Facebook, Myspace, Second life. All examples of social networking services (SNS). Many businesses are seizing on this new technology as a channel to drive sales, promote brand and network for business opportunities. Much of it comes from marketers who are excited about the target marketing possibilities of these sites — they gather so much data about individuals that marketers are able to profile very specific demographics. At the same time there is a very real risk to small businesses.
The huge uptake of SNS membership and the increasing spend by some major consumer product companies on these sites provides a sense of 'normalcy' about them that could prove dangerous to the unwary user. Mainstream acceptance hasn't been matched by efforts to improve security. It's not unknown for fraudsters to gather, piecemeal from a number of company employee profiles, sufficient information to access company intranets or launch malware attacks against company computers.
Increasingly the question is being posed — should employees be allowed to access SNS over their organisation's computers? Many major corporations who need to maintain absolute security over client data, their records and their reputation, such as financial institutions, have answered with a firm 'No' and simply locked them out of company computers.
Develop an acceptable use policy
According to experts, the first step is to develop policies and train employees. If you don't have policies in place for SNS use (along with blogs, wikis, and their like), then you're leaving yourself at risk.
Define the times when social networking is acceptable
Social networking is addictive and unrestricted access inevitably results in employees spending more and more time online checking out what their friends are up to. Assign only out-of-work periods (lunch break, before or after their work hours) as times in which employees can social network.
Mandate the use of privacy settings
SNS sites are notoriously short on privacy. In their profiles users can enter a host of information including their name, address, phone number, email and their workplace. A privacy level can be assigned to each field of information restricting who can access it, though few users appear aware of this. Mandate that any business related information is assigned the highest privacy setting the site provides.
Set guidelines for chatting about work related matters
It's very natural for people to talk about work, and that talk often gets into messages posted to social networking sites. The business' reputation could be put at risk by inappropriate comments by employees. Criticism by disgruntled employees or jokes that could be misunderstood by people outside the organisation can do irreparable damage. Spell out the principles for business related chat such as the need to maintain client confidentiality, the contexts in which your organisation's name can be used and the inappropriateness of making disparaging remarks about fellow workers.
Point out the IT threats
Malicious code is being embedded in Web 2.0 links. Employees casually clicking on links could lead them to malware that will infect work computers. Train employees in the company's IT security policies to make them aware of what's allowed and what they're prohibited from doing.
Make improper use a disciplinary matter
Make it clear there will be consequences for posting unacceptable comments or business information on social networking sites and detail the disciplinary action that will be imposed.