Mitigation, not prohibition: responding to social networking at work
Social networking is here to stay. Companies should embrace it rather than fight it, says David Etui, Vice President of Products and Markets at Fidelis Security Systems. But the dangers are real.
The good news is that it is possible to mitigate the risks through a combination of policy, training and technology.
He offers four steps to maximise the benefits and minimise the pitfalls:
1. Ensure existing employee codes-of-conduct policies cover social networking.
A good start is to update your organization’s computer-use policy to indicate whether it is acceptable to use social networking only for work or for work and personal activities. However, organizations also need a broader policy covering what activities an employee (or contractor) can do on behalf of the company or agency. If existing policies are updated to include scenarios related to social networking, the organization must get the word out and incorporate the new policies into its employee training.
2. Train end-users on the benefits, risks, policies and goals for social networking.
It is important to communicate to employees and contractors the organization’s goals for social media — and what their role will be. Much as you would work with an executive to prepare for a press briefing or analyst call, you should explain the goals of social networking, who has the authority to speak on the organization’s behalf, what actions and activities are appropriate, and whom to contact with questions and issues.
3. Create official profiles for the organization, subsidiaries and key executives on the major social networking sites.
This should be done even if those profiles will not be used, and they can be marked as such. This will help head off the creation of fake accounts used for impersonation.
4. Implement technical controls that address how social networking can be used and what content can be posted.
Policies must be enforced, and appropriate technology is one important way to achieve that. To be effective, any technology must understand the context of data as well as its content.