Technology has changed how we work, and more importantly — we have changed. The methods we use to communicate, as well as the way we stay informed and do business, have completely transformed over time. Furthermore, the new methods of communicating now include sending a text message from a mobile phone, posting comments on online networks or sending a short Tweet to inform the world about a variety of things. As a result, over the past few years a typical business executive’s network has probably expanded from a few acquaintances to hundreds of friends, friends of friends, connections and followers.
It is amazing how social networking platforms have grown – exponentially! Millions of people around the world with access to the Internet are members of one or more social networks. They have a permanent online presence where they create profiles, share photos, share their thoughts with friends and spend hours catching up with what their hundreds of friends are doing with their lives. On an organizational level, the expansion of the Internet has also transformed a number of businesses. The convenience, power, and readily accessible information provided by the Internet have substantially enhanced business communication, education, product manufacturing, and customer service.
I see it – the possibilities that the Internet and Social Media represent to our world. I see opportunity, and I want to participate within this medium. However, the practical and legal problems created by the application of new social networking technologies continue remain unclear from a liability (and sometimes ethical) perspective.
From a productivity perspective, employees with access to the Internet typically spend time checking their email, Facebook profile, MySpace Web page, or updating their Twitter account and their LinkedIn account. Moreover, typically such activities are seldom limited to a few minutes a day. The time spent using social networking applications is one reason why many businesses are reluctant to allow employees to use social networking sites during office hours. Add the time spent on browsing the Internet on issues that are not business-related, and the effect on employee productivity becomes an even larger issue. Nevertheless, I see that many businesses are beginning to appreciate the advantages of social networking. In fact, many companies have adopted social networking as another vehicle to gain a better presence online and a wider audience for its products and services.
Social networking sites are applications and, as such, are generally not a problem for organizations in terms of software installation. It is usually the people who utilize social networking that are a cause for concern. Social networkers, if one can call them so, are the root of five problems for an organization that allows social networking at work.
The first issue usually associated with an organizations use of social media was discussed above – productivity. If every employee in a 50-strong workforce spent 30 minutes on a social networking site every day, that would work out to a loss of 6,500 hours of productivity in one year! That lost time could have generated a significant amount of money for a business. Businesses should continue to closely monitor productivity issues. The loss of approximately 25 hours of productive work per day does not usually equate to a successful business. Organizations can explore how much social media may be costing by factoring in the average hourly wage and then trying to quantify the benefits acquired for the lost productivity. Social media may also effect company morale. Employees do not appreciate colleagues spending hours on social networking sites (and others) while they are functioning to cover the workload. The impact is more pronounced if no action is taken against the abusers.
A second issue with social media is the cost of business resources. Although updates from sites like Facebook or LinkedIn may not take up huge amounts of bandwidth, the availability of (bandwidth-hungry) video links posted on these sites creates problems for IT administrators. There is a cost to Internet browsing, especially when high levels of bandwidth are required. This is usually not as much of a factor for smaller businesses.
The third issue is often overlooked by organizations. Social networking sites create new potential to commit fraud and launch spam and malware attacks. There are more than 50,000 applications available for Facebook (according to the company) and while Facebook may make every effort to provide protection against malware, these third-party applications may not all be safe. Some have the potential to be used to infect computers with malicious code, which in turn can be used to collect data from that employee’s Facebook site. Messaging on social networking sites is also a concern because such messages are used to spread malicious code and worms.
The fourth issue is data or identity theft. More people are falling victim to online scams that seem genuine. Users may be convinced to give personal details such as Social Security numbers, employment details and so on. By collecting such information, data theft becomes a serious risk. On the other hand, people have a habit of posting details in their social networking profiles. While they would never disclose certain information when meeting someone for the first time, they see nothing wrong with posting it online for all to see on their profile, personal blog or other social networking site account. This data can often be mined by cybercriminals.
Savvy employers are constantly on the lookout for information that their employees post, as this may have a dramatic impact on the company. People often post messages without thinking through what they’ve have written. A seemingly innocuous message such as “I’m working this weekend because we’ve found a problem in our front-end product” may be a spur-of-the-moment comment but could raise concern among customers who may use that system, especially if the company handles confidential or financial detail.
Finally, the last issue arising from social media deals with my area of interest – legal liability. To date, there have been no major corporate lawsuits involving evidence from social networking sites. However, organizations need monitor employees who may be commenting publicly about the workplace. For example, one young employee wrote on her profile that her job was boring and soon received her marching orders from her boss. What if a disgruntled employee decided to complain about a product or the company’s inefficiencies in his or her profile? There are also serious legal consequences if employees use these sites and click on links to view objectionable, illicit or offensive content. An employer could be held liable for failing to protect employees from viewing such material. The legal costs, fines and damage to the organization’s reputation could be substantial.
So what are the solutions? Can we use these technologies to optimize the benefits and limit the issues described? There is no simple solution to any of the above issues. While internal controls and technology can be used to an extent to control employee use of social networking tools, it is impossible to control what they are posting at home. The dilemma is whether to embrace change and adopt these new methods of communication in light of the disadvantages and possible repercussions which are too serious to ignore. Every action, every minute spent online (and on social networking sites) may expose an organization to numerous security threats. While the subject of productivity increase is debatable, the security issues are not – they are all too real.
Ultimately, employers have three options: (1) Ban access to social networking sites (and access to Internet as well); (2) Set limits and restrictions on use; or (3) allow unmonitored access.
Most organizations take the position, and I agree, that an outright ban is a draconian approach that will probably be counterproductive. Such a decision certainly would convey a lack of trust to employees and create tension within the workplace. However, an outright ban may be an optimal solution for some organizations such as banks and government departments that deal with predominantly confidential information.
I suggest that in most cases the best option for most businesses is to allow access to social networking sites while imposing limits (when these can be used, for how long, and by whom). I certainly do not recommend that any business elect to allow unmonitored access to the Internet. Regardless of which option an organization may select, basic safeguards such as anti-virus software, a firewall, and an ability to monitor Internet use and social networking sites must be in place.
Social networking sites encourage people to disclose as much information about themselves as possible. Even the most prudent and well-meaning individuals can give away information they should not – the same applies to what is put online via company-approved social networking platforms. However, many people, including those in senior management, have online profiles on a social networking site and like the idea that they can keep in touch with contacts and friends (and their employees) via that interface.
Ultimately, if an employer elects to utilize social media it should limit access, create comprehensive policies to address the foreseeable issues, and educate management and staff on the company’s position. Crafting appropriate policies, which are acknowledged in writing and educating the workforce are absolutely critical. A policy that is not well constructed and sits on a shelf will be of little use should litigation arise. Most employees are not aware how their actions online can cause security issues for the organization. Tell them in a language they understand how a simple click on a link they receive or an application they download can result in malware infecting their machine and the network. Additionally, tell them not to click on suspicious links and to pay attention when giving out personal details online. Just because employees are clever enough to have an online profile does not mean they are technically savvy or that they have a high level of security awareness.