Physical & Everyday

Social Media & Talking About Work

Foundational

What you share online — even casually, even on a personal account — can reveal more than you intend: customer information, security details, internal plans, or things attackers use to target us. You don't have to go quiet; just be thoughtful about anything that touches work, customers, or how we operate.

Two risks come with posting about work. First, leaking information — a screenshot with customer data in the background, a photo of a whiteboard, details of an unannounced feature, or specifics about our systems that help an attacker. Second, attackers use personal posts (roles, who works with whom, when you're on holiday) to craft convincing phishing and impersonation.

The rule of thumb: if it relates to customers, company confidential matters, or our security, don't post it. When in doubt, ask before sharing — and remember posts are effectively permanent even if you delete them.

Think before you post

DoKeep customer information, confidential company matters, and security details off social media entirely — including in the background of photos and screenshots.
DoCheck images for what's visible: screens, documents, whiteboards, badges, and notes can leak more than the photo's subject.
DoBe mindful that details about your role, team, and routine help attackers target you and colleagues — they do read public profiles.
ConsiderFollowing the company's communications/PR process for anything that speaks on behalf of Finperiti.
NeverPost customer data, identity documents, or anything confidential about our customers or their cases — anywhere, ever.

Personal vs company voice

DoMake clear that personal opinions are your own, and keep professional conduct online as you would at work (see Using Company Systems).
DoIf you're contacted on social media about work in a way that feels like phishing or social engineering, treat it as exactly that (see Phishing, Social Engineering).
AvoidSharing internal plans, unreleased features, security arrangements, or who-does-what details that aren't already public.
AvoidAssuming a post is private or temporary — screenshots and archives make anything you share effectively permanent.

Ask yourself

AskDoes this reveal anything about customers, confidential work, or our security — including in the background?
AskCould an attacker use this to target me or a colleague?
AskAm I speaking personally, or could this look like I'm speaking for Finperiti?
AskWould I be comfortable with this being permanent and public? (Because it is.)

Why it matters: Innocent-looking posts are a real source of data leaks, and a rich source of information for attackers planning phishing and impersonation against us. A little thought before sharing anything work-related protects our customers' privacy, the company's confidential information, and you and your colleagues from being targeted.