A recent study by Barracuda Networks found that 50% of their customers were blocking employee access to online social networking sites Facebook and MySpace because of malware, productivity, bandwidth and liability concerns.
Online social networking sites have certainly received a considerable amount of adverse publicity in recent months – see the BBC story Cyber Thieves Target Social Sites, by way of example. Is blocking access to these sites simply an unnecessary knee-jerk reaction to media hype, or is it a step that addresses a real security problem? Let’s start by considering each area of concern:
- Viruses and spyware. While social networking sites have indeed been used to spread malware, they are certainly not unique in that; many websites, from embassies to popular download sites, have been hacked and configured to deliver malware. Realistically, social networking sites probably pose no more of a threat than any other type of website.
- Productivity. Social networking sites have been blamed for productivity losses (UK takes £6.5bn hit from Facebook & company). Ok, but are online social networking sites really to blame? What would those users be doing if they weren’t idling on Facebook? Would they be hard at work or would they be wasting time on some other form of online entertainment? I suspect the latter.
- Bandwidth. See previous point.
- Liability. Could a business be held liable for postings by an employee made on company time from a company computer? Possibly. The law really isn’t clear at this point in time. Individuals are starting to pay the price for incautious postings to social networking sites, and it’s possible that businesses could too. It’s a risk you should certainly consider.
Social networking sites do, however, provide some real business benefits, empowering employees with new ways to share information, draw on collective community intelligence and seek out and sustain relationships – and, ultimately, providing business which leverage the technology with a distinct competitive advantage.
So, should you embrace social networking and accept the risks, or should you block social networking and eliminate the risks? The best answer may be to adopt a middle-of-the-road approach and to allow access – possibly on a time-limited basis – to those sites which may benefit your business, while blocking access to more recreational sites such as MySpace. Some other points to consider:
- Your employees activities may reflect on your business. Information posted to social networking sites is in the public domain and could impact on the image of your business (would you want your customers to know that your one of your employees thinks that you are a money-grabbing, talentless crook?). This may sound unlikely, but in an age where people regularly use search engines to find information about their business contacts, it’s a very real possibility.
- Social networking can lead to lost productivity. And so can other forms of surfing. Use a web filter to prevent problems, but choose carefully. Some filters will enable you only to impose a blanket ban on social networking sites for all users while other are more customizable and will enable you to impose user (or group) specific restrictions or block access only at certain times of the day. Make sure you choose a filter that will do exactly what you want it to do (see our article How to Choose a Web Filter for more information).
- Educate your employees. Provide them with some practical pointers on the do’s and don’ts of social networking.
- Use your acceptable use policy. Your Acceptable Use Policy (AUP) should set some clear social networking standards in order to ensure that your employees do not post material which may bring your company into disrepute. Additionally, any restrictions that you put in place (on sites which can be visited or the times at which they can be visited) should be clearly laid out in the AUP.
Careful planning and a commonsense approach to social networking will enable your business to reap the benefits, with minimum risk.