Sophos Cloud Optix
In this new age of “instant information” is it shortsighted to block social networking sites within an organisation purely because of stories in the press relating to scams, misuse and threats?
There’s an increasing trend to use social networking sites like Facebook and Twitter as a business-enabling tool rather than solely as a personal communication aid for families and friends; Facebook now even allows you to “advertise” easily. Should businesses embrace this new culture, or stick to the old-world view of “If it has been reported as bad, it must be”?
Is there anyway an organisation can stop staff accessing such sites in the context of the increase in consumer products which allow instant access anytime? Just look around your organisation to see how many people are carrying both corporate and personal devices…
Here’s a quick quiz; see how you do.
- Do you prevent your staff from accessing social networking sites on corporate devices?
- Do you prevent staff from attaching their own devices to corporate machines?
- Do you monitor when these personal devices are used to access social networking sites?
- Do you have control over your organisation’s social networking “footprint”?
The interesting thing is that if you answered “yes” to the first question, but answered “no” to the second and third question, the final question should be answered “no” as well.
Did you expect that?
Is it time for a re-think?
With the increase in the number of organisations embracing Bring Your Own Device (BYOD) this trend is only going to grow.
So perhaps now is the time to look at educating users about the issues, and empowering them to use these tools responsibly, rather than trying to block access; after all, this may turn into a battle you can’t win.
So, how do you educate users about social networking sites and the issues around them?
- Passwords
Teach users about good password management including password strength (difficult to guess but easy to remember), password security (keep it to yourself) and using different passwords for different sites (a password is only as strong as the weakest system you use it on). - Scams, clickjacking and fake apps
Teach users how to spot something that is attempting to drive traffic, harvest data or steal identities. If people are aware of what can happen they may be less inclined to click anything-and-everything in the hope of a free gift. - Sensible sharing
Social networking sites can be restricted to allow only a limited number of people to access data and information. If you have a target audience, do you need to tell ‘everyone’ or only those you wish to educate? Teaching people how to amend these settings to protect themselves will help you protect any corporate data you wish to place on there. - Monitoring (for employees)
Social networks send emails relating to access, posts and mentions. Monitoring these will highlight any potential misuse which can be stopped before it gets too severe. - Monitoring (for employers)
Regular checks of internet usage will show any misuse of social networking sites. All employees should be aware you are monitoring internet access and that misuse will be investigated. This should act as a deterrent for anyone who wishes to misuse the privilege and use corporate resources to “check their CityVille…” or “click that link for a free iPad…”
If all these steps are in place and your users are using social networking to enhance your corporate image and expand your client base, could there be a justification to lower the defences and allow social network access for employees?
The internet world is changing and social networking is becoming a more mainstream tool for business operations; without secure enablement there is a risk you could be left behind.
Social networking in the corporate environment is no longer about “no”, it’s about “yes, BUT..”.
Chalk tick on blackboard image courtesy of Shutterstock
So besides the Marketing departments who manage the official company twitter feed or facebook page.
Who else actually needs access to social networking to do their job? Anyone?
NO ONE!!
I don't get it! Why would you pay someone to do a job and then pay them to screw of on facebook? My boss would have fired me for that. So why doese anyone need Facebook when there soposed to be working?
For anyone with real data protection responsibilities you would have to be 100% sure your data leakage controls actually work and you can actually monitor them. Otherwise a better balance has to be found. In other words is it worth the risk? Is the whole BYOD idea immature at this point? Leading or Bleeding Edge for your business ? Would Norfolk County Council actually ratify this design and guarantee zero data leakage? #PleaseBringCommonSenseToBYOD
FaceBork at the workplace? I thought a person went to work to work, not socialize.
If someone wanted to be on FB during the lunch break, fine, but if they use company computers and bandwidth they could (and probably will) be monitored.
Don – that thinking is stuck in an 'old world' model where work is isolated from the rest of your life. The 'new world order' is that people are timeslicing – for example, they may spend an hour catching up with work emails after they put the kids to bed. In that sort of environment, the flipside is that employers need to understand that their workers will repeatedly take a few minutes off during the traditional working day to take care of personal stuff, such as making or responding to an invitation to meet after work (or, for that matter, popping out to pick up their dry cleaning).
It might not be relevant to production line workers or retail assistants, but it is relevant to the broad class of 'information workers'.
Finding justification for Facebook or Twitter in the workplace is a difficult task. There should be no reason for it as most businesses provide business oriented communications tools. There will probably be companies out there who use it for research etc. But personal use in the workplace doesnt make sense in my head.
Can an individual not wait until they go home to check up on friends? If they can't they might want to find a less professional job position, in a company that doesnt care about producitivty….
There will always be exceptions but in most cases it's just an excuse to slack of
Great Article Carl.. but securing Facebook and Twitter in workplace is not an easy goal…