In an August 11 article in Bank Info Security, Upasana Gupta writes that it’s impossible to overestimate the impact of social media.

Popular sites such as Facebook, LinkedIn and Twitter have had a phenomenal impact in the workplace – both as a corporate channel for communication and marketing, as well as a vehicle for employees to communicate both professionally and personally.

The latter is a key point.  According to a new survey conducted by Trend Micro, employees increasingly are using social networks while in the office and on the clock.

It is debatable how much the rise in social networking has compromised employee productivity, but it’s indisputable that much of this activity is occurring in the absence of formal policies.

“In its simplest terms, there is anarchy in the absence of social media policy and training,” says John Pironti, ISACA board member and president of IP Architects, LLC.  “Without proper direction and clarity, it is hard to enforce appropriate consequences on someone.”

Because of this anarchy, organizations are starting to take action.  Fear of compromised productivity, reputational damage, data loss and inappropriate behavior is leading many employers to introduce strict controls on staff access to social media sites.  Robert Half Technology, an IT staffing company, recently reported that 54 percent of U.S. companies have banned workers from using social networking sites while on the job.  The study found that 19 percent of companies allow social networking use only for business purposes, while 16 percent allow limited personal use.

ENTIRE ARTICLE (Click Here)

Popularity: unranked [?]

Darrell Smith from the Sacramento Bee writes that companies are swarming social networking sites, including Facebook and Twitter, hoping to boost their brands, connect with customers and even find new employees.  

But they’re also struggling to rein in potential problems.  Employers cringe at the thought of employees revealing proprietary information, hackers making mischief or a roomful of workers busy reconnecting with old high school friends on Facebook instead of doing their jobs.

The ubiquity of social networking – 77 percent of workers have a Facebook account, for example, and 61 percent of those access Facebook on the job, according to Boston-based Nucleus Research – complicates matters.

Nucleus Research last July estimated that on-the-job use of Facebook alone costs companies 1.5 percent of total employee productivity.

Policies on employee use of social networks are all over the map, from total bans on Internal access to no policy at all.

A 2009 survey by the Minneapolis-based Society of Corporate Compliance and Ethics found that just one in three businesses have a general policy for employee online activity including use of social networks.

“Most (employers) are playing catch-up on this,” said Alden Parker, an employment attorney at Sacramento law firm Balsam Parker.  “You have to make sure that you’re not losing employee hours to these time-sucking activities.”

ENTIRE ARTICLE (Click Here)

Popularity: unranked [?]

by Joan Goodchild, Senior Editor, CSO

You may be a champ at Mafia Wars and Farmville, but what do you know about the security risks of social media sites?

The collaboration and sharing made possible by Web 2.0 technologies also bring along a specific set of risks. In Slapped in the Face: Social Networking Dangers Exposed, security researchers Nathan Hamiel and Shawn Moyer explain how attacks are made easy because of the very nature of these sites, where users can upload and exchange pictures, text, music and other types of information with little effort.

“Social networking sites are meant to get as many users in one place as possible on one platform, and for attackers there’s a lot of return-on-investment in going after them,” Moyer said, describing the climate as a perfect storm of social engineering and bad programming.

In this guide, we outline the many risks posed by social media sites and social networks, and how to keep yourself and others from falling victim to a scam or security hole.

• How common are scams and hacks on social networks?
• What are the most basic risks involved?
• Give me some examples of this type of scam.
• If my company allows employees to use social media and access networking sites, should we have a social media security policy in place?
• New scams and threats pop up all the time. How can employees stay on top of these new concerns?

 

How common are scams and hacks on social networks?

In 2009, Facebook officials announced they had surpassed 300 million users. Twitter claims to have 6 million unique monthly visitors and 55 million monthly visitors. With that kind of reach, it’s not surprising that criminals view these sites as a great venue for finding victims. As a result, security stories about Twitter and Facebook have dominated the headlines in the past 12 months. In one high-profile story from 2009, hackers managed to hijack the Twitter accounts of more than 30 celebrities and organizations, including President Barack Obama and Britney Spears (See: Hackers Hijack Obama’s, Britney’s Twitter Accounts. Hacked accounts had been used to send malicious messages, many of them offensive. According to Twitter, the accounts were hijacked using the company’s own internal support tools.

Twitter has also had problems with worms as well as spammers who open accounts and then post links on popular topics that actually link to porn or other malicious sites. Facebook, too, is regularly chasing down new scams and threats.

Both sites have been criticized for their lack of security, but have made improvements in recent months. Facebook, for example, now has an automated process for detecting issues in Facebook users’ accounts that might indicate malware or hacker attempts. The site also recently announced a partnership with security software vendor McAfee aimed at improving security for Facebook users. See: Facebook, McAfee Team on Facebook Security Effort.

What are the most basics risks posed by social media and social networking?

 

Password sloth is a simple and prevalent mistake by users of social networking sites. As described in Seven Deadly Sins of Social Networking Security, password sloth refers to using the same password on all sites—if that password is discovered via a hack or accidental leak on one site, it provides hackers a way into all the other sites. In a worst case scenario, it might mean a Twitter password hack gives someone the key to your online banking account.

Plain old TMI—too much information. It’s a great idea to let your neighbors know you’re headed out on vacation so they can keep an eye on your house or apartment. It’s NOT a great idea to post those vacation plans on public Internet sites. It’s also not a great idea to freely reveal lots of personal details&your birthday, your town of birth, your family tree—as that information can be used for identity theft.

(continued)

Your personal brand is another thing to consider in your online interactions.

Don’t engage in “Tweet rage”. Scott Hayes, president and CEO of Database-Brothers Inc., notes that “Posting any content when angry is about as dangerous as sending flaming emails, if not more so. Think twice about clicking ’submit’ because the world may be looking at your angry, immature rant for years.”

That include present and potential future employers, your parents, your kids, your co-workers. Think before you post.

Another risk to consider is your company’s brand and reputation. Can you be sure your employees aren’t leaking data, either intentionally or unintentionally, on social network sites? Can you be sure they are not disparaging your brand? According to legal expert Michael Overly, new FTC guidelines that went into effect on December 1, 2009, may impose liability on businesses for statements their employees make on social networking sites, as well as personal blogs, and other sites  even if the company had no actual knowledge those statements were being made. See Overly’s blog for more information on the new rules.

Then there is a big set of risks that we can put under the general heading of scams. These are active attempts by bad guys to get you to do one of two things:
- Share information you shouldn’t (passwords, sensitive data, company secrets) or
- Click on a link you shouldn’t (because it leads to a website infected with malware).

Give me examples of this type of scam.

In 5 Facebook, Twitter Scams to Avoid and 5 More Facebook, Twitter Scams to Avoid we outline many examples of the types of come-on scammers use, including:

Secret details about Michael Jackson’s death!
People love gossip and celebrity news is always a hit. These scams often claim to have secret information on a celeb and include links that actually lead to malicious sites or that install malware onto a computer.

I’m trapped in Paris! Please send money.
Known as a 419 scam, fraudsters break into Facebook accounts accounts and then message the victims “friends” asking for money.

OMG! Did you see this picture of you?
Both Facebook and Twitter have been plagued by several phishing scams that involve a question that piques the user’s interest and then directs them to a fake login screen.

(continued)

Test your IQ
Facebook members often add quirky applications that allow them to take quizzes and fill out polls. One recently caused members to unwittingly subscribe to a text messaging service that cost approximately $30 a month.

Join State University’s Class of 2013 Facebook group
A college guide book publisher called College Prowler was recently criticized for creating Facebook communities for students in the class of 2013 that appeared to be organized by their college or university, but were not.

Tweet for cash!
This scam takes many forms. “Make money on Twitter!” and “Tweet for profit” are two common come-ons security analysts say they’ve seen lately.

Ur Cute. Msg me on MSN
The sexual solicitation is a tactic spammers have been trying for many years via email, said Graham Cluley, senior technology consultant with U.K.-based security firm Sophos. In the updated version of this ruse, Twitter “tweets” that feature scantily-clad women and include a message embedded into the image, rather than in the 140-character tweet itself.

Protect your family from swine flu
Bad guys will always take advantage of what is in the headlines, such as the world’s concern over swine flu, to snare unsuspecting users. These days it is even easier for a user to end up clicking on a bad link looking for news because of the prevalent use of the shortened URL (See: New Spam Trick: Shortened URLs).

Mike Smith commented on your post!
Reading friends’ comments is one of the major features of Facebook. But some malicious applications have names such as “Your Photos” and “Post” and begin with a notification that someone has “commented on your post.” However, once the user clicks on that notification, they are lead to a harvesting site called “fucabook.com” which looks like a Facebook log-in page and asks users to enter their log-in information in order to “enjoy the full functionality” of the application. It then steals that log-in information and then spams friends.

Amber alert issued!!
This one is not so much as scam as it is a hoax. Amber alerts are pasted into status updates that turn out to be untrue.

If my company allows access to social media sites, should we have a social media security policy in place?

IANS, a Boston-based research company that focuses on information security, regulatory compliance and IT risk management, surveyed companies in 2008 and found most did not have a security policy in place with regard to social media. But the same survey conducted just a year later in 2009 turned up a dramatic increase. Policies might touch upon appropriate usage of social media and networking sites at work as well as the kind of conduct and language an employee is allowed to use on the sites.

“We saw about a third of the audience now has something in place and another large percentage is considering these kinds of policies,” said Jack Phillips, IANS co-founder and CEO.

Specifically, just under ten percent of respondent enterprises said their social media policy was fully implemented and communicated in 2008. That jumped to 34 percent in 2009, with another third responding that they had either created or implemented a policy for social media use. The take away, according to Phillips, is that social media is front and center now in organizations and the discussion is taking place not only among the security team, but within marketing, sales, human resources and even executives.

Phillips believes this is an opportunity for security folks to raise their profile and take part in an important issue from its inception. He gives security pros tips in 4 Tips for Writing a Great Social Media Security Policy. The include:

1. Don’t start from scratch
The media landscape is so dynamic that if you create policy for today’s hot technology, tomorrow it will be obscure. Instead, said Phillips, use this as an opportunity to draw attention to existing policies.

2. Use social media policies to raise security awareness
“This issue is an opportunity for info sec leaders to refocus attention on information security and risk management, said Phillips.

(continued)

3. Use social media access to raise security’s positive profile within the organization
While the initial security reaction to new media is often to block, Phillips said most organization now need to consider that not only may allowing access be necessary, but also useful from an info sec perspective.

4. Be prepared for the next phase
As social media platforms come and go, some will ultimately become commonplace and integral to an enterprise. While creating entire new policies around social media doesn’t make sense right now, at some point, said Phillips, it will become necessary for policies to be more specific.

New scams pop up all the time. How can employees stay on top of these new threats?

The threats posed by social media and social networks are ever evolving, so it’s important to keep users up to date on what the latest and greatest “come-ons” might be as part of a solid security awareness program. In 9 Dirty Tricks: Social Engineers Favorite Pick Up Lines we lay out some of the underlying tactics seen on social networks. And, to help users identify what THEY might be doing wrong, mistakes folks make using social networks are outlined in Seven Deadly Sins of Social Networking Security.

As with many security slip-ups, the mistake, and the lesson that needs to be learned, often goes back to the individual. As Peter Soderling points out in Why a Twitter Hack is NOT a Cloud Security Wake-up Call, many of the hacks that take place on these sites are the result of weak passwords. Check out these tips for How to Write Great Passwords for great advice to give users when it comes to creating secure log-in credentials.

ENTIRE ARTICLE

Popularity: unranked [?]

 

Mark Ruquet with National Underwriter writes that oversight of employee Internet use is important to protect an independent insurance agency from computer viruses, legal exposures and time wasting, according to an industry expert.

Chris Borchert, business development executive with iPrevision, made his comments during the 34^th annual AMS Users Group meeting, now called Network of Vertafore Users Group (NetVU).

Mr. Borchert, whose firm is an Internet security solutions provider based in Yorba Linda, Calif., reviewed how susceptible today’s producer technology systems are to outside attacks.

He said studies show that employees can spend a lot of work time – as much as two hours of company time – on personal Internet browsing, which can amount to an average of close to $5,500 in lost productivity.

However, many employers may not realize that there are legal liabilities that such activity can expose them to, he said.  Also, activity on these sites can inadvertently expose the company’s network to viruses and malware that can infect a single computer or the entire agency system.

ENTIRE ARTICLE

Popularity: 6% [?]

 

By: Staff Writer

Over the past decade, there has been a technological revolution in the workplace as businesses have increasingly turned to technology as the primary tool to communicate, conduct business, and store information.  As the use of technology has increased, so has the concern of employers that their technology resources may be abused by employees.  As a result, companies have developed various “computer conduct” policies and implemented strategies to monitor their employees’ use of e-mail, the Internet, and computer files. National surveys have reported that many companies are engaged in such practices. Federal and state laws and judicial decisions have generally given private sector companies wide discretion in their monitoring and review of employee computer transmissions, including the Internet and e-mail. However, some legal experts believe that these laws should be more protective of employee privacy by limiting what aspects of employee computer use employers may monitor and how they may do so. 

No matter where people stand on the issue of privacy, one thing continues to be critical in the courts, in the media and in the work place.  Employers are expected to clearly communicate the organizations position to employees as it pertains to employee conduct and privacy.

As an employer, one of the challenges has been keeping up with written policies that describe and make clear what the employee should know about the organizations expectations of technology use when the technologies available change at such a rapid rate.  Many organizations have an “Email Policy” an “Internet Use Policy” a “Communications Policy” and often a general section outlining general office technology use in an “Employee Handbook”. 

The situation above has developed because organizations tend to layer additional policies as new technologies present themselves in the work place.  As a response to this situation, more and more organizations are creating a single “Technology Use Policy” that pertains to all of the various technologies and communication mediums in the organization. 

There is now a broad enough understanding of the interaction between employees and the internet enabled world to refine the employer’s expectations in a single “Technology Use Policy” that will address elements such as email, webmail, web surfing, telephone/cell phones, social networking sites (i.e. Facebook, YouTube, Twitter etc.), Blogs, instant messaging (IM) and texting.

The courts, specific industry associations and experts agree that establishing a comprehensive policy on employee technology use is incomplete without strategies to disseminate the information. Experts pointed out that informing employees about these policies not only established the limits of employee expectations about privacy but also allowed the employee the opportunity to conform their behavior to the circumstances of having limited privacy.  Don’t allow your organization to send conflicting messages to employees because technology specific policies have been layered on top of each other as new technologies make their way into the work place.  Focus on replacing multiple policies with a single “Technology Use Policy”.

Popularity: 51% [?]

 

Lora Bentley

Social networking is part of the new normal in business, according to Gartner. Understandably, not every company can go so far as, say, Zappos.com or Southwest Airlines in their enthusiasm. But it’s also not smart to ignore it. At some level, employee use of social networking tools should be addressed and a policy adopted.

In fact, just a couple of weeks ago, a friend noted that he had attended a seminar on social media in business and found it very helpful. One of the attorneys who presented that seminar is Mitzi Wyrick, from the Louisville offices of Wyatt, Tarrant & Combs. After looking at the slide deck my friend sent my way, I contacted Wyrick. Tuesday, I got the chance to speak with her.

Essentially, she said, employers have two choices when it comes to employee use of social networking tools on company time: They can ban it completely, or allow it and decide how they’re going to regulate it.

“In some ways I think it’s easier to treat social networking use the same way the company treats employee Internet use,” she told me. “If they’re allowed to use it, as long as they’re not using it excessively, social networking shouldn’t be any different.”

But there are certain things companies should be mindful of when creating their social networking policies. They want to protect their intellectual property, so employees shouldn’t be posting about things they’re working on, Wyrick said. Policies should also prohibit harrassment or discrimination against other employees, as well as posting “anything that would cast the company in a bad light.”

Once the policy is created, employers should communicate it to employees. Post it in the breakroom, include it in the employee handbook, distribute it separately in a memo or a letter. And have employees sign to acknowledge that they’ve received it and read it. That way, Wyrick said, you avoid situations later where an employee says he doesn’t understand why you’re disciplining him since he didn’t even know there was such a policy.

After the policy has been created and communicated, it must be consistently enforced. It does no good to have a policy if some violations have consequences and others do not. Not that someone has to devote all of his or her time to monitoring employee activity on different social networking sites. In fact, Wyrick said she wouldn’t recommend that. But once the company becomes aware of a post that violates company policies, it must be addressed in accordance with the policy. Then, the second (and third, fourth, etc.) time that kind of violation occurs, it must be addressed in the same way as the first.

ENTIRE ARTICLE

Popularity: 68% [?]

“I guarantee you a significant portion of that 54 percent just looked at it and said, ‘We don’t know what it is, but it looks like a waste of time and we’re just going to shut it down,’ ” said attorney Tobias Butler of the Internet and new media team in the Atlanta office of Bryan Cave LLP.

The reticence to use social media, however, may diminish quickly because the corporate world already has adopted technologies that were at one time called unnecessary employee distractions – instant messaging, e-mail and even access to the Internet itself, said Kailash Ambwani, chief executive officer of FaceTime Communications Inc., a Belmont firm that develops enterprise communications technology.

“All those technologies have paved the way,” Ambwani said. “We’re seeing a much different attitude with respect to social networking in two years than we saw with instant messaging in five years. They now recognize the Web is no longer about shopping and information, it’s about collaboration and cooperation.”

At Comcast, employee Frank Eliason took the initiative last year to use his own Twitter account to contact customers who were tweeting about service problems. Now known as “Famous Frank,” Eliason has been credited with almost single-handedly turning around Comcast’s reputation. He heads a staff of 11 who monitor social networks and offer help to customers.

During a question-and-answer session at last month’s Web 2.0 conference, Comcast’s Roberts said the Twitter strategy has played a big part in changing the corporate culture “from inside the organization, not just the top down.”

Quick change

“It’s fascinating for me to watch how quickly you can change a company,” Roberts told the audience.

Another example cited by Butler: An employee of San Diego’s Petco Animal Supplies Inc. began using social media to write about pets being dyed different colors, which turned into a controversial topic. The company found it could harness the passion of its own employees to create its own community, he said.

Butler’s team advises companies on developing a clear policy about the use of social networking by employees, both to take advantage of opportunities and to ensure their legal bases are covered.

Some Bay Area companies are seeing a wider interest in integrating social media in the workplace.

For example, Saba Software Inc., a Redwood City people management software firm, has introduced beta versions of new programs, Saba Social and Saba Impressions, which are scheduled to be released next year. The programs use social-media features such as status updates and creating networks of experts.

“To me, social networking will become the next e-mail,” said Ben Willis, Saba’s senior director of product strategy. “It will become the platform that people will use to communicate.”

Ambwani said he’s been talking to firms about FaceTime’s new United Security Gateway technology, which allows social media use while still addressing concerns about security and letting private information leak out.

One example of such concerns involved a Canadian bank that blocked social media but became the object of a wave of complaints from outraged customers about poor service on Facebook and Twitter.

Twitter firestorm

“People within the company weren’t used to dealing with these things when the firestorm broke out over Twitter,” he said. “And when they found out, they had no real mechanism to respond because they were blocked. And even if they weren’t blocked, they didn’t know how to respond.”

He’s also spoken with officials of a large brokerage that had blocked social media, but began noticing that referrals coming through brokers’ personal Facebook or LinkedIn accounts were far more likely to become clients.

“Human beings are tribal in nature,” Ambwani said. “I know that I am more likely to respond to a stranger if that stranger reaches me through Facebook or LinkedIn than my e-mail account, because I feel some connection.”

E-mail Benny Evangelista at bevangelista@sfchronicle.com.

 

 

 

This article appeared on page DC – 1 of the San Francisco Chronicle

ENTIRE ARTICLE

Popularity: 76% [?]

Ralph Schaefer

Social networking is creating workplace havoc.

Employers are faced with decisions varying from a total ban of the services to developing policies that allow the use of on MySpace, Facebook, Twitter and other new communication methods.

Employees must deal with the ability to maintain contact with people outside the workplace in a timely fashion without violating any company policies that could cost them their job.

Social responsibility on both sides is a fine line, according to Tony G. Puckett, a member of the McAfee & Taft Law Firm.

Puckett, from the Oklahoma City office, was among speakers at the LEEB (Labor & Employment and Employee Benefits) University presented by McAfee & Taft to human resource managers.

Employers always are concerned about losing sensitive information about the company that could hurt employees and damage operations, Puckett said. This technology makes it easy to leak that data. As a result, employers always are looking for ways to prevent those problems before they occur.

Employees often use the sites to vent frustrations about the company, co-workers and other workplace issues they might be experiencing at that time. Unfortunately, they sometimes also make derogatory remarks about others in the workplace, that if known to others, would be harmful.

New forms of communication, blogs, texting, microblogs — twitter — social networking sites, digital cameras, YouTube, cell phones with cameras and videos, GPS tacking on vehicles and phones are wonderful devices when properly used, he said. Facebook alone currently boasts a membership of 250 million subscribers.

Real difficulties happen when employees want their privacy on these social networks while using them on company time.

The best way to get around those difficulties is to train everyone in the company about policies and then make certain they are equally enforced, Puckett said. Standards can be put in place on workplace productivity, confidentiality of information, injury to business reputations and a reminder that digital information, unlike phone calls and letters, last forever and can show up as evidence many years later.

Putting employee expectations on the line when someone is hired can be the first step to help reduce possible breaches in any confidential information that might be shared. It is better to have these policies in place at the start of employment than later and try to make up for lost time.

Questions often raised leave employers wondering how to control work time spent on the Internet, texting, blogging and other communication methods, Puckett said. Then the question about whether or not policies are in place to legally monitor employee activity and discipline accordingly.

An important rule to remember is that electronic behavior is a means, not an end, he said. If behavior is prohibited, it is prohibited via computer as well.

The corollary is that thoughtful, well-communicated policies will set employee expectations regarding all types of workplace behavior. That is followed by a balance of a reasonable expectation of privacy with legitimate business purpose and scope.

The U.S. Constitution tops the governing laws and legal authorities that govern workplace monitoring programs. That is followed by the Federal Electronic Communications Privacy Act — Title II, the Stored Communications Act. Then there is the National Labor Relations Act, case law and Oklahoma laws protecting invasions of privacy.

That said, Puckett related a case where courts found that a workplace hidden camera was not an invasion of the employee’s privacy rights.

Everything started when the employer learned that someone in the company was using a computer for viewing pornographic material in the early morning hours. Determined to identify the culprit, a hidden camera was installed in the office that was locked after hours.

The two employees using the office sued because they felt their right to privacy had been invaded.

However, the court noted the camera was turned on only at the close of the business day and was installed for a legitimate business concern.

A Federal appeals court also held that a Washington State teacher’s blog attacking co-workers was not protected speech of public concern, but rather than the comments were ‘‘racist, sexist and bordered on vulgar,’’ and were ‘‘mean spirited.’’

Referring to the Electronic Communications Privacy Act of 1986, Puckett said that Title I protects wire, oral and electronic communications while in transit. It also protects communications held in electronic storage, most notably messages stored on computers.

General provisions of the law protect wire, oral and electronic communications form interception, access and disclosure.

Employers may not intercept a communication, that is tap a phone line; disclose or use contents of an illegally intercepted communication, or use an electronic, mechanical or other device to intercept oral communications — hide a tape recorder.

Important exceptions also are provided.

First is the employee can consent, either expressed or implied to the recording; business extension or business use and provider exception.

Oklahoma law allows one party to a telephone conversation to make a recording.

Employers are watching the electronic activity within the company according to a June 2009 study of decision-makers at companies with more than 1,000 employees.

The study showed that 43 percent reported investigating an e-mail based leak in the past 12 months; 33 percent employ staff whose exclusive job is to monitor the control of outbound e-mail, up from 24 percent in 2008; that 31 percent reported firing workers for misuse of e-mail and 8 percent reported terminating employees for use of social media, up from 4 percent a year earlier.

Various reasons were cited for the monitoring efforts including quality and reputation control; risk of defamation or invasion of privacy claims by other employees or outside parties and misappropriation of trade secrets or confidential information.

Suspicious activity by employees was given as another reason for monitoring that sometimes led to disciplining or termination of an employee.

Make certain that computer use and monitoring policies are transparent and evenly enforced, Puckett said. Employees will feel less violated when they know what will be happening and continuation of employment with knowledge of the policy is in place.

Make certain that employees understand they cannot expect privacy in company communications, he said. Use of the computer system equals consent of the employee and passwords are for external security only, not for the privacy of the user. All passwords must be disclosed upon request.

Puckett reminded his audience that companies must have a system and policy in place for storage, backup and retrieval of electronic documents, including emails.

He also noted that federal rules require production of all electronic evidence unless it is cost prohibitive.

Plan ahead, Puckett said, consult with computer personnel. Do not destroy documents related to pending or known claims or litigation. Anything can be retrieved if a part is willing to spend the money.

Controlling the social networking is impossible, Puckett said. The best way to control difficulties is to have a clearly stated policy in place, train everyone about the rules and make certain they are enforced equally.

ENTIRE ARTICLE

Popularity: 78% [?]

 

By Scott Campbell, ChannelWeb 

Do you work for a company that allows access to Facebook and Twitter during company time? If so, consider yourself lucky.
A new study by Robert Half Technology found that 54 percent of CIOs said their firms do not allow employees to visit social networking sites for any reason while at work.

Nineteen percent of the survey’s 1,400 respondents said social networking is permitted for business purposes only. Another 16 percent allow limited personal use and only 10 percent give employees free rein regarding Facebook, MySpace, Twitter and other sites.

Dave Willmer, executive director of Robert Half Technology, said many companies believe social networking may divert employees’ attention away from more pressing priorities.

“For some professions, however, these sites can be leveraged as effective business tools, which may be why about one in five companies allows their use for work-related purposes,” Willmer said in a statement.

Thomas Smith, CTO at The Public School and Public Education Employee Retirement Systems of Missouri, Jefferson City, Mo., said social networking in a corporate environment is a difficult puzzle to solve. His company currently blocks all access, but hosts an Internet cafe with five workstations on a separate VLAN where employees can access any site.

“This has quenched a lot of the thirst for Facebook in our firm,” Smith said. “Our concern is centered around security and not so much on productivity. Our COO is very eager to get a Facebook presence for our firm so we are actively pursuing workable solutions.”

The organization is implementing some new security layers that might lead to more access, Smith said. “Unfortunately, there are too many security flaws associated with these types of sites right now,” he said.

Meanwhile, Gary Allen, CTO at the Amarillo (Texas) Independent School District, also said his organization blocks social networking for security and liability reasons. He advises teachers and other staff to keep any correspondence professional and to avoid interaction with students, he said.

Robert Half Technology’s Willmer agreed that employees should always seek to exercise caution, no matter how lenient their company’s policy.

“Professionals should use common sense even outside of business hours. Regrettable posts can be a career liability,” he said in a statement.

ENTIRE ARTICLE

Popularity: 91% [?]

As more and more people go online to create profiles, share photos, news and gossip with friends and spend hours updating their details and friend lists, organizations are starting to reassess their approach to social networking in the workplace.

What makes social networking on the Internet so popular is the power it gives individuals to create, maintain and expand any number of networks to include family, close friends and people who share a similar interest, profession or hobby.

When used properly and with discretion, social networking can be a valuable resource for businesses looking to expand their visibility or for employees who need to communicate with colleagues. In most cases, its also a free service.

It is not uncommon for businesses to use social networking sites to carry out initial background checks on new recruits and a discreet way to check on what their employees are doing and saying in the public domain.

To ban or not to ban? A recent University of Melbourne study showed that people who use the internet for personal reasons at work are about 9% more productive than those who do not. However, the study fails to factor in a very important element: security. Every action, every minute spent online (and on social networking sites) may expose an organization to numerous security threats. While the subject of productivity increase is debatable, the security issues are not — they are all too real.

Where does that leave businesses?

They have three options.

1. Ban access to social networking sites (and access to Internet as well).

2. Set limits and restrictions on their use

3. Allow unmonitored access

Banning access to social networking sites may be an optimal solution for some organizations, and one can see banks and government departments particularly keen on keeping the status quo. However, many smaller organizations may feel that taking a heavy handed approach could be counterproductive, indicate a lack of trust in employees (probably justified to an extent) and is too restrictive.

On the other hand, you certainly do not want to give unfettered access to social networking sites; for reasons that will be explained further on. The best option may be to allow access to social networking sites while imposing limits (when these can be used and by whom). Regardless of which option an organization may choose, they must ensure that the basic safeguards are in place:

* up-to-date anti-virus software

* a firewall and the ability to monitor the use of the internet in general

* ability to monitor social networking sites in particular.

The CONCERNS

What is important to note is that social networking sites (e.g. FaceBook) as applications are not a problem per se for organizations. It is the people who use them that are a cause for concern. Social networkers, if one can call them so, are the root of five problems.

PRODUCTIVITY

One reason why organizations are keen on banning social networking in the workplace is the fact that employees spend a great deal of time updating their profiles and sites throughout the day. If every employee in a 100-strong workforce spent 30 minutes on a social networking site every day, that would work out to a loss of 13,000 hours of productivity in one year! Although this may be a generalization, organizations do look very carefully at productivity issues and it goes without saying that 50 hours of non-productive work a day does not go down well with management. When you factor in the average wage per hour you get a better (and decisive) picture.

There is also an effect on company morale. Employees will not appreciate colleagues spending hours on social networking sites (and others) while they are working hard to clear the workload. The impact is greater if no action is taken against the abusers.

RESOURCES

Although updates from sites like FaceBook or LinkedIn may not take up huge amounts of bandwidth, the availability of (bandwidth hungry) video links posted on these sites (or links taking users to sites like YouTube) creates problems for IT administrators. There is a cost to internet browsing, especially where high levels of bandwidth are required.

VIRUSES AND MALWARE

This threat is often overlooked by organizations. Hackers are attracted to social networking sites because they see the potential to commit fraud and launch spam and malware attacks. There are over 50,000 applications available for FaceBook (according to the company) and while FaceBook may make every effort to provide protection against malware, these third-party applications may not all be safe. Some have the potential to be used to infect computers with malicious code which in turn is can be used to collect data from that users site. Messaging on social networking sites is also a concern and the Koobface worm is but one example of how messages are used to spread malicious code and worms. A worm infection is the last thing an administrator wants to have to deal with!

SOCIAL ENGINEERING

This can result in data or identity theft. Social engineering is becoming a fine art and more and more people are falling victim to online scams that seem genuine. Users may be convinced to give personal details such as social security numbers, employment details and so on. By collecting such information, data theft becomes a serious risk. On the other hand, people have a habit of posting details in their social networking profiles that beggars belief. While they would never disclose certain information when meeting someone for the first time, they see nothing wrong with posting it online for all to see on their profile, personal blog or other social networking site account. This data can often be mined by cybercriminals.

REPUTATION AND LEGAL LIABILITY

Although there have been no major corporate lawsuits involving evidence from social networking sites, organizations need to be observant for employees who may be commenting publicly and talking about their employer. For example, one young employee wrote on her profile that her job was boring and soon received her marching orders from her boss. What if a disgruntled employee decided to complain about a product or the companys inefficiencies in his or her profile? The legal implications and the damage to the organizations reputation could both be substantial.

 

Striking a balance What is worrying about social networking sites is that they encourage people to give as much information about themselves as possible. Even the most prudent and well-meaning individuals can give away information they should not. At the same time, nearly everyone today (even senior managers) have their own online profile on a social networking site and like the idea that they can keep in touch with contacts and friends via that interface.

If you are going to allow access to social networking sites there are some basic tips suggested:

1. Restrict access. Give employees a breather and allow them to access social networking sites during their lunch break, before and after office hours. Web filtering software gives administrators the ability to implement time-based access to these and other sites.

2. Educate and train staff. This is very important. Most employees are not aware how their actions online can cause security issues for the organization. Tell them in a language they understand how a simple click on a link they receive or an application they download can result in malware infecting their machine and the network. Additionally, tell them not to click on suspicious links and to pay attention when giving out personal details online. Just because employees are clever enough to have an online profile does not mean they are technically-savvy or that they have a high level of security awareness.

3. Set security and usage policies. Have all employees sign any policies related to the use of the internet at work, access to social networking sites and what they are allowed to say or do during office hours. Monitoring of all web activity is important and employees should be aware that their actions are being recorded and that failure to adhere to company policy can result in disciplinary action and/or dismissal.

ENTIRE ARTICLE (Click Here)

David Kelleher is communications and research analyst at GFI.

Popularity: 100% [?]