Security

Companies with restrictive social media policies get hacked more often.

Read and interesting article in the Toronto Star yesterday about corporate security and social media policy. It seems that counter to what you might expect, companies that have more restrictive computer usage policies when it comes to social media applications tend to have more security breaches. The reason for this is that users are installing third party programs, some of which would contain Trojans or other maleware, that compromise network security. While some commentators on the article place the blame on poorly implemented security rules by the IT department. I view this more as a failure of corporations to adapt to the new reality of the workplace and the desires of the modern worker.

“A report in IT security issued jointly by Telus and the Rotman School of Management surveyed 649 firms and found companies that ban employees from using social media suffer 30 percent more computer security breaches than ones that allow free use of sites like Facebook and Twitter.”

The boundaries between personal time and work time have increasingly become blurred with the rise of laptops and smart-phones in the workplace. Employees can work from anywhere anytime and I feel it is up to companies too create a work environments where employees are given the latitude and discretion to work as the see fit. The problems of social media usage in the work place are not IT problem but a employee management problem. The relationship between employer and employee should not be seen though a combative or distrustful lenses as it is often now, but though a collaborative one. In so doing I believe that companies will better position themselves to harness the product powers that social networking is bringing to the Internet.
What is all the more shocking is how much these security breaches are costing companies.

According to the study, each breach in network security costs publicly traded companies $195,588, compared with $70,833 for privately held firms and $58,929 for government agencies.

Surely the potential lost productivity of a more relaxed social networking policy would be less costly.
Food for IT thought.

Advertisements

Social Networking and Security


Ars Technica posted a great article on the issues surrounding the increased penetration of social networking into the IT workplace. The article offers links to other articles on the subject matter. Well worth spending some time reading.
For me the key takeaway is the fact that it is increasingly hard to manage or control the use of these new social tools in the work place.

While IT departments can attempt to censor social media, Cisco Canada’s Jeff Seifert said it’s “pointless” for IT departments to limit or restrict access to sites such as Tumblr, Twitter, or Facebook on corporate networks. With personal phones, tablets, and a myriad of other devices, employees will simply find another way around the block.

This leads to the concussion that corporations need to spend more time educating their workforce about using social networking tools responsibly and less time creating restrictive usage policies, which create antagonism between workers and management. In so doing, they create a better educated workforce who are more capable of making intelligent choices about the information they share online. Whereas a restrictive IT usage polices, can often lead to deceptiveness on the part of workers as they still try to use tools band by corporate policy.

Though in truth, there is no correct answer to the problem of corporate information security in the ever increasingly connected workplace. Sometimes you will simply need to restrict what users can do in the workplace environment. Nonetheless, I think what managers need to do a better job of educating works on why these policies are in place and getting to buy into them.