In an August 11 article in Bank Info Security, Upasana Gupta writes that it’s impossible to overestimate the impact of social media.

Popular sites such as Facebook, LinkedIn and Twitter have had a phenomenal impact in the workplace – both as a corporate channel for communication and marketing, as well as a vehicle for employees to communicate both professionally and personally.

The latter is a key point.  According to a new survey conducted by Trend Micro, employees increasingly are using social networks while in the office and on the clock.

It is debatable how much the rise in social networking has compromised employee productivity, but it’s indisputable that much of this activity is occurring in the absence of formal policies.

“In its simplest terms, there is anarchy in the absence of social media policy and training,” says John Pironti, ISACA board member and president of IP Architects, LLC.  “Without proper direction and clarity, it is hard to enforce appropriate consequences on someone.”

Because of this anarchy, organizations are starting to take action.  Fear of compromised productivity, reputational damage, data loss and inappropriate behavior is leading many employers to introduce strict controls on staff access to social media sites.  Robert Half Technology, an IT staffing company, recently reported that 54 percent of U.S. companies have banned workers from using social networking sites while on the job.  The study found that 19 percent of companies allow social networking use only for business purposes, while 16 percent allow limited personal use.

ENTIRE ARTICLE (Click Here)

Popularity: unranked [?]

Darrell Smith from the Sacramento Bee writes that companies are swarming social networking sites, including Facebook and Twitter, hoping to boost their brands, connect with customers and even find new employees.  

But they’re also struggling to rein in potential problems.  Employers cringe at the thought of employees revealing proprietary information, hackers making mischief or a roomful of workers busy reconnecting with old high school friends on Facebook instead of doing their jobs.

The ubiquity of social networking – 77 percent of workers have a Facebook account, for example, and 61 percent of those access Facebook on the job, according to Boston-based Nucleus Research – complicates matters.

Nucleus Research last July estimated that on-the-job use of Facebook alone costs companies 1.5 percent of total employee productivity.

Policies on employee use of social networks are all over the map, from total bans on Internal access to no policy at all.

A 2009 survey by the Minneapolis-based Society of Corporate Compliance and Ethics found that just one in three businesses have a general policy for employee online activity including use of social networks.

“Most (employers) are playing catch-up on this,” said Alden Parker, an employment attorney at Sacramento law firm Balsam Parker.  “You have to make sure that you’re not losing employee hours to these time-sucking activities.”

ENTIRE ARTICLE (Click Here)

Popularity: unranked [?]

by Joan Goodchild, Senior Editor, CSO

You may be a champ at Mafia Wars and Farmville, but what do you know about the security risks of social media sites?

The collaboration and sharing made possible by Web 2.0 technologies also bring along a specific set of risks. In Slapped in the Face: Social Networking Dangers Exposed, security researchers Nathan Hamiel and Shawn Moyer explain how attacks are made easy because of the very nature of these sites, where users can upload and exchange pictures, text, music and other types of information with little effort.

“Social networking sites are meant to get as many users in one place as possible on one platform, and for attackers there’s a lot of return-on-investment in going after them,” Moyer said, describing the climate as a perfect storm of social engineering and bad programming.

In this guide, we outline the many risks posed by social media sites and social networks, and how to keep yourself and others from falling victim to a scam or security hole.

• How common are scams and hacks on social networks?
• What are the most basic risks involved?
• Give me some examples of this type of scam.
• If my company allows employees to use social media and access networking sites, should we have a social media security policy in place?
• New scams and threats pop up all the time. How can employees stay on top of these new concerns?

 

How common are scams and hacks on social networks?

In 2009, Facebook officials announced they had surpassed 300 million users. Twitter claims to have 6 million unique monthly visitors and 55 million monthly visitors. With that kind of reach, it’s not surprising that criminals view these sites as a great venue for finding victims. As a result, security stories about Twitter and Facebook have dominated the headlines in the past 12 months. In one high-profile story from 2009, hackers managed to hijack the Twitter accounts of more than 30 celebrities and organizations, including President Barack Obama and Britney Spears (See: Hackers Hijack Obama’s, Britney’s Twitter Accounts. Hacked accounts had been used to send malicious messages, many of them offensive. According to Twitter, the accounts were hijacked using the company’s own internal support tools.

Twitter has also had problems with worms as well as spammers who open accounts and then post links on popular topics that actually link to porn or other malicious sites. Facebook, too, is regularly chasing down new scams and threats.

Both sites have been criticized for their lack of security, but have made improvements in recent months. Facebook, for example, now has an automated process for detecting issues in Facebook users’ accounts that might indicate malware or hacker attempts. The site also recently announced a partnership with security software vendor McAfee aimed at improving security for Facebook users. See: Facebook, McAfee Team on Facebook Security Effort.

What are the most basics risks posed by social media and social networking?

 

Password sloth is a simple and prevalent mistake by users of social networking sites. As described in Seven Deadly Sins of Social Networking Security, password sloth refers to using the same password on all sites—if that password is discovered via a hack or accidental leak on one site, it provides hackers a way into all the other sites. In a worst case scenario, it might mean a Twitter password hack gives someone the key to your online banking account.

Plain old TMI—too much information. It’s a great idea to let your neighbors know you’re headed out on vacation so they can keep an eye on your house or apartment. It’s NOT a great idea to post those vacation plans on public Internet sites. It’s also not a great idea to freely reveal lots of personal details&your birthday, your town of birth, your family tree—as that information can be used for identity theft.

(continued)

Your personal brand is another thing to consider in your online interactions.

Don’t engage in “Tweet rage”. Scott Hayes, president and CEO of Database-Brothers Inc., notes that “Posting any content when angry is about as dangerous as sending flaming emails, if not more so. Think twice about clicking ’submit’ because the world may be looking at your angry, immature rant for years.”

That include present and potential future employers, your parents, your kids, your co-workers. Think before you post.

Another risk to consider is your company’s brand and reputation. Can you be sure your employees aren’t leaking data, either intentionally or unintentionally, on social network sites? Can you be sure they are not disparaging your brand? According to legal expert Michael Overly, new FTC guidelines that went into effect on December 1, 2009, may impose liability on businesses for statements their employees make on social networking sites, as well as personal blogs, and other sites  even if the company had no actual knowledge those statements were being made. See Overly’s blog for more information on the new rules.

Then there is a big set of risks that we can put under the general heading of scams. These are active attempts by bad guys to get you to do one of two things:
- Share information you shouldn’t (passwords, sensitive data, company secrets) or
- Click on a link you shouldn’t (because it leads to a website infected with malware).

Give me examples of this type of scam.

In 5 Facebook, Twitter Scams to Avoid and 5 More Facebook, Twitter Scams to Avoid we outline many examples of the types of come-on scammers use, including:

Secret details about Michael Jackson’s death!
People love gossip and celebrity news is always a hit. These scams often claim to have secret information on a celeb and include links that actually lead to malicious sites or that install malware onto a computer.

I’m trapped in Paris! Please send money.
Known as a 419 scam, fraudsters break into Facebook accounts accounts and then message the victims “friends” asking for money.

OMG! Did you see this picture of you?
Both Facebook and Twitter have been plagued by several phishing scams that involve a question that piques the user’s interest and then directs them to a fake login screen.

(continued)

Test your IQ
Facebook members often add quirky applications that allow them to take quizzes and fill out polls. One recently caused members to unwittingly subscribe to a text messaging service that cost approximately $30 a month.

Join State University’s Class of 2013 Facebook group
A college guide book publisher called College Prowler was recently criticized for creating Facebook communities for students in the class of 2013 that appeared to be organized by their college or university, but were not.

Tweet for cash!
This scam takes many forms. “Make money on Twitter!” and “Tweet for profit” are two common come-ons security analysts say they’ve seen lately.

Ur Cute. Msg me on MSN
The sexual solicitation is a tactic spammers have been trying for many years via email, said Graham Cluley, senior technology consultant with U.K.-based security firm Sophos. In the updated version of this ruse, Twitter “tweets” that feature scantily-clad women and include a message embedded into the image, rather than in the 140-character tweet itself.

Protect your family from swine flu
Bad guys will always take advantage of what is in the headlines, such as the world’s concern over swine flu, to snare unsuspecting users. These days it is even easier for a user to end up clicking on a bad link looking for news because of the prevalent use of the shortened URL (See: New Spam Trick: Shortened URLs).

Mike Smith commented on your post!
Reading friends’ comments is one of the major features of Facebook. But some malicious applications have names such as “Your Photos” and “Post” and begin with a notification that someone has “commented on your post.” However, once the user clicks on that notification, they are lead to a harvesting site called “fucabook.com” which looks like a Facebook log-in page and asks users to enter their log-in information in order to “enjoy the full functionality” of the application. It then steals that log-in information and then spams friends.

Amber alert issued!!
This one is not so much as scam as it is a hoax. Amber alerts are pasted into status updates that turn out to be untrue.

If my company allows access to social media sites, should we have a social media security policy in place?

IANS, a Boston-based research company that focuses on information security, regulatory compliance and IT risk management, surveyed companies in 2008 and found most did not have a security policy in place with regard to social media. But the same survey conducted just a year later in 2009 turned up a dramatic increase. Policies might touch upon appropriate usage of social media and networking sites at work as well as the kind of conduct and language an employee is allowed to use on the sites.

“We saw about a third of the audience now has something in place and another large percentage is considering these kinds of policies,” said Jack Phillips, IANS co-founder and CEO.

Specifically, just under ten percent of respondent enterprises said their social media policy was fully implemented and communicated in 2008. That jumped to 34 percent in 2009, with another third responding that they had either created or implemented a policy for social media use. The take away, according to Phillips, is that social media is front and center now in organizations and the discussion is taking place not only among the security team, but within marketing, sales, human resources and even executives.

Phillips believes this is an opportunity for security folks to raise their profile and take part in an important issue from its inception. He gives security pros tips in 4 Tips for Writing a Great Social Media Security Policy. The include:

1. Don’t start from scratch
The media landscape is so dynamic that if you create policy for today’s hot technology, tomorrow it will be obscure. Instead, said Phillips, use this as an opportunity to draw attention to existing policies.

2. Use social media policies to raise security awareness
“This issue is an opportunity for info sec leaders to refocus attention on information security and risk management, said Phillips.

(continued)

3. Use social media access to raise security’s positive profile within the organization
While the initial security reaction to new media is often to block, Phillips said most organization now need to consider that not only may allowing access be necessary, but also useful from an info sec perspective.

4. Be prepared for the next phase
As social media platforms come and go, some will ultimately become commonplace and integral to an enterprise. While creating entire new policies around social media doesn’t make sense right now, at some point, said Phillips, it will become necessary for policies to be more specific.

New scams pop up all the time. How can employees stay on top of these new threats?

The threats posed by social media and social networks are ever evolving, so it’s important to keep users up to date on what the latest and greatest “come-ons” might be as part of a solid security awareness program. In 9 Dirty Tricks: Social Engineers Favorite Pick Up Lines we lay out some of the underlying tactics seen on social networks. And, to help users identify what THEY might be doing wrong, mistakes folks make using social networks are outlined in Seven Deadly Sins of Social Networking Security.

As with many security slip-ups, the mistake, and the lesson that needs to be learned, often goes back to the individual. As Peter Soderling points out in Why a Twitter Hack is NOT a Cloud Security Wake-up Call, many of the hacks that take place on these sites are the result of weak passwords. Check out these tips for How to Write Great Passwords for great advice to give users when it comes to creating secure log-in credentials.

ENTIRE ARTICLE

Popularity: unranked [?]

 

By: Staff Writer

Over the past decade, there has been a technological revolution in the workplace as businesses have increasingly turned to technology as the primary tool to communicate, conduct business, and store information.  As the use of technology has increased, so has the concern of employers that their technology resources may be abused by employees.  As a result, companies have developed various “computer conduct” policies and implemented strategies to monitor their employees’ use of e-mail, the Internet, and computer files. National surveys have reported that many companies are engaged in such practices. Federal and state laws and judicial decisions have generally given private sector companies wide discretion in their monitoring and review of employee computer transmissions, including the Internet and e-mail. However, some legal experts believe that these laws should be more protective of employee privacy by limiting what aspects of employee computer use employers may monitor and how they may do so. 

No matter where people stand on the issue of privacy, one thing continues to be critical in the courts, in the media and in the work place.  Employers are expected to clearly communicate the organizations position to employees as it pertains to employee conduct and privacy.

As an employer, one of the challenges has been keeping up with written policies that describe and make clear what the employee should know about the organizations expectations of technology use when the technologies available change at such a rapid rate.  Many organizations have an “Email Policy” an “Internet Use Policy” a “Communications Policy” and often a general section outlining general office technology use in an “Employee Handbook”. 

The situation above has developed because organizations tend to layer additional policies as new technologies present themselves in the work place.  As a response to this situation, more and more organizations are creating a single “Technology Use Policy” that pertains to all of the various technologies and communication mediums in the organization. 

There is now a broad enough understanding of the interaction between employees and the internet enabled world to refine the employer’s expectations in a single “Technology Use Policy” that will address elements such as email, webmail, web surfing, telephone/cell phones, social networking sites (i.e. Facebook, YouTube, Twitter etc.), Blogs, instant messaging (IM) and texting.

The courts, specific industry associations and experts agree that establishing a comprehensive policy on employee technology use is incomplete without strategies to disseminate the information. Experts pointed out that informing employees about these policies not only established the limits of employee expectations about privacy but also allowed the employee the opportunity to conform their behavior to the circumstances of having limited privacy.  Don’t allow your organization to send conflicting messages to employees because technology specific policies have been layered on top of each other as new technologies make their way into the work place.  Focus on replacing multiple policies with a single “Technology Use Policy”.

Popularity: 51% [?]

 

Lora Bentley

Social networking is part of the new normal in business, according to Gartner. Understandably, not every company can go so far as, say, Zappos.com or Southwest Airlines in their enthusiasm. But it’s also not smart to ignore it. At some level, employee use of social networking tools should be addressed and a policy adopted.

In fact, just a couple of weeks ago, a friend noted that he had attended a seminar on social media in business and found it very helpful. One of the attorneys who presented that seminar is Mitzi Wyrick, from the Louisville offices of Wyatt, Tarrant & Combs. After looking at the slide deck my friend sent my way, I contacted Wyrick. Tuesday, I got the chance to speak with her.

Essentially, she said, employers have two choices when it comes to employee use of social networking tools on company time: They can ban it completely, or allow it and decide how they’re going to regulate it.

“In some ways I think it’s easier to treat social networking use the same way the company treats employee Internet use,” she told me. “If they’re allowed to use it, as long as they’re not using it excessively, social networking shouldn’t be any different.”

But there are certain things companies should be mindful of when creating their social networking policies. They want to protect their intellectual property, so employees shouldn’t be posting about things they’re working on, Wyrick said. Policies should also prohibit harrassment or discrimination against other employees, as well as posting “anything that would cast the company in a bad light.”

Once the policy is created, employers should communicate it to employees. Post it in the breakroom, include it in the employee handbook, distribute it separately in a memo or a letter. And have employees sign to acknowledge that they’ve received it and read it. That way, Wyrick said, you avoid situations later where an employee says he doesn’t understand why you’re disciplining him since he didn’t even know there was such a policy.

After the policy has been created and communicated, it must be consistently enforced. It does no good to have a policy if some violations have consequences and others do not. Not that someone has to devote all of his or her time to monitoring employee activity on different social networking sites. In fact, Wyrick said she wouldn’t recommend that. But once the company becomes aware of a post that violates company policies, it must be addressed in accordance with the policy. Then, the second (and third, fourth, etc.) time that kind of violation occurs, it must be addressed in the same way as the first.

ENTIRE ARTICLE

Popularity: 68% [?]

 

By Scott Campbell, ChannelWeb 

Do you work for a company that allows access to Facebook and Twitter during company time? If so, consider yourself lucky.
A new study by Robert Half Technology found that 54 percent of CIOs said their firms do not allow employees to visit social networking sites for any reason while at work.

Nineteen percent of the survey’s 1,400 respondents said social networking is permitted for business purposes only. Another 16 percent allow limited personal use and only 10 percent give employees free rein regarding Facebook, MySpace, Twitter and other sites.

Dave Willmer, executive director of Robert Half Technology, said many companies believe social networking may divert employees’ attention away from more pressing priorities.

“For some professions, however, these sites can be leveraged as effective business tools, which may be why about one in five companies allows their use for work-related purposes,” Willmer said in a statement.

Thomas Smith, CTO at The Public School and Public Education Employee Retirement Systems of Missouri, Jefferson City, Mo., said social networking in a corporate environment is a difficult puzzle to solve. His company currently blocks all access, but hosts an Internet cafe with five workstations on a separate VLAN where employees can access any site.

“This has quenched a lot of the thirst for Facebook in our firm,” Smith said. “Our concern is centered around security and not so much on productivity. Our COO is very eager to get a Facebook presence for our firm so we are actively pursuing workable solutions.”

The organization is implementing some new security layers that might lead to more access, Smith said. “Unfortunately, there are too many security flaws associated with these types of sites right now,” he said.

Meanwhile, Gary Allen, CTO at the Amarillo (Texas) Independent School District, also said his organization blocks social networking for security and liability reasons. He advises teachers and other staff to keep any correspondence professional and to avoid interaction with students, he said.

Robert Half Technology’s Willmer agreed that employees should always seek to exercise caution, no matter how lenient their company’s policy.

“Professionals should use common sense even outside of business hours. Regrettable posts can be a career liability,” he said in a statement.

ENTIRE ARTICLE

Popularity: 91% [?]

Managing Social Media Risks

By Bridget McCrea

Name an online social networking site, and there are liable to be thousands of teachers, administrators, and students using it connect with people. Whether it’s Facebook, MySpace, Twitter, or one of the more “specialized” online venues, all are replete with individuals looking to tap into the growing social networking wave.

Like any new, uncharted innovation, online social networking comes with risks not associated with many “traditional” ways of connecting with people. Unintentionally offend someone in person at a bookstore, for example, and the repercussions are likely to be minimal. But post a photo that others deem “offensive” on your Facebook page, and you could risk alienating others and even setting yourself up for potential lawsuits.

In her recent report, “Risk Management and Social Media: A Paradigm Shift,” Maureen O’Neil, president of the International Development Research Centre (IDRC), called social media tools like blogs, message boards, and social communities the “fastest growing segment” of Web content. “These forms of social networking upend the traditional form of top-down information dispersal because information freely flows in and out of an organization,” said O’Neil.

The problem is that social media can expose organizations to significant risk, not the least of which is serious reputation damage, said O’Neil. That’s because social media is still largely the “Wild Wild West” of the Internet: It’s widely used, yet there are technically no set rules attached to it in terms of conduct. The good news is that institutions can take an active approach to influence and counteract their schools, students and teachers that are portrayed on these social media sites.

“That requires businesses to create an Internet reputation risk management plan that addresses what visitors to your site express, what your employees share on other sites and most significantly what things are said about your organization on sites over which you have no direct control,” said O’Neil. She suggested organizations actively engage on social network venues to understand how reputation can be impacted by the interactions, and then gather information on the social media activities under consideration.

From there, assess the areas of vulnerability, create counteraction plans, and communicate them to employees. Dedicate at least one employee to the monitoring of your online reputation, remarked O’Neil, and build a process to identify new reputation risk elements as social media evolves.

“The risks organizations face as a result of participating in social media are real, but so too are the benefits,” she said. “Don’t let risk blind you from taking advantage of the transformational communication opportunities that arise from social media.”

For schools, the need for risk management is especially high because teachers, students, and administrators alike are enjoying the benefits of connecting with one another online. Whether administrators are posting information about a recent school event, teachers are bouncing ideas off of one another, or students are posting photos of their weekend events, all of the information being shared is available for anyone to see and comment on.

The single biggest risk in social media circles is undoubtedly the participant’s utter lack of control over where the information is going, how it will be posted, and who is going to be able to access it. To avoid potential problems in this area, pay particular attention to what pages that online information is linked to, what types of pages are attached to the information, and which photos are included.

Schools looking to beef up their social media risk management strategies can start by setting up guidelines around their employees’ and students’ use of sites like Facebook, MySpace, and Twitter, to name just a few. Stress the fact that, once posted online, comments and photos “never go away,” even if the individual poster deletes them.

Sarah Evans, an Internet marketing consultant and director of communications for Elgin Community College in Elgin, IL, said schools should pay particular attention to the feedback being posted about the institution and its students and teachers. Assign someone to “search” the various sites (for the school’s name, for example) on a regular basis to essentially “police” the institution’s brand and make sure it’s being represented properly in the social media.

“You want to make sure that you’re portraying the same experience online that you do when people enter your institution’s doors,” said Evans, who pointed out that all social media sites incorporate a “search” function that allows users to type in keywords and “see what people are talking about in real-time, online.”

Also check out exactly what the content looks like before exposing it to the rest of the world. (If one of your teachers has his or her own Facebook page, pull it up online and see what it looks like to others.) Pay attention not only to the teacher’s or student’s own comments and postings, but also to the feedback being posted by “friends” who are reading–and commenting on–those social networking activities.

Keep an eye out for information that could be construed as defamatory or that could evoke offensive or overly negative comments (via a blog, for example) from the people who are participating in the online social circles.

Also pay attention to copyright and intellectual property right infringement–two lines that are fairly easy to cross on the Internet, where content appears to be “free” for all. The reproduction of an article, document, or photo, for example, can easily trigger a claim of copyright infringement.

By taking an active approach to risk management, schools will be better prepared to deal with such issues, if and when they come up. Unfortunately, many organizations and institutions prefer to ignore the problem. Eddie Schwartz, chief security officer at Internet security monitoring firm NetWitness in Herndon, VA, said institutions that choose to turn a blind eye to the social media sector are doing themselves a disservice that could, at some point in the future, turn into a much larger problem.

“Schools don’t necessarily have to use a ‘Big Brother’ approach,” said Schwartz, “but they must develop guidelines for using these sites, monitor how they’re used, and figure out what to do when the lines are crossed.”

Popularity: 93% [?]

By Jonathan Hyman

From businessmanagementdaily.com

 

According to a recent survey, 22% of employees say they use some form of social networking five or more times per week, and 15% admit they access social media while at work for personal reasons. Yet, only 22% of companies have a formal policy that guides employees in how they can use social networking at work. Here are seven key questions to ask when drafting a social networking policy for your workplace.

Cave drawings were the earliest form of social networking. Today people tweet their thoughts for the world to see. In between, we’ve had instant messaging, MySpace, Facebook and blogs. Online social networking is here to stay—the only change will be in what form it takes.

According to a recent survey conducted by Deloitte, 22% of employees say they use some form of social networking five or more times per week, and 15% admit they access social networking while at work for personal reasons.

Yet, only 22% of companies have a formal policy that guides employees in how they can use social networking at work.

Before we can figure out what to do about these exploding media at work, we need to know exactly what we are dealing with. So, for the uninitiated, here is a short lesson on the various types of social networking likely being accessed from your workplace right now.

• Blogs: Blog is short for weblog. Blogs either provide commentary on news or a particular subject or serve as an online diary. There are hundreds of millions of blogs on the Internet, many updated every day.

• Facebook: Facebook started as an online tool for college and university students to connect with each other. It has since expanded to allow anyone over the age of 13 with a valid e-mail address to open a free account. It is loosely organized into a variety of networks based on schools, location, employers, charities and other causes. Connections are known as “friends.” People update with short written blurbs about what they’re doing as well as pictures, video and the like. Facebook has over 200 million registered users. Even my mom has a Facebook page.

• LinkedIn: LinkedIn is an online network for professionals. It allows people to search and connect via alma mater, location, employer or various user-created groups. It has over 41 million members.

• Twitter: Twitter is the latest big thing in social networking. It is known as “micro-blogging.” “Tweets” are text-based posts of up to 140 characters, displayed on the user’s profile page and delivered to followers—other users who have subscribed.

I could draft a perfect social-networking policy to cover these new media using only a few words: “Be mature, be ethical and think before you type.”

Ultimately, you may decide that such brevity is what you want for your business.

For the sake of completeness, though, review the section below to consider the seven most important questions when drafting a social-networking policy.

1. How far do you want to reach? Social networking presents two concerns for employers—how employees are spending their time at work, and how employees are portraying your company online when they are not at work. Any social-networking policy must address both types of online use.

2. Do you want to permit social networking at work at all? It is not realistic to ban all social networking at work. For one thing, you will lose the benefit of business-related networking. Further, a blanket ban is also hard to monitor and enforce.

3. If you prohibit social networking, how will you monitor it? Turning off Internet access, installing software to block certain sites, or monitoring employees’ use and disciplining offenders are all possibilities, depending on how aggressive you want to be and how much time you want to spend watching what your employees do online.

4. If you permit employees to social network at work, do you want to limit it to work-related conduct or permit limited personal use? How you answer this question depends on how you balance productivity versus marketing return.

5. Do you want employees to identify with your business when networking online? Employees should be made aware that if they post as an employee of your company, the company will hold them responsible for any negative portrayals.

Or, you could simply require that employees not affiliate with your business and lose the networking and marketing potential Web 2.0 offers.

6. How do you define “appropriate business behavior?” Employees need to understand that what they post online is public, and they have no privacy rights in what they put out for the world to see. Anything in cyberspace can be used as grounds to discipline an employee, whether the employee wrote it from work or outside of work.

7. How will social networking intersect with your broader harassment, technology and confidentiality policies?

Employment policies do not work in a vacuum. Employees’ online presence—depending on what they are posting—can violate any number of other corporate policies. Drafting a social networking policy is an excellent opportunity to revisit, update and fine-tune other policies.

Entire Aricle

 

Popularity: 98% [?]

 

Productivity tool or security headache? Like instant messaging and e-mail before it, social networking can be a great tool but can also cause concern in companies that haven’t learned to adapt – and real trouble to companies that haven’t learned how to manage it.

Enterprises are beginning to adopt social networking applications to offer a fast, easy-to-use way to keep in touch, organise activities and share ideas. Whether businesses like it or not, employees (especially younger ones) are signing up for these tools regardless of whether it’s company policy or not, and forcing the businesses to play catch up. Because of this, there are three major concerns that are keeping IT up at night.

First, consumer applications can cut into employee productivity for hours at a time. Second, social networking sites can become vectors for viruses, hacker attacks and phishing. Finally, social networking image, audio and video traffic steal bandwidth from business uses.

So, how are IT administrators supposed to control this problem? There aren’t many model companies to follow in terms of company-wide social networking deployments. A few pioneering companies have opened their doors to social networking on corporate networks such as Shell Oil, Procter & Gamble and General Electric maintain social networking accounts. An exclusive Citigroup Facebook network has almost 2,000 members.

When you look at the usage statistics, peer-to-peer (P2P) networks have millions of users sharing photos, software, music and video. Social networking reaches even further: MySpace claims more than 61 million active users; Facebook more than 65 million. The Pew Research Center estimates that half of online adults have used these services to connect with people they know.

There are also organisations actively working against social networking. As the nature of government information is often sensitive, social media tools are a big concern for many government organisations. For instance, in May 2007, the U.S. Army blocked URLs for MySpace and 12 other “entertainment” sites from their U.S. and overseas networks, referring bandwidth and security concerns.

Interactive communities such as YouTube, LinkedIn, Facebook and many others are a perfect target for hackers to plant malicious worms and viruses masked as legitimate user content, and present the potential for inadvertent leakage or misuse of mission-critical data. But these tools can be important for instant communication to spread government information internally and between the organisations, yet monitoring public opinion, there is a long way to pass over these concerns. For this reason, rather than rushing into new decisions to implement these social networking tools, there should be a cautious approach to ensure the right technology pieces are in place to enforce appropriate protection, access and use. There are many technology solutions available to organisations to let them support access to social media tools while enforcing strict control over network traffic to protect information assets and avoid data loss.

The decision to block or allow consumer applications is not black or white. Policies vary according to user, application, security requirements and network infrastructure. There are steps that organisations can take to let social networking into the network securely.

Application-based policies – Blocking applications may address this issue. However, modern consumer applications are designed to work on many different network infrastructures. This makes them hard to detect and regulate. The policies should also enable applications that offer business value – without compromising quality of service (QoS)
Corporate policies – Although few organisations will apply policies without exception across their entire network, most start by establishing general guidelines. Blanket policies that block or regulate all peer-to-peer traffic can then be adapted to support authorised exceptions, while continuing to regulate or block the rest.
User policies – Even when policies are consistent across a network or network leg, they may vary from one user category to the next. Users can be categorised many ways. For example, categories of users can be employees, contractors and/or partners. In general, policies for employees may resemble overall network permissions, contractors will likely have access to a subset of those applications, and partners may have access only to specific applications. The challenge is where and how to enforce user-based policies.
Balancing requirements
Whether your company has identified a business need for social networking applications or simply decided to get ahead of the trend, managing consumer applications on corporate networks is a matter of balancing four priorities: Security, Quality of Service, Visibility and Control.

No single set of policies can meet these requirements for every business. By deploying a combination of policy-centric and interoperable technology solutions, organizations can customise their security profile and reflect their uniqueness of individual networks, and they can grant access when, where and to whom they want adapting permissions and defenses as required to counteract internal and external threats.

Now is the time to put these controls in place because, like entropy, the pace of technological change is always increasing. No sooner have we become accustomed to the ideas of Web 2.0 than we are turning our attention to Web 3.0 and beyond. With these changes we are faced with opportunities and challenges, don’t let evolution pass you by.

Entire Article

Popularity: 74% [?]

 

Posted by: Rachael King on May 17

As more employees start to use Twitter and Facebook, executives are becoming increasingly concerned with the message their digitally savvy workers are conveying to the public. A new survey from Deloitte underscores the growing role of social networks and the dilemma they present for corporations that spend huge amounts to burnish their image. The professional services firm found that 60 percent of the executives interviewed believe they have a right to know how employees portray themselves and their organizations. Employees, on the other hand, bristle at the thought that employers would monitor their online activity. Overall, about 53 percent say their social networking activities should not be any concern of their employer, although about 74 percent recognize that social networks make it easier to damage a company’s reputation.

Few companies have given employees guidelines about how to use social networks. “We found a high percentage of employers who are thinking about what they should do but not a high percentage of employers who have concluded what those procedures and policies should be,” says Deloitte Chairman Sharon Allen.

Some news organizations have issued guidelines but there’s little agreement about what those rules should be. Last week, my colleague Diane Brady wrote about The Wall Street Journal’s ground rules for how employees should use social networking sites such as Twitter. Editor & Publisher noted that the WSJ guidelines included the warning that “business and pleasure should not be mixed on services like Twitter.” Editor & Publisher followed up with a report on how different newspapers have issued a variety of guidelines and quoted this policy from the Los Angeles Times, “Assume that your professional life and your personal life merge online regardless of your care in separating them. Don’t write or post anything that would embarrass the LAT or compromise your ability to do your job.”

As a reporter and an employee, I often think about what is appropriate to tweet. In my case, my Twitter account started out as a personal account and I kept it private. I didn’t use my own name for fear that my editors might not like it. While reporting a story about how companies were using Twitter for branding purposes, a number of sources convinced me to take my account public to get the most value out of Twitter. Shortly after that, John Byrne, the editor-in-chief of BusinessWeek.com joined Twitter and then published a blog post listing all the BusinessWeek writers and editors on Twitter. I feel really fortunate to work for a news organization that embraces Twitter and actually encourages reporters to use it.

Having my editors and colleagues follow me on Twitter and Facebook probably makes me more cautious. But, I’m not yet ready to abandon my personal life when I tweet. My personal life is tame and I figure if people know I have a family and a dog or that I’m a geek who saw Star Trek on opening day, it doesn’t compromise my ability to be a reporter. I hope it makes me seem human and approachable.

What do you think? Should employers have a say in what workers share on social networking sites?

Entire Article

Popularity: 62% [?]