What are your employees doing on Facebook?

If employees are coming up with their “stripper name” using a Facebook application, they may be inadvertently giving up more than a portion of the work day – their passwords might be next.

In an ideal world, employers wouldn’t have to deal with this issue, but Facebook and other social networking sites have become hugely popular and impossible to ignore, leaving HR departments, IT staff and upper management wondering how to deal with them in the workplace.

Facebook is particularly addictive, and some people are constantly “biting each other” and adding applications and looking up photographs, said Graham Cluley, senior technology consultant with Sophos.

“We’ve spoken to some companies who found that something like 30 per cent of all of their Web traffic is Facebook-related,” he said. “It’s staggering. Facebook is bigger than Google in terms of how often it’s getting accessed.”

In other cases, employees are sharing too much personal (or professional) information, which can bring their employer into disrepute or be used by identity fraudsters. When you start listing your cat’s name or mother’s maiden name, for example, this could help bad guys guess your passwords, said Cluley.

As soon as you join a geographic network on Facebook (such as Toronto or Vancouver), it changes your privacy settings, so everyone else in that group can see your information. “Things you would never share with some nutter on the bus or train, you are prepared to share with millions of people on the Internet,” said Cluley.

“You’ve got to realize there are bad people out there for whom this information is gold-dust.”

But the fundamental issue, he said, is that people are wasting too much time on social networking sites when they should be working. This is why having controls and guidelines for users make sense. “There have been cases of people losing their jobs because they’ve been on the site too much – you don’t want to get to that stage if possible,” he said. There have also been cases where employees have embarrassed their employer or co-workers, or an employer has made a hiring decision based on a Facebook profile.

TD Bank, for its part, is considering whether to provide access to online collaboration tools across the organization, and is undergoing a thorough evaluation of what tool or tools might work best for employees, said Simon Townsend, a spokesperson for TDBFG. It may end up providing access to sites like Facebook or perhaps build an internal tool that could be adopted for networking and collaboration purposes – but it’s too early to say yet.

TDBFG currently doesn’t provide employees with access to Facebook or YouTube. “From a technology perspective, sites with high traffic can negatively impact the systems we use to serve our customers, and naturally negatively impact our customers’ service experience online,” he said. Looking at Web traffic is an important part of the rationale for blocking various sites that aren’t viewed as “business required,” he added.

As for HR policy, TDBFG has a broad-based Internet, e-mail and electronic media policy, which outlines that the Internet and e-mail should primarily be used for business purposes (similar to many other large organizations). “While we certainly think that the occasional personal use of the Internet or e-mail is appropriate,” said Townsend, “the use of these resources shouldn’t affect an individual’s performance or the security of the bank’s information systems.”
For some workers in some organizations, these sites have legitimate uses and aren’t necessarily a drain on productivity (although there can still be privacy and security concerns).

Facebook Observer, for example, is a Web site that looks at how Facebook can be used as a platform for business professionals to build their contacts and increase sales revenue. It recommends they add their top customers as “friends” and get to know who they are, and add business applications that allow them to communicate with customers inside and outside of Facebook.

It also recommends they work their “newsfeed” to push information to clients, partners and perspective customers. Global technology services firm Accenture uses Facebook to market its services, for example, and reach out to university grads looking for work.

Organizations should determine if there’s a legitimate use for social networking sites within the workplace, said Cluley. Even if there isn’t, they may want to provide that freedom to employees, so they should monitor usage to see how much time workers are spending on these sites – if it’s excessive and affecting productivity, then they can limit or possibly even block access. But organizations have to make employees aware of what that policy is. “A rule which isn’t written down is just a rumour and it’s not fair to your employees if you haven’t communicated it,” he said.

Claudiu Popa, president and CSO of Informatica Corp., believes organizations should simply block access to social networking sites because of the potential privacy and security risks. In some cases, users disclose corporate e-mail addresses, identifying their affiliation with an employer. The more serious risk, however, arises from the fact that many social networking sites require the installation of active code, which could be exploited by one of the emerging types of malware out there.

Popa believes organizations should ban access to these sites – not only because of the productivity impact, but to reduce the risk of an infection to corporate computers and mobile systems used for work purposes. Banning these sites is relatively simple on a corporate network, he said, where options include firewall blocking, Windows group policies and Web gateway filtering systems.

Home and mobile systems are more difficult to police because they aren’t as tightly controlled by organizations. But corporate administrators can gain more control by installing local software or using secure virtual private networks.

“Users that are dissatisfied with the restrictions placed on their personal Web surfing time should be encouraged to review the policies they agreed to uphold as a condition of their employment,” said Popa.

Comment edit@itworldcanada.com

Share on LinkedIn Share with Google+
More Articles