Employee use of social media and networks: inform your decisions

warning Blocking employee access in the workplace to social networks and other content (and people) on the web is a tactic employed by many organizations.

The most common reasons I hear are that it’s to address organizations’ concerns surrounding security (prevention of viruses, malware, etc, being introduced into the organization) and productivity (stop employees wasting time).

Whatever the reason why such restrictions are imposed in many workplaces, it’s a topic that generates much reporting and opinion among supporters and detractors. My podcasting partner Shel Holtz curates StopBlocking.org, a website “designed to serve as a hub information resource for those who believe the benefits of providing access far outweigh the risks,” providing an effective focus on a workplace issue that merits wider attention.

I’m with Shel on the overriding principle – the benefits of enabling employees to access social networks and other online content outweigh the risks.

At the same time, I can understand those who genuinely believe the opposite, and willingly engage in discussion with some to help them see the different picture. I have little time for those in organizations who impose such restrictions not for the plausible reasons they state but for hidden reasons in order to perpetuate their control freakery.

At the beginning of February, Sarah Perez wrote in ReadWriteWeb about a study from security firm Sophos, who say the real problem with social networks – and most of all, Facebook – is the security risk they pose to organizations.

Sarah added an excellent perspective:

[…] Unfortunately for those in charge of enforcing corporate security, simply blocking Facebook and other social networks via URL is not a realistic solution anymore. The networks are often a large part of a company’s marketing and sales strategies, notes Sophos, meaning they cannot be blocked outright. Instead, companies are encouraged to use a unified approach for mitigating threats that combines data monitoring, malware protection and granular access for their employees.

While I do believe less is more – meaning, less restrictions provide a far better framework for employees to excel – I also recognize that many organizations do have policies and procedures for sound reasons and which may include things like use of the organization’s network and computers to access external content, or install and run applications on work computers.

In my view, the the key elements in Sarah’s assessment are education and engagement – explaining to employees why any restrictions are in place and then gaining employees’ support and agreement to following guidelines, policies or whatever you wish to call them.

If you don’t have such rules established, communicated to employees and their agreement to follow them secured, then you don’t have much basis for creating the right environment or framework for your employees to do their jobs effectively. Indeed, any climate of trust is much diminished in such circumstances.

A survey published yesterday by Cisco Systems, conducted among medium-to-large enterprises in ten countries, describes the scene very clearly indeed for what typically happens now in organizations which do have access restrictions imposed in the workplace and where employees then take matters into their own hands:

[…] Half admit to accessing prohibited applications once a week, and more than a quarter admit to changing the settings on their devices to gain access in order to "get the job done."

  • Slightly more than half (52 percent) of organizations prohibit the use of social media applications or similar collaboration tools at work.
  • Half (50 percent) of the end users admit to ignoring company policy prohibiting use of social media tools at least once a week, and 27 percent admit to changing the settings on corporate devices to get access to prohibited applications.

The easiest ways to circumvent workplace restrictions are outside the workplace, ie, not on the organization network (computer at home, for instance, or using one in an internet cafe) or using one’s mobile device.

Yet surely the better solution is communication and engagement. Examine all the choices in front of you as an organization: weigh up the pros and cons of enabling employee access to social networks and other places out there on the web or letting them use apps to ‘get things done.’ Involve employees in creating guidelines (IBM set the benchmark for that way back in 2005).

Make informed decisions. Isn’t it that simple?

Related posts:

Neville Hobson

Social Strategist, Communicator, Writer, and Podcaster with a curiosity for tech and how people use it. Believer in an Internet for everyone. Early adopter (and leaver) and experimenter with social media. Occasional test pilot of shiny new objects. Avid tea drinker.

  1. Jas Dhaliwal

    Hi Neville,

    Excellent post. I think IT departments also have a part to play with “Education and Engagement”. Just simply saying that social networks are banned because of the threat viruses, is not strictly speaking true. Many companies have sophisticated anti-virus and anti-malware software already loaded on the desktop anyway, and are more than capable of dealing with any problems (rare that they maybe).

    The real problem is Education. By not working with the business, individuals may be tempted to bypass corporate systems altogether. Imagine if someone went into Dixons and purchased a cheap WIFI router and plugged it into a spare network point in the office? In many organisations, individuals would get an IP address and potentially a clear route out to the Internet.

    Therefore, my advice would be for the IT department to start a dialogue with the business on adopting social tools beyond the firewall. Talk, Listen and Adapt.
    The world has changed, and IT departments need to change too


    • neville

      Good points, Jas, thanks. It’s not just IT, though: every business function that has a stake in the success of the business (which is every business function) has the right to speak up with their points of view.

      The point is that everyone involved needs to discuss all the pros and cons, calculate the risks and agree the actions to take and who will take them.

      It sounds awfully simple to me.

Comments are closed.