Blocking employee access in the workplace to social networks and other content (and people) on the web is a tactic employed by many organizations.
The most common reasons I hear are that itâ€™s to address organizationsâ€™ concerns surrounding security (prevention of viruses, malware, etc, being introduced into the organization) and productivity (stop employees wasting time).
Whatever the reason why such restrictions are imposed in many workplaces, itâ€™s a topic that generates much reporting and opinion among supporters and detractors. My podcasting partner Shel Holtz curates StopBlocking.org, a website â€œdesigned to serve as a hub information resource for those who believe the benefits of providing access far outweigh the risks,â€ providing an effective focus on a workplace issue that merits wider attention.
Iâ€™m with Shel on the overriding principle â€“ the benefits of enabling employees to access social networks and other online content outweigh the risks.
At the same time, I can understand those who genuinely believe the opposite, and willingly engage in discussion with some to help them see the different picture. I have little time for those in organizations who impose such restrictions not for the plausible reasons they state but for hidden reasons in order to perpetuate their control freakery.
At the beginning of February, Sarah Perez wrote in ReadWriteWeb about a study from security firm Sophos, who say the real problem with social networks â€“ and most of all, Facebook â€“ is the security risk they pose to organizations.
Sarah added an excellent perspective:
[â€¦] Unfortunately for those in charge of enforcing corporate security, simply blocking Facebook and other social networks via URL is not a realistic solution anymore. The networks are often a large part of a company’s marketing and sales strategies, notes Sophos, meaning they cannot be blocked outright. Instead, companies are encouraged to use a unified approach for mitigating threats that combines data monitoring, malware protection and granular access for their employees.
While I do believe less is more â€“ meaning, less restrictions provide a far better framework for employees to excel â€“ I also recognize that many organizations do have policies and procedures for sound reasons and which may include things like use of the organization’s network and computers to access external content, or install and run applications on work computers.
In my view, the the key elements in Sarahâ€™s assessment are education and engagement â€“ explaining to employees why any restrictions are in place and then gaining employeesâ€™ support and agreement to following guidelines, policies or whatever you wish to call them.
If you donâ€™t have such rules established, communicated to employees and their agreement to follow them secured, then you donâ€™t have much basis for creating the right environment or framework for your employees to do their jobs effectively. Indeed, any climate of trust is much diminished in such circumstances.
A survey published yesterday by Cisco Systems, conducted among medium-to-large enterprises in ten countries, describes the scene very clearly indeed for what typically happens now in organizations which do have access restrictions imposed in the workplace and where employees then take matters into their own hands:
[â€¦] Half admit to accessing prohibited applications once a week, and more than a quarter admit to changing the settings on their devices to gain access in order to "get the job done."
- Slightly more than half (52 percent) of organizations prohibit the use of social media applications or similar collaboration tools at work.
- Half (50 percent) of the end users admit to ignoring company policy prohibiting use of social media tools at least once a week, and 27 percent admit to changing the settings on corporate devices to get access to prohibited applications.
The easiest ways to circumvent workplace restrictions are outside the workplace, ie, not on the organization network (computer at home, for instance, or using one in an internet cafe) or using oneâ€™s mobile device.
Yet surely the better solution is communication and engagement. Examine all the choices in front of you as an organization: weigh up the pros and cons of enabling employee access to social networks and other places out there on the web or letting them use apps to â€˜get things done.â€™ Involve employees in creating guidelines (IBM set the benchmark for that way back in 2005).
Make informed decisions. Isnâ€™t it that simple?