Does Social Networking Require User Policy Changes?
- 16 April, 2009 10:28
- Comments 1
IT security administrators have had a fairly easy case to make against such social networking sites as Myspace in the past. Myspace in particular tends to be a place for the mostly personal, and some profiles are simply front companies for online mobsters and malware pushers.
Malware pushers are also alive and well on such sites as Facebook and Twitter, but these sites present a special challenge for IT security execs. Both applications, along with the likes of LinkedIn, are used heavily for business networking.
And while LinkedIn is almost all business, Facebook and Twitter straddle an increasingly squishy line between the personal and professional. Online outlaws understand this and are trying to do on these sites what they have done on Myspace.
These developments have security practitioners like Robert Fitzgerald -- a Boston based digital forensics investigator and president of The Lorenzi Group LLC -- pushing the corporate world to update policies for what employees can and can't do when using company computers online. Since most company user policies don't mention the growing array of social networking sites specifically (there's typically broad language forbidding things like surfing porn sites), Fitzgerald believes companies are opening themselves to lawsuits where the plaintiffs can successfully claim that users weren't expressly forbidden from trolling Facebook on work machines.
"Most user policies are 100 years old, with language like 'no personal e-mail and no surfing the Web,'" Fitzgerald said. "Well, today it's impossible to conduct business without being on the Web. The Internet has hit employees like a tidal wave, and if you put rules in place it'll help people understand what not to do online and make everyone more aware more quickly of data breach risks."
Of course, others believe it's a mistake to get too specific with user policies. A big reason is that technology is constantly changing, and tweaks made for today's social networking craze may become obsolete in a year or two as some new gray program comes along.
With that in mind, CSOonline conducted an informal poll -- ironically via LinkedIn -- asking security pros if it makes sense to update user policies as Fitzgerald suggested.
The question: Does Twitter/Facebook/LinkedIn etc. require a change in company policies for network usage?
- Bookmark this page
- Share this article
- Got more on this story? Email TechWorld
- Follow TechWorld on twitter
-
Jailbreak of Apple iOS 5.1.1 due 'in days'
-
Nokia launches new Windows Phones
-
Nokia Lumia 900, 610 heading Down Under
-
Consider desktops in the cloud for BYOD
-
Samsung Apps store hits 100 million downloads
-
Office 2007 All-In-One Desk Reference for Dummies
-
Microsoft Office
-
Computers for Seniors for Dummies, 2nd Edition
-
Office 2007 for Dummies
-
Teach Yourself Visually Windows 7
-
MYOB Software for Dummies 6E Australian Edition
-
Excel 2007 All-In-One Desk Reference for Dummies
-
Windows 7 for Seniors for Dummies®
-
Windows 7 for Dummies® Dvd+book Bundle
Comments
Ian Hendry
Making poliies too specific is foolish
A very interesting article.
Why get more specific about what company employees can and can't do? As the pace of change in ways of communicating with customers increases, it would make more sense to be LESS specific in order to produce a set of rules that work for the long-term, as rules that don't change are easier to enforce.
In general, a company could probably cover itself with the following:
1) No time should be spent while in work hours on matters relating to your person, including, but not limited to, use of internet, messaging or telephone, through electronic devices or other methods of communication
2) You are not entitled to act as a representative of the companyonline in any capacity unless you have been given express permission to do so
3) Rules concerning professionalism and confidentiality apply in relation to how you conduct yourself as a representative of the company online as well as offline
I am not a lawyer so these will need changing for specific application, but it's surely all bases covered for now and the future?
I don't see social networking sites as being any different to phones or e-mail. They are essential for business, but also offer the ability to be (ab)used for social purposes. The key is making it clear how much (if any) social use is acceptable in the workplace.
Ian Hendry
CEO, WeCanDo.BIZ
<a href="http://www.wecando.biz"<http://www.wecando.biz</a>
Post new comment