Where were you on June 9, 2009 at 10:22am? At that moment in history, the 1,000,000th
word was adopted into the English language.
What was that word? Web 2.0. Now you are probably asking yourself, I’ve
heard of Web 2.0 well before June…why are we only adopting it now? Well, the Global Language Monitor has certain
criteria by which they judge; but that is well beyond the scope of our
discussion here.
So what is Web 2.0?
It has nothing to do with the technology or domain naming. Mostly it is about the dynamic content and
the way users interact with the Internet.
Remember how your parents read the newspaper every evening or watched a
newscast on television? The information
flow was one way. Web 2.0 is about
sharing information, opinions and experiences.
You live with Web 2.0 everyday and you probably don’t even know it. Have you read a review on Amazon? Have you commented on a news article? Those are just a couple examples of user
provided content. Websites such as Facebook,
Twitter and MySpace, YouTube and other social networks are the big names in
social networks or Web 2.0 but there are countless others. You may think that because you don’t have a
Facebook account or don’t visit social networking sites that you, your family
or business are immune from anything harmful; you better think again.
The Good
Rather than jump right into the bad or ugly, let’s first
discuss how social networks can be good. Social networking or social media IS the future of communication. Rather than wait for the newspaper to be
delivered, you get news as it happens by the people who are experiencing or
involved in the situation. Remember the
US Airway’s flight that landed in the Hudson River? Well before the media had a chance to deploy
reporters to the scene, passengers on the flight were posting pictures and
updates through their Twitter account.
Companies are using social networks as a tool to market their
brand. Have you heard of Blendtec? How about “Will it Blend?” Blendtec CEO, Tom Dickson, became an instant
celebrity when he began posting videos of his blender destroying things like
iPhones, Guitar Hero guitars, etc on YouTube.
It also helped them sell a lot of blenders. Even Westfield Insurance uses LinkedIn and
Facebook to find talent, as well as, communicate promotions and events. Blogs such as this one and the Westfield Loss
Control Blog are another way that companies can reach out to current and
potential customers. Internally,
employees can network between departments giving them a feeling of being more
than just another “employee.”
The Bad
Those were just a few examples of how social networks can be
beneficial to a company. What are some of the drawbacks? First, it is difficult to balance a work
culture that embraces social networking while ensuring that it does not impact
productivity. It is increasingly more
difficult to monitor or limit these activities as social networks extend beyond
the desktop and onto cell phones.
Additionally, companies may have a difficult time restricting or
limiting the content that employees post.
A disgruntled employee may post negative information about their
employer for all to see. Companies may
have human resource policies when it comes to employees posting information
about their employer; but how does a company draw a hard line in the sand
between moral, religious and political biases and freedom of speech? Social networks are making it difficult for
companies to separate an employee’s business relationship and their personal
lives. On the other hand, employees are
learning that inappropriate use of social networking may allow a company to
terminate their employment.
The Ugly
So your company is on the cutting edge of technology and you
have an HR policy that addresses social networks; is that enough? Not quite.
Aside from the fact viruses, Trojans and other malware have found a new
distribution vector; there are many other security concerns. Data Loss Prevention is among the top as
employees may maliciously or accidentally distribute sensitive company
information. Depending on the leaked
information, your company may be faced with regulatory fines and requirements
such as privacy breach. Even if the
information isn’t overtly sensitive, information may trickle that may give a
hacker or your competitors an inside advantage.
Take for example your network administrator who blogs and/or posts
questions about Cisco routers and firewalls.
A hacker may use that inside knowledge to target the vulnerabilities
specific to Cisco products. I am sure
there are additional threats that remain to be discovered.
Conclusion
Whether your company has adopted or is blocking social
networks; it is probably time for a revisit.
While the inherent risks and productivity impact of social sites such as
Twitter, Facebook, etc. are good reason to not allow them in the work
environment; you may find that people are spending more time on their cell
phones texting or other social activities.
It is difficult to balance a no tolerance policy for social sites while
allowing shopping or other entertainment sites while on company time. Blocking all non-work essential sites has
proven time and time again to reduce employee morale; which in turn has greater
impact in reducing productivity. If you
feel your company is behind in addressing this issue, don’t feel alone. Many companies are working struggling to
weigh the risk versus the reward. We
would love to hear how your company handles social networks. Please make a
comment or contact us at infosec@westfieldgrp.com.