users. It is good practice to keep this to below 50 emails.
• Reply promptly to all emails requiring a reply. When a prompt response is not possible, send a short email acknowledging receipt and giving an estimate of when a detailed response will or should be sent.
• You should generally not send Confidential Data by email unless it is password-protected, particularly if it is being sent outside the organisation where it can be more easily intercepted.
• Always obtain confirmation of receipt for important emails sent.
• Where proof of opening or reading an email is required, use the ‘read receipt’ facility (nb. this may not work for emails sent outside of the organisation).
• Use the ‘delegates’ facility on Outlook to allow a duly authorised person to view your emails in your absence.
• Emails are not archived so that they can be easily recovered. If you need to keep a document or message, consider saving the document onto a backed-up space on your computer or printing the message/document and keeping a paper copy.

Passwords

The use of passwords helps to control the risk of unauthorised access to personal and WSU information. They are REALLY important. However, the use of public/shared computers or internet services presents a threat as usernames and passwords could be stored or shared inappropriately, sometimes without your knowledge.

While nothing can absolutely guarantee the security of passwords, the following advice increases password security and helps minimise this risk.

• You must use passwords/PINs as a first-line security control on ALL devices (e.g. PCs, laptops, smartphones) that are used for processing your and WSU information, and these details must not be shared with anyone.
• The IT Team will never ask for your password and neither should anyone else. If someone asks you for your password, you can legitimately say no.
• You must create passwords adhering to the following minimum password standard for WSU information and systems:
  • A password unique for WSU system (i.e. not one which you use for other personal accounts) – this will minimise the risk to you personally if WSU systems or information are compromised.
  • Easy to remember (i.e. doesn’t need to be written down) but difficult for others to guess – a ‘passphrase’ may be better than a password.
  • Longer than 8 characters – the longer the better!
  • Contain one character from the following: numbers, letters in uppercase, letters in lower case, symbols (£$%^&*)
  • Changed every 60 days, and this cannot be traced back to an expired password (i.e. one you’ve already used).
  • Changed immediately if you suspect someone knows it

For example, you ran a marathon in 1998, you could take the phrase “I ran the London Marathon in 1998”, and, taking just the first letters of each word and the numbers, turn it in to: irtlmi1998

Or simply have the whole phase or most of it without spaces.

Then for extra security, swap in some capital letters and special characters:

1RanTh3londonmarath0nIn1998

Passwords for files or devices

Where devices or files contain or can connect to personal or confidential data, these should be protected by a password or PIN as directed above.

• The password or PIN must not be sent with the file or device. You must communicate the password via another mechanism (e.g. by email, text or phone).
• Passwords for protected email attachments must never be sent in the same email as the attachment.

Security Common Sense

• Always lock your computer screen when you leave your desk (on Windows Ctrl Alt Del then Enter (or WindowskeyL)).
• Be careful entering login details in public places – you don’t know who may see these over your shoulder.
• Always log off computers in public areas such as meeting rooms or training rooms after you have used them. If someone does something to your computer when you’re not there, you will probably never know about it until it’s too late!
• Don’t click on links or respond to emails from unknown people asking for your personal or login details.
• Make sure your computer has acceptable anti-virus and firewall software installed and install regular updates to ensure you and your computer are protected.
• Install software updates quickly. You will be prompted to do this on managed computers, and it is advisable that you set your personal computer up to install updates automatically (or at least prompt you that updates are ready to install).
• Don’t access your WSU email or other important information from a shared computer or over wireless networks you don’t know. It is easy for your details or information to be copied, shared or left behind without your knowledge.
• Don’t allow your internet browser to remember your login details.
• Only install the software you really need and buy direct from reputable companies; never install browser software provided via a website pop-up or email.
• Before you submit any of your personal info online, make sure the website you're on is legitimate and won't use the information for anything that's going to harm you.
• Don't post too much information about yourself publicly, either on social media sites like Facebook, or on websites - once you've put it up online, it's very hard to remove it from the internet thanks to caching. Find out more at http://accidentaloutlaw.knowthenet.org.uk/
• Don't open any attachments or click any links in emails from people you don't know and trust - they could be part of a scam, or could install a virus on your computer.
• It’s really difficult to delete something from the internet. Even if you press ‘delete’, chances are it can still be found, saved and shared. Screen capture allows for material to be preserved that you may believe to be private. Pause before posting and apply a healthy dose of common sense.
• You must not post or use copyrighted material – including, but not limited to, photography, music and video – without the explicit permission of the copyright holder. It is good practice to quote the source for all graphics/images that you use.
• You are, however, encouraged to use creative commons media, provided you attribute sources correctly. Good sources of creative commons media include Compfight and Wikimedia Commons.

Social Media Common Sense

The basics

• Do not post illegal or libellous material.
• Do not post sensitive or confidential information.
• Do not discuss WSU internal operations (such as staffing arrangements, budgets) which have not been communicated to the membership.
• Do not share your passwords.
• If a team member or committee member who has access to your social media profiles leaves, reset your passwords.
• Be open, honest and human.
• Post regularly – you will need to agree how frequently.
• Monitor your accounts and respond to incoming messages.
• Do not use your social media account to abuse members of SU staff, as they have no right-of-reply and this could lead to disciplinary action being taken against you.

Getting the best from social media

• As an Officer, Club, Society or Committee member, you are the ‘public’ face of the student body and you should participate in the same way that you would in person – i.e. professionally and responsibly.
• You should try to add value to the conversation by contributing your knowledge or unique perspective. Only write about things you are familiar with and check your facts before posting.
• You are responsible for the online spaces related to your area of WSU, so please set clear ground rules and monitor their use regularly.
• If your social media account attracts the attention of other media outlets (such as newspapers or television), remember that the WSU President is the main spokesperson for the Students’ Union and you should liaise with them directly before responding.
• Traditional media monitor social media sites for stories. Take advantage of this by posting positive stories about your work or society.

Club and Society Social Media Regulations

As clubs and societies, you not only represent yourselves, but you also represent Warwick Students' Union. As a result, you need to follow the same rules and regulations as the SU and its staff (including Full-Time Officers). Your club/society social media account is yours to manage, to encourage students to join your club/society and to let them know what events you may be running. However, you must follow these regulations to ensure you do not alienate any potential or current members and potentially undermine sponsorship relations. These regulations therefore are used to determine what clubs/societies cannot post on the different social media platforms that they may use, and cover all club/society engagement with this media (including graphics, posts, stories, polls, messages and comments).

These regulations apply to club/society accounts. For individual members' accounts, the University's Social Media Policy takes precedence, unless an individual is indicating or claiming the post is on behalf of the club or society. Clubs or societies who fail to abide by these regulations will face an SU investigation and may, upon investigation by SU staff, face sanctions as in byelaw 5.

SU Regulations regarding society and club social media use:

1. The social media page shall use the name they are identified with in their handover pack or constitution.
2. A society/club shall not post media, including physical media (e.g. posters), depicting any of the following:
   1. Libelous material, or anything encouraging or referencing libelous material
   2. Sensitive or confidential information, including passwords and confidential WSU or sponsorship business
   3. Content that breaches copyright or contains other people's/organisations' material without permission from the creator
   4. Posts that are discriminatory or could be considered as harassment, including posts that are racist, sexist, religiously discriminating, homophobic, transphobic, ageist and ableist
   5. Posts that glorify or reference a recognised terrorist group
   6. Acts of violence, threatening violence or inciting violence
   7. Posts that threaten or intimidate individuals, whether a part of the club/society or external to the club/society/University
   8. Posts that condone, encourage or glamorise anti-social behaviour, or refer to the effects of drunkenness in a favourable manner - including posts that glamorise or encourage drinking games or excessive alcoholic consumption
   9. Posts that encourage or reference breakage of SU regulations
   10. Posts that depict serious injury or death
   11. Nudity or depictions of sexual acts
   12. Any other illegal activities not covered above
   13. Posts encouraging illegal activities
3. If filming or taking pictures of members, then signs should be up saying that pictures will be taken and/or filming is being performed. If recording is taking place of individuals on their own then individual consent should also be gained. Individuals who do not wish to have themselves filmed or photographed should inform someone as soon as they can.

Those wishing to report a breakage of these regulations should submit an SU complaint via the Complaints Form

The Legal Bit

WSU has to make sure that it complies with all UK legislation regarding computer use and information security. Some of this legislation is related to employment situations, while some is for more general computer usage. You should be aware of the key Acts below to ensure that you don’t behave inappropriately or break the law while using WSU facilities. Ignorance is no defence as far as the law is concerned!

Trolls, Twitter & Tantrums

Ground rules

It can also be useful to set some ground rules on your social media pages, so that followers know what is and isn't acceptable when it comes to engaging with you. Something along the lines of ‘We reserve the right to remove, without notice, any disruptive, offensive or abusive posts, including swearing or libellous statements' should suffice.

Retweets/sharing posts from other users

Sharing posts from other users - e.g. retweeting - is a big part of social media and something you should look to do; however, be careful what and who you share content from. While functions such as retweets do allow you to establish some distance between your account and the original author, you will still be held accountable if you share anything offensive, illegal, libellous or similar.

Censorship

Where possible, do not delete comments or responses from your followers unless they are illegal/libellous/sexist/racist etc - people are entitled to their opinion, even if it is a negative one. A comment that is simply negative or that disagrees with your opinion is not grounds for removal. If you do remove a comment, explain why.

Blog comments - to moderate or not?

A lot of social platforms don't offer you the option to moderate posts from your followers before they appear online, but you usually can delete them if they prove problematic. However, when it comes to blogging, you're often given the choice about whether or not you want to moderate comments before they appear online. You may not think much of this, but it can actually be very important, particularly if a libellous or offensive comment is posted.

If you choose to moderate posts before they appear online, you are seen, legally, as the publisher. This means that if you allow a problematic post online then you are the one slandering/offending/posting libellous content, NOT the comment author.

If you don't moderate comments before they appear online, you are no longer seen as the publisher. However, if a problematic comment is brought to your attention it is then your responsibility to deal with it - which usually means deleting. This is why many newspaper websites will allow you to comment on articles freely, but will also have procedures in place to report problematic content.

We would recommend taking the latter approach and allowing users to comment freely, with the understanding that you will step in and moderate or delete if needed.

What is reputational damage?

It can be very tempting to delete any negative comments posted on your social media channels, all in the name of avoiding reputational damage. While this is usually done with the best intentions, it can often be more harmful than just allowing a comment to stay, as it will seem like you are censoring your followers and denying them their right to express themselves.

Also, you might be surprised at the power of a crowd to defend you: if you hold fire on the delete button when you receive a negative post, there is every chance that some of your other followers will defend you, put out correct information, or just offer an alternative opinion. This can then lead to a stream of healthy debate on your profile, giving you the chance for even more engagement with your following. Don't be afraid to trust the power of your followers.

It is also very important to remember that members/officers being offended by something does not necessarily constitute reputational damage. It is actually far better for your organisation to either let your followers put forward their views or for you to engage and deal with negativity in a human, social manner, rather than pressing delete (which could be interpreted as the digital equivalent of sticking your fingers in your ears and closing your eyes).

Using Your Own Device

• Use secure means to access information (e.g. Virtual Private Network, as set out in the Computing Facilities policy).
• Do not store local copies of Confidential Data.
• Delete your browsing history from shared or personal computers to remove any cached session details.
• Keep devices physically secure and take reasonable measures to reduce the risk of theft or loss (e.g. keeping the device on your person and out of sight, don’t leave unattended in hotel rooms etc.)
• Set devices to automatically lock after a pre-defined period of inactivity (usually no more than a few minutes) and, where appropriate, to lock or wipe data if an incorrect password is entered too many times.
• Ensure sync’ing to cloud-based services (including backup) is explicitly authorised by the WSU Chief Executive and appropriate protection is provided.
• Keep software on mobile devices up to date with the latest version.
• Report theft or loss of mobile devices to your department, IT Team and the police.
• Remove WSU data when you leave the Students’ Union or stop any associated activities.

You must not store WSU or Confidential information on local computer drives (desktops, C or D drives) as these are not backed up and loss/failure of the computer will mean that the information may not be recoverable or available as required to undertake your activities. Mapped network drives are available to staff and these are backed up regularly.

Public cloud storage services such as DropBox and GoogleDocs are not to be used to store WSU or associated personal or confidential information without express prior permission from the Chief Executive.

Remote access to WSU computing facilities or information

You must only use the Virtual Private Network (VPN) provided by the SU through the University to remotely access WSU computing facilities and information, especially when connecting using your personal device or over a public network.

The VPN Service provides a secure method to connect to the University campus network regardless of where you are connecting from (e.g. wireless/internet). The VPN Service is available to all staff and students with a valid University IT Services username. For further information, please visit https://www2.warwick.ac.uk/services/its/servicessupport/networkservices/vpn/