Look around the office. Facebook, Twitter, IM, Skype, Wiki, blogs, and more — social media and social communication tools are on just about every screen you see.
What was once an after-hours amusement (remember chatting on AOL in the ‘90s?) has gone totally mainstream in the business world. While there certainly are legitimate business benefits, the overlap between business and social communication also carries certain risks. Are they worth it?
Critics argue that sites like Facebook, LinkedIn, and Twitter are major time-wasters that drain employee productivity. However, several studies show that social media in the workplace can bring tangible business benefits. Use of social media and tools such as IM and Web conferencing foster team building and enhance communication and collaboration skills. Blogs, YouTube, Google Documents, and online communities aid in research, hone creative thinking, and can actually increase employee productivity and efficiency. And no one can deny the value of social media in marketing communications, with literally thousands of businesses on Facebook alone promoting their products and services and staying in touch with customers. With iPads, iPhones, and Androids flooding into the work environment, the role of social media in the workplace is growing exponentially. Can there be too much of a good thing?
Despite the benefits, many in the corporate world distrust social media. In fact, a recent study by Robert Half Technology notes that a full 54 percent of companies in the U.S. ban the use of social-networking sites. The rationale? Reduced employee productivity, a drain on network bandwidth, and a variety of security issues. Also, businesses fear legal liability stemming from employees making inappropriate comments in public, and are wary of"loose lips" leaking confidential information and letting intellectual property fall into competitors’ hands. In terms of security, the risks break out into two main categories: threats to physical infrastructure and threats to sensitive information.
Logging on to a social media site from work can expose the corporate network and company workstations to several security risks. If the network is not sufficiently protected, spam, viruses, worms, spyware, and other malware can infiltrate. Since many sites like Facebook link to less secure third-party websites for games and applications, attacks can be hard to track down. Facebook is constantly going after scammers, spammers, and purveyors of junk. And Twitter has had problems with malware and link-shortening services like bit.ly that mask a link’s true destination, taking unwitting Tweeters (or Tweetees) to malicious sites that might infect the network or embarrass the company by associating it with bad stuff. (To combat such threats, be sure to use a link scanner before you click to preview the destination and see exactly where you’re going.)
Sites like Facebook and Twitter attract tens of millions of visitors daily. So it’s no wonder that they also attract criminals, hackers, and lurkers. Hackers try to break into accounts for passwords and other confidential information. Assuming that many people use the same password everywhere, a hack of your Facebook account, for instance, can lead to an intrusion into your work identity. And that, in turn, can result in compromising valuable intellectual property and sensitive business information and financial records. Also beware of social con artists trying to talk employees into divulging business information and phishing scams in search of passwords and credit card numbers, or looking for a platform to launch zombie spam attacks.
Social media is here to stay, and with a growing number of consumer devices now entering the enterprise, the prevalence of social communication in the workplace will only grow. As social media platforms evolve, and new ones emerge, they will likely become familiar and integral parts of the enterprise. So what’s a security-minded company to do?
To protect company assets, businesses need to stay up to date on ever-changing physical and social threats emanating from the social media universe. And they need make employees aware of potential threats through frequently updated security-awareness training. If identified threats are impacting business operations, mitigation strategies and protective measures should be deployed. While formal policies may not be required initially, at the very least, business users should be instructed to always use a strong password on every social media site they visit — and to never use the same one that they use at work.
By Gary Frank