Connect with the world's leading business experts.
Get instant access to their expertise via world–class Q&A, Research, and Events.
What is the values proposition for allowing users access to social networks?
What is the values proposition for allowing employees access to web 2.0 resources such as social networks?Every other day, we hear about the risks. Compromised Twitter accounts, phishing via LinkedIN, malicious Facebook apps were only a sample of an every growing landscape. Most enterprises, appreciating the threats these pose to an environment, simply deny access to social networks from company systems and networks. Even within such organizations, there are user who need to access social networks to perform their job functions. LinkedIN has become a great tool for recruiting prospective new hires. More companies are using Twitter, Facebook, Myspace and others to promote their business an connect with customers. But outside of that, is there a value in allowing employees, whose job function do not require it, access to social networks on company systems? I’m prompted to ask this because last week I was at a meeting of the Northern Virginia chapter of the Information Systems Security Association (ISSA-NOVA) and the speaker was the deputy CISO of the IRS, Devon Bryan. He spoke about how the IRS was dealing with the security challenges posed by Web 2.0, particularly social networking, Their current stance is to block all access except for those employees who job function required it. Most security professionals would agree this is probably wise. However, he also added that they are looking at technology that would allow users to “view” social networking sites, but not allow them to “update” them. As he explained, or tried to, read vs. write/execute. As this was an audience full of security professionals, it was quickly pointed out that drive-by malware downloads only require the user to browse the infected web page or one that is linked to an infected web page. To view is to infect, so to speak. There was then talk of how to mitigate that using virtual machines or proxies. I have no doubt the technical challenges can be overcome. The hackers who now treat social networks as the new frontier will probably change tact to react as well. Besides wanting to keep employees happy, what’s the policy rationale for allow users to follow their subscribed tweets or friends updates? Never mind, the adverse effect this with have on productivity. Really, why bother?
Events
- Social Media and Content Marketing For Business Q&A Feb 14 @ 11 am PT
- #TNLive Radio: Workforce Marketing & Recruitment Feb 14 @ 4 pm PT
- The Rise of Pinterest in B2B Feb 15 @ 11 am PT
- ERP – Priming Your Business to Deliver Value From Strategy to Operations Feb 15 @ 1 pm PT
- How Not to Coach Your Salespeople Feb 16 @ 1 pm PT
Related Activity
2 Answers
"...is there a value in allowing employees, whose job function do not require it, access to social networks on company systems?"
I think you said it right there - if their job role does not require it, do not let them have access. Would you prefer your employees worked, or surfed Facebook?
Talking of running Web 2.0 in sandboxes, VMs or whatever else you can think of to try and make the web browsing expereince safer for business systems is just a waste of time, when the benefit to the business is zero.
The problem is one of productivity. I found that without a company plan in place the staff would spend there time surfing the net, IM friends. Our Intranet was constantly being under attack from hackers, and worst was the loss of man hours.
Now, the IM is gone we have strict controls as who has authourization to use the social media touch points Facebook, twitter linkedIn. Our community manager has the a team in place to monitor the social sphere.
Our workflow has improved and we have next to nothing on attacks on our systems.
Answer This Question