Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Confident Cloud

Antisocial networking - balancing the benefits with the risks

Created: 17 Sep 2012 • Updated: 03 Jun 2014 • 4 comments
Jon C's picture
+1 1 Vote
Login to vote

A few weeks ago I was speaking to a travel-related site about some flight bookings. The person on the other end of the line was inordinately helpful, to the extent that they gave a first name I could call them back on. As an experiment, I looked them up using Google, entering first name (which wasn't that common) and company name.

Before long I found them on LinkedIn and Facebook, and I even had a reasonably good idea of where they lived. While I was merely experimenting, it's not hard to imagine a disgruntled customer who decides to take matters beyond the call centre.

This simple example shows why many people and organisations feel more than a little apprehensive about social networking and its relationship with the workplace. Not since the Domesday book have we had access to a facility that is quite so intrusive. The dilemma, despite what is a clear invasion of privacy and has very obvious risks, we continue to use such tools. The 800 million or more people now using Facebook are voting with their fingertips.

Social networking is a two-edged sword: it gives greatly on one hand, and takes away with the other. By looking at what people, companies and institutions gain from social media, we can also start to understand where the issues lie, and even begin to mitigate some of the risks. Specifically, we can consider three aspects: sharing, connections and activity.

First to sharing, the 'social' element of social networking. These tools work because they enable us to communicate, to exchange information from the most mundane to the most serious of topics. In the business context this is known to encourage collaboration, support innovation and so on. Understandably so, as interaction is at the heart of team dynamics and group productivity.

The risks lie in appropriateness and privacy. There is such a thing as 'too much information', either through a blurring of boundaries between business and personal, or revealing company confidential data, or publicly saying things that are better kept in the back office. As well as being embarrassing, governance breaches can all too easily occur. And even password-protected sites (such as Facebook, which uses the information it stores to guide advertising) cannot be treated as private.

Mitigation against such challenges lies in the dual use of the Acceptable Use Policy (AUP) of the organisation to specify what is appropriate and what isn't, and a review of data leakage protection to ensure company secrets remain within the corporate firewall. The AUP can also specify what is seen as acceptable for personal use of social tools - the Internet is a public place, and should be treated as such.

Second is connections, the 'networking' element of social. Online tools are undoubtedly beneficial for a company or individual to reach out, grow circles of 'friends' and colleagues, and develop trust relationships through interaction. Bigger networks mean better business, goes the argument - and there is merit in developing the right kinds of networks that enable a business to achieve its goals.

The downside of interpersonal networking is that trust, while freely given, can be abused. Social engineering techniques are frequently used to breach this trust, either by simply promoting products or services, or at the other end of the scale, pretending to be a trusted site (e.g. a bank) and attempting to gain a username/password combination. Equally, individual confidentiality can quickly be lost, as shown in the example above.

In this instance, while technology can help (for example monitoring for untrusted sites), there is no substitute for vigilance on the part of the individual. Regular awareness training in terms of the latest kinds of threat can help people to keep on their guard.

Finally, we have the 'activity' aspect of social networking. With social networking, we are told, "You get out what you put in." However sites such as Facebook are also a fantastic procrastination device, and they are also notoriously difficult to measure in terms of impact. From a personal perspective, what starts as fun interaction can end up being draining distraction.

From a business perspective, the answer is to consider social media at a more strategic level. If you don't know why you are using a certain social tool then you should probably stop, then decide whether or not your business objectives will be furthered by using it.

Once you have worked out the answers to such questions, you can feed the results into both corporate social media strategy and into the AUP. For example, if you decide that individual Twitter accounts are not appropriate for your company, you may wish to request staff not to include corporate information in their personal Twitter feeds. You may also wish to monitor use of such sites to ensure staff are not spending inordinate time on them during office hours.

Social networking does not have an 'off' switch - the genie is well and truly out of the bottle. However, employing the right combination of social media strategy, AUP, awareness training and security tools goes a long way towards balancing the benefits with the risks.

Comments 4 CommentsJump to latest comment

Rob.Wilcox's picture

I like the thoughts and ideas behind the blog post Jon.  

A few years ago when I was still working at Symantec there were talks of Persona's of people that Symantec were aiming products and marketing campaigns at.  One of the Persona's was an office worker who had both corporate and personal information at the touch of her finger tips on 'any device'.  Is that still something that Symantec strive towards?  I ask, because with the information above it seems to be edging back in to the non-blurred world of keeping extra tight hold on the corporate data, inside the corporate firewall?

I'm not saying let everything run free.

On the other hand I'm not saying try to tighten things up so tight that it becomes impossible for people to 'do their job'.  I've seen companies that block all manner of site traffic, except for 1 hour per day.  That's people's lunch break.  They block places like Hotmail "because the site is insecure".. but then they allow it for the 1 hour lunch break?!  I've seen companies with AUP that run to several hundred pages.  How crazy is that?

I'd be interested to know your thoughts on the blurring of information, because of devices that can be used for both personal and corporate use.

Login to vote
Jon C's picture

Hi Rob, apologies, only just seen this! 

As a guest blogger, I wouldn't want to comment on Symantec marketing policy :) but I would imagine the change of CEO will have an influence. 

In my experience, corporate life should always be about striking the right balance - that's why we have evolved with both left and right brain hemispheres. I think we can go too far in either direction - companies pay people to deliver results, and not to do what they like; but meanwhile, companies *are* people, and treating them as anything else is a hiding to nothing. 

The good thing about acceptable use policy is that it enables a debate with staff about what 'acceptable' means for a given organisation. For an organisation to try to lock everything down will inevitably end in failure, because technology isn't as smart as people; but meanwhile, we all need guidance on what is and isn't right, and such guidance will every now and then need to be enforced. This wil stay true whatever kit is in place and whoever owns it. 

I'm going to coin a phrase - BYOB - Bring Your Own Brain!

Cheers, Jon

Login to vote
Sophie143's picture

i just stop and watch this website and i found out that this is very interesting.i love to read blog and articles i already bookmark this website . I'm looking forward to read more  i'll be back soon for more updates please continue posting.

thank you    

buy real facebook fans

Login to vote
Jonas Grover's picture

Yes, it is true that posting anything on  your social networking sites is very risky. It is very important not to post everything in sites where anyone can view. Or try this

<a href="">where to get facebook subscribers</a>.

Login to vote