Social Network Security Risks
Human Resources (HR) Meets Generation Y
Does banning employees from Facebook, Myspace, Bebo and Hi5 stifle the younger generation? Web 2.0 economist Don Tapscott argues that bosses should not block social network sites. He says that by blocking them managers alienate young workers, denigrate the technology that defines them and prevents them from collaborating productively. Tapscott (author of the book Grown Up Digital) almost makes the prohibition of social media sound like the violation of a civil right.
Although I agree that interactive media can promote an esprit de corps among employees and empower them to work more efficiently, I question whether pop sites like Facebook and Myspace are the best for doing that. I suggest managers open a dialogue with employees about the topic. If employees believe that access to pop sites is consistence with the purpose of their employment, then let them prove it.
For example, access could be enabled on a provisional basis, subject to daily time limitations and review after two or three months. Managers could invite employees to report their experiences. Employee advocates might be asked to explain why pop sites are better than other options, such as straight-laced blogs, special-interest social sites like The Internet Protectors (specializing on computer security) or private (password-only) social sites created on platforms like Ning.com.
When it comes to productivity, there’s nothing magical about pop sites that would render them more effective than their many alternatives. Pop sites place emphasis on games, advertising and entertainment like music and video. Filtering that stuff is much like forbidding an older technology – television – from the office. Few would suggest that forbidding TV is tantamount to encroaching on a civil right.
What’s more, open social network sites like Myspace are a security risk. The virus Koobface has been infecting Myspace and Facebook visitors for months. Malware like Koobface can infect company PCs and the company network.
One strategy for employers is selective blocking, where only certain suspect sites are blocked, with a screen that reminds employees they are responsible for getting their work done.
Update: Now Koobface is spreading through Twitter.
–Ben Wright, IT security law instructor for the SANS Institute