Currently there’s a lot of buzz in business circles about the value of using social networking services (SNS) as a channel to drive sales, promote brand and network for business opportunities. Much of it comes from marketers who are excited about the target marketing possibilities of these sites — they gather so much data about individuals that marketers are able to profile very specific demographics. At the same time, IT security companies post regular warnings about the potential for damage that social networking can pose to business computer systems.
The huge uptake of SNS membership and the increasing spend by some major consumer product companies on these sites provides a sense of ‘normalcy’ about them that could prove dangerous to the unwary user. Mainstream acceptance hasn’t been matched by efforts to improve security. It’s not unknown for fraudsters to gather, piecemeal from a number of company employee profiles, sufficient information to access company intranets or launch malware attacks against company computers.
Increasingly the question is being posed — should employees be allowed to access SNS over their organisation’s computers? Many major corporations who need to maintain absolute security over client data, their records and their reputation, such as financial institutions, have answered with a firm ‘No’ and simply locked them out of company computers.
But with social networking being viewed by many employees as just another form of communication essentially no different from email or instant messaging, employers may be put under pressure to provide access or face an employee backlash. If you intend to allow employees to use social networking from work computers you would be well advised to proceed with caution. Here’s how to minimise the risks.
Develop an acceptable use policy: According to experts, the first step is to develop policies and train employees. If you don’t have policies in place for SNS use (along with blogs, wikis, and their like), then you’re leaving yourself at risk.
Define the times when social networking is acceptable: Social networking is addictive and unrestricted access inevitably results in employees spending more and more time online checking out what their friends are up to. Assign only out-of-work periods (lunch break, before or after their work hours) as times in which employees can social network.
Mandate the use of privacy settings: SNS sites are notoriously short on privacy. In their profiles users can enter a host of information including their name, address, phone number, email and their workplace. A privacy level can be assigned to each field of information restricting who can access it, though few users appear aware of this. Mandate that any business related information is assigned the highest privacy setting the site provides.
Set guidelines for chatting about work related matters: It’s very natural for people to talk about work, and that talk often gets into messages posted to social networking sites. The business’ reputation could be put at risk by inappropriate comments by employees. Criticism by disgruntled employees or jokes that could be misunderstood by people outside the organisation can do irreparable damage. Spell out the principles for business related chat such as the need to maintain client confidentiality, the contexts in which your organisation’s name can be used and the inappropriateness of making disparaging remarks about fellow workers.
Point out the IT threats: Malicious code is being embedded in Web 2.0 links. Employees casually clicking on links could lead them to malware that will infect work computers. Train employees in the company’s IT security policies to make them aware of what’s allowed and what they’re prohibited from doing.
Make improper use a disciplinary matter: Make it clear there will be consequences for posting unacceptable comments or business information on social networking sites and detail the disciplinary action that will be imposed.