Forbid Twitter at Work?

Selective Internet Blocking as Employment Policy and Warning

Twitter can be a distraction in the workplace.  Oprah, who boasts almost a million followers on Twitter, caused mob scenes at KFC stores by tweeting about a free chicken coupon download-able from her web site.  News spread as other Twitter authors repeated the message.

To be sure:  much of the Twitter traffic and downloading attending to this stampede happened in the workplace, on office computers.  What a waste of employee time.  What a tax on business computers.  What a threat to security.

As Twitter, Facebook, Myspace and other social media swarm the workplace, they’re almost impossible to block entirely.  The channels of communication (web pages, widgets, instant message and more) are too numerous.

Update:  A large percentage (24%!) of all Twitter Tweets are generated by robots (“bots”), not individual people, which suggests Twitter contains a lot of junk and spam.

So should management surrender control of company networks? No.

Selective blocking is a strategy.  Selective blocking can remind employees that they are expected to be responsible adults.  For example, here is a screen that Cyberpatrol could produce when employees visit web sites like Twitter or Facebook:screenshot

(Note: I created the custom message to employees by editing the html in one of the blocking screens available in Cyberpatrol. )

A screen like this cautions employees that social networking at work is a bad idea.  Will it stamp out wasteful e-chat in all of its forms?  No.  But it does respectfully display management’s concern and authority.  It reinforces an employee acceptable use policy.  And it hints that management may be able to monitor what an employee is doing on company computers.

–Ben Wright

At the SANS Institute Mr. Wright teaches IT administrators how to avoid going to jail.


Screening Twitter from Work or School

Employees Wasting Time with Micro-blogs?

Twitter is popular, and if it is not blocked or forbidden, it can depress workplace productivity.  Twitter is a free service that broadcasts text messages (also known as updates or tweets) of up to 140 characters in length.  Twitter can be addictive, as readers can enjoy the distraction of reading each little instant message as it comes in.

Twitter supports multiple media for sending and receiving.  Users can exchange tweets by way of web pages, electronic mail or mobile (cell) phones (text, IM or SMS).

Responsible use of Twitter can help employees perform their job. For example stock brokers might use Twitter to keep abreast of the latest financial gossip.

But many employers or teachers may have little tolerance for Twitter within their domains.  Although employees or students may need access to Internet-connected computers, Twitter can be a nuisance.  Administrators therefore might adopt a policy that bans Twitter, and take technical steps to block it.  Technical measures might include the deployment of software that blocks certain URLs (such as,,,, which support Twitter or its widgets).

Further, an administrator might use Internet monitoring software to discover which time-wasting sites users are visiting – the latest access points for Twitter and other worthless chat.

An administrator who monitors computer usage is wise to warn users of that fact.

Update:  Popular services like Twitter inevitably attract the interest of hackers.  Some Twitter users contracted the StalkDaily virus.  For some employees there is no reason for them to be on Twitter at work.  Security is an additional reason to block the access of these employees to Twitter.

–Ben Wright Mr. Wright teaches data security and e-mail records law at the SANS Institute.

Ban Facebook and Myspace from Work?

Social Network Security Risks

Human Resources (HR) Meets Generation Y

Update:  The US Marines are banning social network sites like Facebook, Myspace and Twitter.

Does banning employees from Facebook, Myspace, Bebo and Hi5 stifle the younger generation? Web 2.0 economist Don Tapscott argues that bosses should not block social network sites.  He says that by blocking them managers alienate young workers, denigrate the technology that defines them and prevents them from collaborating productively.  Tapscott (author of the book Grown Up Digital) almost makes the prohibition of social media sound like the violation of a civil right.

Although I agree that interactive media can promote an esprit de corps among employees and empower them to work more efficiently, I question whether pop sites like Facebook and Myspace are the best for doing that.  I suggest managers open a dialogue with employees about the topic.  If employees believe that access to pop sites is consistence with the purpose of their employment, then let them prove it.

For example, access could be enabled on a provisional basis, subject to daily time limitations and review after two or three months.  Managers could invite employees to report their experiences.  Employee advocates might be asked to explain why pop sites are better than other options, such as straight-laced blogs, special-interest social sites like The Internet Protectors (specializing on computer security) or private (password-only) social sites created on platforms like

When it comes to productivity, there’s nothing magical about pop sites that would render them more effective than their many alternatives.  Pop sites place emphasis on games, advertising and entertainment like music and video. Filtering that stuff is much like forbidding an older technology – television – from the office.  Few would suggest that forbidding TV is tantamount to encroaching on a civil right.

What’s more, open social network sites like Myspace are a security risk.  The virus Koobface has been infecting Myspace and Facebook visitors for months.  Malware like Koobface can infect company PCs and the company network.

One strategy for employers is selective blocking, where only certain suspect sites are blocked, with a screen that reminds employees they are responsible for getting their work done.

Update:  Now Koobface is spreading through Twitter.

–Ben Wright, IT security law instructor for the SANS Institute