Antisocial networking - balancing the benefits with the risks
A few weeks ago I was speaking to a travel-related site about some flight bookings. The person on the other end of the line was inordinately helpful, to the extent that they gave a first name I could call them back on. As an experiment, I looked them up using Google, entering first name (which wasn't that common) and company name.
Before long I found them on LinkedIn and Facebook, and I even had a reasonably good idea of where they lived. While I was merely experimenting, it's not hard to imagine a disgruntled customer who decides to take matters beyond the call centre.
This simple example shows why many people and organisations feel more than a little apprehensive about social networking and its relationship with the workplace. Not since the Domesday book have we had access to a facility that is quite so intrusive. The dilemma, despite what is a clear invasion of privacy and has very obvious risks, we continue to use such tools. The 800 million or more people now using Facebook are voting with their fingertips.
Social networking is a two-edged sword: it gives greatly on one hand, and takes away with the other. By looking at what people, companies and institutions gain from social media, we can also start to understand where the issues lie, and even begin to mitigate some of the risks. Specifically, we can consider three aspects: sharing, connections and activity.
First to sharing, the 'social' element of social networking. These tools work because they enable us to communicate, to exchange information from the most mundane to the most serious of topics. In the business context this is known to encourage collaboration, support innovation and so on. Understandably so, as interaction is at the heart of team dynamics and group productivity.
The risks lie in appropriateness and privacy. There is such a thing as 'too much information', either through a blurring of boundaries between business and personal, or revealing company confidential data, or publicly saying things that are better kept in the back office. As well as being embarrassing, governance breaches can all too easily occur. And even password-protected sites (such as Facebook, which uses the information it stores to guide advertising) cannot be treated as private.
Mitigation against such challenges lies in the dual use of the Acceptable Use Policy (AUP) of the organisation to specify what is appropriate and what isn't, and a review of data leakage protection to ensure company secrets remain within the corporate firewall. The AUP can also specify what is seen as acceptable for personal use of social tools - the Internet is a public place, and should be treated as such.
Second is connections, the 'networking' element of social. Online tools are undoubtedly beneficial for a company or individual to reach out, grow circles of 'friends' and colleagues, and develop trust relationships through interaction. Bigger networks mean better business, goes the argument - and there is merit in developing the right kinds of networks that enable a business to achieve its goals.
The downside of interpersonal networking is that trust, while freely given, can be abused. Social engineering techniques are frequently used to breach this trust, either by simply promoting products or services, or at the other end of the scale, pretending to be a trusted site (e.g. a bank) and attempting to gain a username/password combination. Equally, individual confidentiality can quickly be lost, as shown in the example above.
In this instance, while technology can help (for example monitoring for untrusted sites), there is no substitute for vigilance on the part of the individual. Regular awareness training in terms of the latest kinds of threat can help people to keep on their guard.
Finally, we have the 'activity' aspect of social networking. With social networking, we are told, "You get out what you put in." However sites such as Facebook are also a fantastic procrastination device, and they are also notoriously difficult to measure in terms of impact. From a personal perspective, what starts as fun interaction can end up being draining distraction.
From a business perspective, the answer is to consider social media at a more strategic level. If you don't know why you are using a certain social tool then you should probably stop, then decide whether or not your business objectives will be furthered by using it.
Once you have worked out the answers to such questions, you can feed the results into both corporate social media strategy and into the AUP. For example, if you decide that individual Twitter accounts are not appropriate for your company, you may wish to request staff not to include corporate information in their personal Twitter feeds. You may also wish to monitor use of such sites to ensure staff are not spending inordinate time on them during office hours.
Social networking does not have an 'off' switch - the genie is well and truly out of the bottle. However, employing the right combination of social media strategy, AUP, awareness training and security tools goes a long way towards balancing the benefits with the risks.