In an August 11 article in Bank Info Security, Upasana Gupta writes that it’s impossible to overestimate the impact of social media.

Popular sites such as Facebook, LinkedIn and Twitter have had a phenomenal impact in the workplace – both as a corporate channel for communication and marketing, as well as a vehicle for employees to communicate both professionally and personally.

The latter is a key point.  According to a new survey conducted by Trend Micro, employees increasingly are using social networks while in the office and on the clock.

It is debatable how much the rise in social networking has compromised employee productivity, but it’s indisputable that much of this activity is occurring in the absence of formal policies.

“In its simplest terms, there is anarchy in the absence of social media policy and training,” says John Pironti, ISACA board member and president of IP Architects, LLC.  “Without proper direction and clarity, it is hard to enforce appropriate consequences on someone.”

Because of this anarchy, organizations are starting to take action.  Fear of compromised productivity, reputational damage, data loss and inappropriate behavior is leading many employers to introduce strict controls on staff access to social media sites.  Robert Half Technology, an IT staffing company, recently reported that 54 percent of U.S. companies have banned workers from using social networking sites while on the job.  The study found that 19 percent of companies allow social networking use only for business purposes, while 16 percent allow limited personal use.

ENTIRE ARTICLE (Click Here)

Popularity: unranked [?]

Darrell Smith from the Sacramento Bee writes that companies are swarming social networking sites, including Facebook and Twitter, hoping to boost their brands, connect with customers and even find new employees.  

But they’re also struggling to rein in potential problems.  Employers cringe at the thought of employees revealing proprietary information, hackers making mischief or a roomful of workers busy reconnecting with old high school friends on Facebook instead of doing their jobs.

The ubiquity of social networking – 77 percent of workers have a Facebook account, for example, and 61 percent of those access Facebook on the job, according to Boston-based Nucleus Research – complicates matters.

Nucleus Research last July estimated that on-the-job use of Facebook alone costs companies 1.5 percent of total employee productivity.

Policies on employee use of social networks are all over the map, from total bans on Internal access to no policy at all.

A 2009 survey by the Minneapolis-based Society of Corporate Compliance and Ethics found that just one in three businesses have a general policy for employee online activity including use of social networks.

“Most (employers) are playing catch-up on this,” said Alden Parker, an employment attorney at Sacramento law firm Balsam Parker.  “You have to make sure that you’re not losing employee hours to these time-sucking activities.”

ENTIRE ARTICLE (Click Here)

Popularity: unranked [?]

Popularity: unranked [?]

Mark Ruquet with National Underwriter writes that oversight of employee Internet use is important to protect an independent insurance agency from computer viruses, legal exposures and time wasting, according to an industry expert.

Chris Borchert, business development executive with iPrevision, made his comments during the 34^th annual AMS Users Group meeting, now called Network of Vertafore Users Group (NetVU).

Mr. Borchert, whose firm is an Internet security solutions provider based in Yorba Linda, Calif., reviewed how susceptible today’s producer technology systems are to outside attacks.

He said studies show that employees can spend a lot of work time – as much as two hours of company time – on personal Internet browsing, which can amount to an average of close to $5,500 in lost productivity.

However, many employers may not realize that there are legal liabilities that such activity can expose them to, he said.  Also, activity on these sites can inadvertently expose the company’s network to viruses and malware that can infect a single computer or the entire agency system.

ENTIRE ARTICLE

Popularity: 6% [?]

By: Staff Writer

Over the past decade, there has been a technological revolution in the workplace as businesses have increasingly turned to technology as the primary tool to communicate, conduct business, and store information.  As the use of technology has increased, so has the concern of employers that their technology resources may be abused by employees.  As a result, companies have developed various “computer conduct” policies and implemented strategies to monitor their employees’ use of e-mail, the Internet, and computer files. National surveys have reported that many companies are engaged in such practices. Federal and state laws and judicial decisions have generally given private sector companies wide discretion in their monitoring and review of employee computer transmissions, including the Internet and e-mail. However, some legal experts believe that these laws should be more protective of employee privacy by limiting what aspects of employee computer use employers may monitor and how they may do so. 

No matter where people stand on the issue of privacy, one thing continues to be critical in the courts, in the media and in the work place.  Employers are expected to clearly communicate the organizations position to employees as it pertains to employee conduct and privacy.

As an employer, one of the challenges has been keeping up with written policies that describe and make clear what the employee should know about the organizations expectations of technology use when the technologies available change at such a rapid rate.  Many organizations have an “Email Policy” an “Internet Use Policy” a “Communications Policy” and often a general section outlining general office technology use in an “Employee Handbook”. 

The situation above has developed because organizations tend to layer additional policies as new technologies present themselves in the work place.  As a response to this situation, more and more organizations are creating a single “Technology Use Policy” that pertains to all of the various technologies and communication mediums in the organization. 

There is now a broad enough understanding of the interaction between employees and the internet enabled world to refine the employer’s expectations in a single “Technology Use Policy” that will address elements such as email, webmail, web surfing, telephone/cell phones, social networking sites (i.e. Facebook, YouTube, Twitter etc.), Blogs, instant messaging (IM) and texting.

The courts, specific industry associations and experts agree that establishing a comprehensive policy on employee technology use is incomplete without strategies to disseminate the information. Experts pointed out that informing employees about these policies not only established the limits of employee expectations about privacy but also allowed the employee the opportunity to conform their behavior to the circumstances of having limited privacy.  Don’t allow your organization to send conflicting messages to employees because technology specific policies have been layered on top of each other as new technologies make their way into the work place.  Focus on replacing multiple policies with a single “Technology Use Policy”.

Popularity: 51% [?]

Lora Bentley

Social networking is part of the new normal in business, according to Gartner. Understandably, not every company can go so far as, say, Zappos.com or Southwest Airlines in their enthusiasm. But it’s also not smart to ignore it. At some level, employee use of social networking tools should be addressed and a policy adopted.

In fact, just a couple of weeks ago, a friend noted that he had attended a seminar on social media in business and found it very helpful. One of the attorneys who presented that seminar is Mitzi Wyrick, from the Louisville offices of Wyatt, Tarrant & Combs. After looking at the slide deck my friend sent my way, I contacted Wyrick. Tuesday, I got the chance to speak with her.

Essentially, she said, employers have two choices when it comes to employee use of social networking tools on company time: They can ban it completely, or allow it and decide how they’re going to regulate it.

“In some ways I think it’s easier to treat social networking use the same way the company treats employee Internet use,” she told me. “If they’re allowed to use it, as long as they’re not using it excessively, social networking shouldn’t be any different.”

But there are certain things companies should be mindful of when creating their social networking policies. They want to protect their intellectual property, so employees shouldn’t be posting about things they’re working on, Wyrick said. Policies should also prohibit harrassment or discrimination against other employees, as well as posting “anything that would cast the company in a bad light.”

Once the policy is created, employers should communicate it to employees. Post it in the breakroom, include it in the employee handbook, distribute it separately in a memo or a letter. And have employees sign to acknowledge that they’ve received it and read it. That way, Wyrick said, you avoid situations later where an employee says he doesn’t understand why you’re disciplining him since he didn’t even know there was such a policy.

After the policy has been created and communicated, it must be consistently enforced. It does no good to have a policy if some violations have consequences and others do not. Not that someone has to devote all of his or her time to monitoring employee activity on different social networking sites. In fact, Wyrick said she wouldn’t recommend that. But once the company becomes aware of a post that violates company policies, it must be addressed in accordance with the policy. Then, the second (and third, fourth, etc.) time that kind of violation occurs, it must be addressed in the same way as the first.

ENTIRE ARTICLE

Popularity: 68% [?]

By David Holthaus
dholthaus@enquirer.com

Shoppers spent about $900 million Monday not by going to the mall but by pointing a computer mouse and clicking from the comfort of their desks. Undoubtedly, many of those sales on what retailers bill as Cyber Monday came from workplace computers on company time, raising the uncomfortable question: Was anyone actually working on Monday?

With online sales growing steadily each year, the Internet has become a regular venue for Christmas shopping for many. And the omnipresence of desktop computers has made it possible to shop without ever leaving the office.

Many are doing exactly that, found the Information Systems Audit and Control Association, an information technology trade group. Employees will spend on average, nearly two working days – 14.4 hours – shopping from a work computer this holiday season, its survey of more than 1,200 consumers found. Ten percent plan to spend at least 30 hours browsing the Web pages of retailers while at work.

That’s great news for online retailers such as Amazon, Macys.com and Bestbuy.com, but not so great for the companies those shoppers work for. A separate survey by the same group found that a quarter of information technology professionals estimate their company will lose $15,000 or more per employee in productivity during the holiday season.

Online shopping can also lead to viruses, spam and phishing attacks that can invade workplace computers.

“It’s unrealistic to think that companies can stop the use of work computers for online shopping,” said Robert Stroud, the trade group’s vice president.

That doesn’t mean they won’t try to keep a lid on all the cybershopping. But policies on personal use of the Internet at work generally vary by size of the employer, said Kelly Schoening, a lawyer with Crestview Hills-based law firm Dressman Benzinger Lavelle. “The smaller they are, the less likely they are to have a policy or the looser they are about it,” Schoening said.

Some large companies forbid any personal use of the Internet, and some have the technology and manpower to monitor employee Internet use, she said. “I have one client who monitors all usage,” she said. “I encourage employers to do it.”

But the policies of large employers vary. Procter & Gamble says it has no policy forbidding personal use of the Internet as long as it doesn’t interfere with productivity.

The region’s largest employer, University of Cincinnati, has a policy that states “university resources may only be used for official university business and not for personal gain or convenience.”

Most firms allow limited personal use on work computers during free time or before or after work, said Mary Spadaro, a manager with Employee Management Services, which handles human resources administration for other companies.

Some stretch that into company time, she said. “The reality is, employees are going to be on the Internet,” Spadaro said.

“Especially with small- to mid-sized companies, they don’t really monitor because they don’t have the resources,” she said.

One small company that does is Bottom Line Systems of Crescent Springs. The health care consulting firm uses Internet tracking software and can block Web sites, said Lynette Koenig, human resources manager. But it can only do that for about half of its 180 employees. The rest work offsite. “We’re pretty much on the honor system there,” she said.

Some employees may be counting on the cluelessness of their IT department. The trade group survey found that IT staffers estimated employees would spend only nine hours shopping on their work computers, 37 percent less than what the employees actually said they would spend.

ENTIRE ARTICLE

Popularity: 73% [?]

Rolling Meadows, IL, USA (21 October 2009)—Employees plan to spend nearly two full working days (14.4 hours) on average shopping online from a work computer this holiday season, according to a survey conducted on behalf of ISACA, a nonprofit association of 86,000 information technology (IT) professionals. One in 10 plans to spend at least 30 hours shopping online at work. Convenience (34%) and boredom (23%) are the biggest motivators, according to those polled.

Despite an economy expected to show flat or declining holiday retail sales, the second annual “Shopping on the Job: Online Holiday Shopping and Workplace Internet Safety” survey found that fully half of those surveyed plan to shop online for the holidays using a work computer. Less surprising is a growing uncertainty—the number of employees who are unsure about whether they will spend more or less time shopping online compared to a year ago has doubled.

The potential danger of shopping online is that it can open the door to viruses, spam and phishing attacks that invade the workplace and cost enterprises thousands per employee in lost productivity and potentially millions in destruction or compromise of corporate data.

Employees who shop online using a work computer are also likely to engage in other high-risk behaviors. Survey participants also bank online (51%), click on e-mail links redirecting them to shopping sites (40%) and click on links from social network sites (15%). Yet nearly one in five says they are not concerned that their online shopping habits may affect the safety of their organization’s IT infrastructure.

“With the Internet now available to almost any employee in the workplace, it’s unrealistic to think that companies can completely stop the use of work computers for online shopping,” said Robert Stroud, international vice president of ISACA and vice president of IT service management and governance for the service management business unit at CA Inc. “What companies can and should do is educate employees about the risks of online shopping and remind them of their company’s security policy. This is especially important this year, when the convenience of shopping online may be very appealing to employees whose workloads have doubled or tripled because of downsizing.”

Upwardly Mobile Shopping
This survey also found that more than one in 10 Americans who use a mobile work device such as a BlackBerry or iPhone plan to use it for holiday shopping. The increasing use of mobile work devices for personal business such as shopping can lead to additional security issues and exposure to data loss for a company.

“The lines between work and personal data are becoming more and more blurred as a growing number of people check work e-mail from their own phone or PDA, or use a work-supplied mobile device to shop or update their Facebook page. As our mobility increases, so does the risk to our corporate IT systems,” said John Pironti, a member of ISACA’s Certification Task Force and chief information risk strategist for Archer Technologies.

A significant percentage of those surveyed do not actively manage their work computer’s security. Thirty percent report that they leave security up to their company’s IT department. Of those who connect via a wireless connection, 30% don’t or don’t know how to check the security of wireless settings and just 21% personally check their work computer for the most recent security patches.

Reality Gap Between Employees and the IT Department
A separate ISACA survey of more than 1,500 IT professionals, who are ISACA members in nine countries, conducted during the same time period shows a major gap between what the IT department believes and what the employees are planning when it comes to online holiday shopping. Close to half (48%) of those in IT believe employees will spend just over one work day, or nine hours, shopping online from a work computer—yet ISACA’s consumer survey shows that employees will average closer to two work days, or 14.4 hours.

IT professionals are realistic about the potentially staggering costs of shopping online for the holidays from workplace computers. One in four estimates that their company will lose US $15,000 or more per employee in productivity during this year’s holiday season.

“The reality gap between the IT department’s perceptions and the online shopping behaviors of the rest of the company actually represents an important opportunity for IT,” said Paul Williams, a member of ISACA’s Governance Advisory Council and a past president of the association. “By educating employees and communicating common-sense online policies, IT can better protect one of the most critical assets a company has—its IT systems.”

5 Tips for Safe Shopping From the Office Computer
ISACA recommends that employees and IT departments take the following steps to reduce the risk of spam, viruses and accidental downloading of backdoor “agents” that can highjack corporate data.

For online shoppers:

1. Use your desktop PC, not your mobile device, to shop, because your desktop browser is likely to be more secure.
2. Protect sensitive information, like credit card numbers, by password-protecting both your mobile device and its memory card.
3. Make sure you update your anti-virus and anti-malware programs continually.
4. Treat social networking sites with the same caution as other web sites—social sites are a growing target for fraudsters and virus writers.
5. Be cautious of special offers. If it looks too good to be true, it probably is. Fake online offers and coupons may lead to harmful sites, so be suspicious.

For the IT department:

1. Educate employees. Blocking sites can do more harm than good, causing employees to seek out less secure ways to get around your blockade. Education works better.
2. Get employees on board with learning by teaching them how to protect both their work computers and their home computers.
3. Reinforce what you teach by having employees sign an acceptable-use policy every year.
4. Offer a “safe zone” for holiday shopping—create an online sandbox that can be taken down after the holidays.
5. Don’t wait until Cyber Monday to step up security. Think of “Cyber Season” as the time from September to January and be extra-diligent throughout that time.

About the ISACA Shopping on the Job Survey
The second annual “Shopping on the Job: Online Holiday Shopping and Workplace Internet Safety” survey is based on online polling in September 2009 of 1,210 US consumers and 1,513 IT professionals who are ISACA members in nine countries. The study, which was designed to capture insights about online holiday shopping at work and employee compliance with workplace policies governing online shopping, was conducted by M/A/R/C Research and ISACA, respectively. The M/A/R/C study results contain a margin of error of 3.9% at the 95% confidence level.

About ISACA^®

With more than 86,000 constituents in more than 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems assurance and security, enterprise governance of IT, and IT-related risk and compliance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA^® Journal, and develops international information systems auditing and control standards. It also administers the globally respected Certified Information Systems Auditor™ (CISA^®), Certified Information Security Manager^® (CISM^®) and Certified in the Governance of Enterprise IT^® (CGEIT^®) designations.

ISACA developed and continually updates the COBIT^®, Val IT™ and Risk IT frameworks, which help IT professionals and enterprise leaders fulfill their IT governance responsibilities and deliver value to the business.

Media Contacts:

Kristen Kessinger, +1.847.660.5512, kkessinger@isaca.org
Marv Gellman, Ketchum, +1.646.935.3907, marv.gellman@ketchum.com

ISACA
3701 Algonquin Road, Suite 1010
Rolling Meadows, IL 60008
USA

ENTIRE ARTICLE

Popularity: 74% [?]

Ralph Schaefer

Social networking is creating workplace havoc.

Employers are faced with decisions varying from a total ban of the services to developing policies that allow the use of on MySpace, Facebook, Twitter and other new communication methods.

Employees must deal with the ability to maintain contact with people outside the workplace in a timely fashion without violating any company policies that could cost them their job.

Social responsibility on both sides is a fine line, according to Tony G. Puckett, a member of the McAfee & Taft Law Firm.

Puckett, from the Oklahoma City office, was among speakers at the LEEB (Labor & Employment and Employee Benefits) University presented by McAfee & Taft to human resource managers.

Employers always are concerned about losing sensitive information about the company that could hurt employees and damage operations, Puckett said. This technology makes it easy to leak that data. As a result, employers always are looking for ways to prevent those problems before they occur.

Employees often use the sites to vent frustrations about the company, co-workers and other workplace issues they might be experiencing at that time. Unfortunately, they sometimes also make derogatory remarks about others in the workplace, that if known to others, would be harmful.

New forms of communication, blogs, texting, microblogs — twitter — social networking sites, digital cameras, YouTube, cell phones with cameras and videos, GPS tacking on vehicles and phones are wonderful devices when properly used, he said. Facebook alone currently boasts a membership of 250 million subscribers.

Real difficulties happen when employees want their privacy on these social networks while using them on company time.

The best way to get around those difficulties is to train everyone in the company about policies and then make certain they are equally enforced, Puckett said. Standards can be put in place on workplace productivity, confidentiality of information, injury to business reputations and a reminder that digital information, unlike phone calls and letters, last forever and can show up as evidence many years later.

Putting employee expectations on the line when someone is hired can be the first step to help reduce possible breaches in any confidential information that might be shared. It is better to have these policies in place at the start of employment than later and try to make up for lost time.

Questions often raised leave employers wondering how to control work time spent on the Internet, texting, blogging and other communication methods, Puckett said. Then the question about whether or not policies are in place to legally monitor employee activity and discipline accordingly.

An important rule to remember is that electronic behavior is a means, not an end, he said. If behavior is prohibited, it is prohibited via computer as well.

The corollary is that thoughtful, well-communicated policies will set employee expectations regarding all types of workplace behavior. That is followed by a balance of a reasonable expectation of privacy with legitimate business purpose and scope.

The U.S. Constitution tops the governing laws and legal authorities that govern workplace monitoring programs. That is followed by the Federal Electronic Communications Privacy Act — Title II, the Stored Communications Act. Then there is the National Labor Relations Act, case law and Oklahoma laws protecting invasions of privacy.

That said, Puckett related a case where courts found that a workplace hidden camera was not an invasion of the employee’s privacy rights.

Everything started when the employer learned that someone in the company was using a computer for viewing pornographic material in the early morning hours. Determined to identify the culprit, a hidden camera was installed in the office that was locked after hours.

The two employees using the office sued because they felt their right to privacy had been invaded.

However, the court noted the camera was turned on only at the close of the business day and was installed for a legitimate business concern.

A Federal appeals court also held that a Washington State teacher’s blog attacking co-workers was not protected speech of public concern, but rather than the comments were ‘‘racist, sexist and bordered on vulgar,’’ and were ‘‘mean spirited.’’

Referring to the Electronic Communications Privacy Act of 1986, Puckett said that Title I protects wire, oral and electronic communications while in transit. It also protects communications held in electronic storage, most notably messages stored on computers.

General provisions of the law protect wire, oral and electronic communications form interception, access and disclosure.

Employers may not intercept a communication, that is tap a phone line; disclose or use contents of an illegally intercepted communication, or use an electronic, mechanical or other device to intercept oral communications — hide a tape recorder.

Important exceptions also are provided.

First is the employee can consent, either expressed or implied to the recording; business extension or business use and provider exception.

Oklahoma law allows one party to a telephone conversation to make a recording.

Employers are watching the electronic activity within the company according to a June 2009 study of decision-makers at companies with more than 1,000 employees.

The study showed that 43 percent reported investigating an e-mail based leak in the past 12 months; 33 percent employ staff whose exclusive job is to monitor the control of outbound e-mail, up from 24 percent in 2008; that 31 percent reported firing workers for misuse of e-mail and 8 percent reported terminating employees for use of social media, up from 4 percent a year earlier.

Various reasons were cited for the monitoring efforts including quality and reputation control; risk of defamation or invasion of privacy claims by other employees or outside parties and misappropriation of trade secrets or confidential information.

Suspicious activity by employees was given as another reason for monitoring that sometimes led to disciplining or termination of an employee.

Make certain that computer use and monitoring policies are transparent and evenly enforced, Puckett said. Employees will feel less violated when they know what will be happening and continuation of employment with knowledge of the policy is in place.

Make certain that employees understand they cannot expect privacy in company communications, he said. Use of the computer system equals consent of the employee and passwords are for external security only, not for the privacy of the user. All passwords must be disclosed upon request.

Puckett reminded his audience that companies must have a system and policy in place for storage, backup and retrieval of electronic documents, including emails.

He also noted that federal rules require production of all electronic evidence unless it is cost prohibitive.

Plan ahead, Puckett said, consult with computer personnel. Do not destroy documents related to pending or known claims or litigation. Anything can be retrieved if a part is willing to spend the money.

Controlling the social networking is impossible, Puckett said. The best way to control difficulties is to have a clearly stated policy in place, train everyone about the rules and make certain they are enforced equally.

ENTIRE ARTICLE

Popularity: 78% [?]

By Scott Campbell, ChannelWeb 

Do you work for a company that allows access to Facebook and Twitter during company time? If so, consider yourself lucky.
A new study by Robert Half Technology found that 54 percent of CIOs said their firms do not allow employees to visit social networking sites for any reason while at work.

Nineteen percent of the survey’s 1,400 respondents said social networking is permitted for business purposes only. Another 16 percent allow limited personal use and only 10 percent give employees free rein regarding Facebook, MySpace, Twitter and other sites.

Dave Willmer, executive director of Robert Half Technology, said many companies believe social networking may divert employees’ attention away from more pressing priorities.

“For some professions, however, these sites can be leveraged as effective business tools, which may be why about one in five companies allows their use for work-related purposes,” Willmer said in a statement.

Thomas Smith, CTO at The Public School and Public Education Employee Retirement Systems of Missouri, Jefferson City, Mo., said social networking in a corporate environment is a difficult puzzle to solve. His company currently blocks all access, but hosts an Internet cafe with five workstations on a separate VLAN where employees can access any site.

“This has quenched a lot of the thirst for Facebook in our firm,” Smith said. “Our concern is centered around security and not so much on productivity. Our COO is very eager to get a Facebook presence for our firm so we are actively pursuing workable solutions.”

The organization is implementing some new security layers that might lead to more access, Smith said. “Unfortunately, there are too many security flaws associated with these types of sites right now,” he said.

Meanwhile, Gary Allen, CTO at the Amarillo (Texas) Independent School District, also said his organization blocks social networking for security and liability reasons. He advises teachers and other staff to keep any correspondence professional and to avoid interaction with students, he said.

Robert Half Technology’s Willmer agreed that employees should always seek to exercise caution, no matter how lenient their company’s policy.

“Professionals should use common sense even outside of business hours. Regrettable posts can be a career liability,” he said in a statement.

ENTIRE ARTICLE

Popularity: 91% [?]