Is an outright ban on workplace social networking a good idea? Or should companies be more calculated in their points of view and look at how the negative effects social networking has on a company's bottom line can actually turn positive if management adopts a more strategic policy than has been common in the past. There are certainly good reasons to suppose that unfettered employee access to social network sites can cost company dearly. But there are also good reasons for thinking that certain types of social networking can benefit many companies a great deal.
Case for and against Social Networking
The Risks of Social Networking in the Workplace
Why in the world would social networking cost an economy so much? Here are some of the most plausible and accepted explanations:
Lost productivity• —The specter of lost productivity is the most common reason employers cite for blocking access to social networks.Some companies have now banned staff access to Facebook, Twitter, Bebo and the like after discovering that employees were spending nearly 400 hours a month on Facebook.
Malware, identity theft and data leakage• —Social networking sites can be the delivery vehicle for malware and spyware that cybercriminals covertly embed onto innocent users’ pages. These malicious programs can spread throughout an entire internal corporate network and wreak havoc on the company’s bottom line. By destroying or disabling systems and data that employees need to do their jobs, malware can have a tremendous impact on productivity which is quite independent of merely “wasting time”. Malware and spyware can also bombard internal networks with spam, target users with phishing attacks, and steal user names and passwords. Criminals can use the latter information to appropriate identities and construct fake Facebook profiles that facilitate access to valuable company secrets. Some “ethical hacking” firms will demonstrate, if you pay their fees, how easily and quickly they can obtain almost any company data by using employee names and gaining access through social networking sites. Moreover, the time it takes for IT departments to defend against ongoing malware and spyware attacks can be extremely expensive
Compromised confidentiality• —Cybercriminals often don’t need sophisticated spyware to obtain secret company information. For whatever reason, naïve social networkers are often more open with personal or confidential information on social networking sites than they are elsewhere in life. Although Facebook users can restrict their pages to a select number of “friends,” many social networkers set profiles as public and befriend strangers or imposters who take on the identity of co-workers within their companies, including unknown “colleagues” who claim to be part of the same organization (this is a special vulnerability of large companies, where no one can possibly know everyone else). Collegial discussions can easily lead to the unintended disclosure of private company information. Moreover, social networkers can inadvertently violate government confidentiality regulations. In the aforementioned study, Nucleus Research cites an example of hospital nurses sharing patient information via Facebook with nurses on other shifts. If any of these nurses’ other Facebook friends were not hospital employees, the hospital could have easily found itself in violation of HIPAA regulations. Similar vulnerabilities exist for lawyers who can violate client confidentiality in much the same way. Beyond that, if attorneys give innocent advice to Facebook friends, they can unintentionally establish binding attorney/client relations. Nucleus also noted a growing trend among social networkers to use Facebook as an alternative email platform. Although many organizations monitor ordinary email accounts, if they can’t or don’t monitor Facebook, users can circumvent corporate email controls and unintentionally or deliberately violate corporate communication policies.
Bandwidth consumption• —Videos, other streaming media and other downloads from social media sites such as YouTube, MySpace and Flicker can consume an enormous amount of bandwidth. When employees are busy downloading videos for example, business-critical applications may run very slowly. If organizations do not restrict access to these sites, they will either have to accept a reduction in productivity or make expensive investments in more bandwidth.
Given these concerns, you might wonder why any executive in his or her right mind would ever permit employees to access social network sites at work. Why not use readily available Web filtering technology to completely block the sites? Yet, executives ought to think twice regarding an absolute ban on social networking. Some moderate and managed uses of social networks can genuinely benefit a company, and discriminating Web filtering tools can help organizations take advantage of these benefits while significantly reducing the risks.
The Argument for Workplace Social Networking
It is safe to say that most of the top management of today’s businesses are not members of the “Y Generation” who are rapidly entering the workplace, and they are obviously not “Millennials,” who will follow the Y Generation in short order. Yet this generation is the first to have grown up totally immersed in not only the Internet, but in interactive, often completely mobile technologies such as texting, instant messaging, blogging, media sharing and the now ubiquitous social networking
While many senior executives are gradually mastering the new forms of communication, the impulse may not come naturally and so they may not fully appreciate how deeply engrained these habits are in the younger workforce. Yet as the younger generation grows older, they will take over global business, become both corporate executives themselves and customers, and they will bring their habits with them.
So a draconian ban on Web 2.0 technology may cut off a primary means of communication that is deeply entrenched in the younger lifestyle. A ban will likely cause frustration and resentment among younger employees, and it might also deprive them of the venues where they can most comfortably and skillfully deal with important business contacts and customers, develop prospects, market their company’s products, etc.—in other words, successfully do their jobs. Talented job candidates are beginning to consider such restrictions when deciding on their employment options.
Some research suggests that a moderate use of social networking sites actually increases productivity. Dynamic Markets conducted a European-wide survey of 2,000 people, and 65 percent claimed that workplace social networking had made them more productive, and 45 percent said it had sparked creativeness.ix An oft-cited reason for this is that discussions on social networks enable workers to brainstorm with both company colleagues and interested friends, and this process prompts innovative approaches to seemingly intractable problems. Social networking allows employees to leverage the collective knowledge of contacts with expertise and similar interests.
Moreover, social networking helps employees stay connected with college and university friends who now have careers in a variety of industries and may turn into valuable partners or customers. These sites also provide access to otherwise inaccessible people and opportunities. Connections count in business, and given there are over 300 million active users on Facebook alone and growing numbers of members of business-oriented sites such as LinkedIn, social networks provide unprecedented opportunity to make and sustain worthwhile connections. Indeed, a Massachusetts Institute of Technology study found the workers with the largest networks were 7 percent more productive than colleagues with fewer Facebook or Twitter friends. Social networks can be a tremendous resource for critical information about customers, employees, job candidates, competitors, the current state of your industry and what others are saying about your organization.
Companies are also discovering that corporate social network accounts, blogs, etc. can be valuable marketing tools, providing more exposure and even increasing Google rankings. Corporate social network sites enable sales and marketing professionals to engage in more intimate and interactive dialog with potential customers, two-way communication that is not possible when companies rely exclusively on ordinary Websites and advertisements. An Australian study indicates that even non-business-related social networking can increase productivity because small breaks allow employees to “reset” their concentration.x If a company can successfully manage the other issues associated with social networks—data leakage, confidentiality, malware, bandwidth—why not allow employees to take the breaks they most enjoy, which often includes Facebook, MySpace, etc? Morale matters in an organization. Beyond that, people who waste time on such sites are likely to find other ways to waste time if the sites are banned. Time wasting in the workplace did not begin with Facebook. Regardless, even if workers do waste time, what does it matter if they are meeting or exceeding their numbers or otherwise performing their jobs well? Performance is ultimately what counts and has the largest affect on a company’s revenues.
A Management Strategy
An effective corporate policy toward corporate networking will include at least three key components: comprehensive employee education, well-designed Acceptable Use Policies (AUPs), and deploying discriminating Web filtering technology.
Education• —Every employee who sends email, texts, instant messages or accesses any Internet site—not just social networking sites—should be well versed on the dangers of malware, viruses, identity theft, data leakage and compromised corporate confidentiality. A course on these issues should be a required part of new-hire orientation and should also be taken by existing employees. Since social networking is so popular and second nature to many workers, special attention should be paid to corporate vulnerabilities exposed on these sites. When relevant, the instruction should include counseling on confidentiality and data protection laws such as HIPAA, Sarbanes-Oxley, UK Data Protection Act or other relevant local legislation.
Acceptable Use Policies• —Organizations should articulate unambiguous AUPs that state clearly what kind of corporate information can be shared on social networking sites, what is confidential, what can be said about the company, which of these sites workers can visit, and when they can visit (e.g. during lunch or other official break periods). The policies can be designed to make exceptions for certain personnel, such as marketing staff, who may have valid business reasons to access social networking sites more frequently, but this exceptional use should always be justified by businesses purposes. Restricting social networking to specific times and groups automatically addresses the bandwidth issue by reducing the time spent on and number of people accessing the sites. What is just as important as the policies themselves, however, is management’s commitment to enforce them. In extreme cases, this can sometimes mean termination of employment, especially if workers have been previously warned, have broken the law on the Internet, or have used devious means to evade AUPs, say through anonymous proxies. If employees are not disciplined for violating AUPs, the employee population will not treat the policies seriously.
Web filtering • —Finally, organizations should invest in advanced Web filtering systems that will help to implement the rules as effectively as possible, as well as protect internal corporate networks from malware. Bloxx’s Web filtering solution is excellent for these purposes. The system can block any existing site either completely or during particular times, and it can make exceptions for specific employee groups or even individuals. Bloxx’s Web content filtering solution is powered by its patented Tru-View Technology, an intelligent real-time contextual analysis engine that rapidly categorizes requested Web pages in real-time. Tru-View Technology can go beyond blocking sites already listed in the URL database to identify and block previously unlisted sites. This is important because new social network sites appear quite frequently. Tru-View Technology also has the capacity to detect completely new and unknown anonymous proxy sites and block those in real-time as well. The solution will identify malware or spyware embedded in the pages of Facebook and other sites and minimize the risk of malware entering the internal corporate network. In addition, a company can enforce rules for email and instant messaging by blocking use of those clients using the Bloxx Web filtering appliance.
In summary
By combining education, AUPs and Web filtering into an enlightened management strategy, an organization can reap the benefits of social networking while protecting itself against lost productivity, malware, identity theft, data leakage and compromised confidentiality. Employees will be happier, more productive and effective, and talented young people more willing to join the organization. It’s a win-win for employers and employees alike.