Whether you like it or not, whether you use them or not, social networks are now part of our life, if not yours directly, it is for some of our friends, children and colleagues.
Now that we have them in our lives, we have to learn to use it safely and correctly, thus the question: Is it ok to have them and use them at work?
Now that we have them in our lives, we have to learn to use it safely and correctly, thus the question: Is it ok to have them and use them at work?
Before answering, let’s just step back a few years ago…
When the “Web/Internet” appeared in the corporate world, I recall most of my client saying there was no need for such a thing at work, it was a total waste of time, employees where losing productivity… To some extent it was true, but honestly, today, lots of people cannot perform their job without accessing it.
It is still true that there is some loss of productivity but it brings a lot of joy and relaxation to workers. Being able to coordinate some personal issues via email, find the next vacation spot online, reserve tickets without having to drive down to a travel office. Let’s be honest, it saves us a lot of time and it improved our quality of life, happiness, and therefore, improve our ability to perform job better because overall, personal things are now easier to manage.
It was a paradigm shift back then as the social networks are right now. The thing is that most of us just didn’t found yet the best way to leverage them for day to day business.
With that said, we can’t use them inconsiderately, especially not at work. Although you might not be able to establish the value of social networks for your business yet, you might still decide to “please” your staff and allow the access and use of social network in the office. If you do so, make sure you train your staff to limit potential and/or negative impacts on your business.
To help you do this, the ENISA (European Network and Information Security Agency) has conducted a study and produced a report (available for download here) that establish 17 golden rules social network users should follow to insure an adequate level of security and act responsibly when using them.
Although it makes a lot of sense to security professionals, I have noticed that a lot of people do not see the potential issues with social networks. In a nutshell, the ENISA suggest that the users:
- Pay attention to what they post and upload
- Choose friends with care- Protect the work environment and avoid reputational risks
- Protect mobile phones (lots of mobile users out there)
- Respect other people’s privacy
- Get trained, get an understanding of the risks
- Protect their privacy using adequate privacy settings
- Report lost/stolen mobile ASAP
- Pay attention to location based services
There is much more to it than those simple recommendation topics in the report. A lot of the information can be re-use and integrate into your own security awareness training so please take the time to read it carefully.
All in all,some of the real risks of social networks from a business standpoint are:
- Cyber bullying and electronic harassment between employees or between your staff and your competitors staff??? (come on, we are not 12 year old anymore);
- The principle of “guilty by association”: When people privately belong to group or associations that do not represent well your overall corporate culture, standpoint or image;
- Leakage of privileged information. It is human nature to speak about what we do. Sometime, people get excited about a specific project or initiative they work on and starts discussing it online. This happen all the time over email and bulletin board and that risk is even more important with social network since you have to feed the beast once your in; and,
- Potential loss of control over corporate image: It happen when employee start defending corporate point of view based on their own interpretation of events or when they publicly complain about something that should be managed internally.
To conclude, private and work lives are to be kept apart. If you are to allow people to use social networks at work, clear boundaries are to be established between those two. I think it is important to define posting guidelines (with example of what is allowed and what is not allowed) and make them available to your staff.
PS: Watch out for the staff who travels a lot, many social networks user implement mobile components on their cell phone and it can crank up a bill pretty quickly!
Thanks for reading and have a great day,
Martin Dion (CISSP/CISM)
ISO:27001/20000 Lead Auditor & Trainer
CTO @ Above Security
No comments:
Post a Comment