Reap the benefits of social sites by protecting your network from security threats and data loss
In a relatively short amount of time, social media has gone from an annoying productivity killer to an important business productivity and marketing tool. Of course, employees can still while away time on sites like Facebook and YouTube, but they’re also using these sites, along with LinkedIn, Twitter, and Pinterest, to promote their companies’ products and brands, track the success of marketing campaigns, respond to customers’ complaints and compliments, and recruit new talent. Social media sites have even become a way to collaborate with coworkers and business partners. Companies that limit access to social media may actually find themselves at a competitive disadvantage.
Finding the balance between business needs and risk is key to allowing employees access to social media sites. You can do this by loosening some of your security controls, adjusting your acceptable use policy (AUP), and tolerating a little personal use of social media by employees.
“The truth is that employees can do more work, and do so better and faster, when they use tools that let them rapidly collaborate on projects and communicate with customers and partners. Today, social media networks are those tools. The productivity gains make up for the occasional downtime inherent in social networking,” says Jeff Shipley, manager of Cisco Security Research and Operations.
The Cisco 2011 Annual Security Report found that many of the fears around social media have proven to be unfounded—or, at least, not risky enough to forgo the benefits of social media. The biggest fears have been that social media sites would allow malware to be downloaded to the local network and that employees would leak confidential information to their friends and followers. Fortunately, companies can address both of these fairly easily.
Making social media safe
As it turns out, the fear of security threats delivered via social media may be overblown. Sure, some attackers have convinced social media users to download their malicious software; however, the risk of this happening through social media is not as great as through email. In addition, you can put some security technology and user controls in place to mitigate this risk. For instance, web traffic controls can halt malware that finds its way through Facebook and Twitter. Web traffic controls regulate employees’ social media use only when they’re in danger of downloading an infected file, clicking on a suspicious link, emailing company files through a web-based service like Facebook, or violating the company AUP. Otherwise, the protection is invisible to users as they connect to colleagues and customers through social media.
You may already have installed on your network a security device, such as the Cisco SA500 Series Security Appliances, that lets you set user controls as well as perform web filtering and monitoring. An intrusion prevention system (IPS) can protect against threats coming in via social media sites and other types of malicious and abnormal traffic.
As for preventing data leaks, it really comes down to training. Employees should be educated on what professional topics they should talk about on social media and what is strictly off limits. Training like this is useful in general—after all, an uneducated employee can just as easily download files to a thumb drive or reveal secrets via email.
Revising your AUP
Reviewing your AUP to explicitly describe how employees are allowed to use social media sites at work can go a long way to making these tools safe for your company. For example, your policy can state that employees can access Facebook as long as they don’t download any files through the site. It can also state that people using social media professionally, such as your marketing staff or HR employees, have access to Twitter and LinkedIn, while people in finance do not. Your AUP should also cover the types of information that can be discussed on social media as well as consequences for violating the policy.
The Cisco security report also found that many employees, particularly recent college grads, expect to have access to all the tools they want to use to do their jobs, including social media. Two out of three college students surveyed plan to ask about social media usage policies during job interviews, and one in four said those policies would be a key factor in their decision to accept a position. Perhaps alarmingly, half of the college students said they would either find a way to get around an AUP that bans social media or decline to work there.
It’s clear that people want to use social media both professionally and personally, and chances are good they’re going to use social networking sites even if they don’t have official company approval. With the right controls and policies in place, your small business can provide reasonable access and limit the risks while enjoying the benefits of social media.
Do you have policies in place regarding employee use of social media sites for company business?
If you’re interested in reading more, check out these related posts: