Social Networking Has Risks Even Inside Companies
November 01 , 2010
Big enterprises have a hate-love relationship with social networking.
They don't want business reputations conflated with people's private lives. They don't want business details leaking out in Twitter feeds. When Facebook asks: "What's on your mind?" companies don't want the employee replying: "Just lost the Wal-Mart contract. Forget my stock options."
But they want to hire tech-savvy, gregarious Millennials who have spent their lives on social networks. They want their own workers to share expertise and ideas to build teams and boost creativity.
Internal Social Networks
Increasingly, enterprises are building internal social networks that are safely behind a firewall. There are internal networking analogs for Facebook, Delicious, Twitter, IM, YouTube, presence and wikis.
The hope is that the enterprise will be able to use those tools without taking too many risks. And enterprises want to make sure that employees don't decide to create their own insecure, ad hoc networks using smart-phones because they seem much more efficient than corporate e-mail.
As an executive at one management consulting company told me: "Employees are asking why they can't do at work what they do at home. If they give a presentation their instinct is to put it on Facebook."
Risks to Enterprise Social Networks
The problem is that internal social networks that are completely isolated behind firewalls aren't very useful. And opening up the firewalls to trusted outsiders such as customers, suppliers, third-party contractors, advertising firms and search firms runs many of the same risks that public networks have.
In fact, social networking behind a porous firewall may be even riskier than using public tools. Employees may get a false sense of being able to post frankly without being aware of who can see it.
"Plaintiffs' attorneys in sex, age or race discrimination cases eagerly examine social networks. "
It's vital for companies to train every employee about the benefits and perils of internal-social networks. IT departments can put in some safeguards, but they won't be able to completely overcome the technological imperative to share useful stuff. As Stewart Brand memorably wrote, "Information wants to be free."
One interpretation is that people who have it want to share it. Technology can prevent casual hackers from seeing corporate details, but it can't prevent employees from unthinkingly revealing corporate secrets.
Training and Policy Essential
Using your own name is a huge guarantor of corporate responsibility. Many companies have concluded that the first policy for social networks is that employees always use their true identity.
Even if a company is doing business using avatars in a Second Life community, they require employees to identify themselves by name and position. IT can help by authenticating every user who logs on to the corporate network.
Employees still need to be trained to be conscious of security risks. Sharing a list of tagged Web sites with a former colleague might seem harmless. But in aggregate, the listings might indicate a new marketing campaign or a potential takeover interest.
They also need to be conscious of the difference between making jocular comments on a social network and using informal comments on similar work sites.
Social Networking -- Legal Concerns
Lawyers say plaintiff's attorneys in sex, age or race discrimination cases eagerly examine social networks for signs that behavior at a company, especially by managers, may be viewed as hostile by certain groups. They worry about wikis where participants offer inappropriate suggestions for the office Christmas party that may be unearthed in some sexual harassment suit.
When outside contractors are allowed on project wikis, it's especially important for employees to temper casual remarks. But remembering to never disparage competitors or clients can be difficult, especially when the medium is designed to encourage freewheeling discussion. The problem is that even offhand thoughts are saved once they're written down.
Legal expert Steven C. Bennett, a lawyer with Jones, Day in New York, wrote in a January article on social-networking policies that it's vital to "Remind employees that any electronic communications and social networking activities for work-related purposes must maintain and reflect the company's standards for professionalism, including proper tone and subject matter."
He adds: "profanity and vulgar or demeaning jokes are inappropriate. Employees should also avoid discussions of conduct that is prohibited by company policies, such as alcohol and drug use on the company's premises."
So employees on corporate networking sites should feel free to speak up and share as if they were at a company cocktail party -- where they're drinking only club soda.