Social Media Safety: Acceptable-Use Policies Are Critical
Allowing access to social networking sites can open businesses up to a plethora of security risks. The key to success, Forrester Research says, is a strong acceptable use policy. Here's how to craft one.
Thu, April 08, 2010
CIO — It's a Catch-22 for many companies and IT departments: Allow access to social media sites such as Facebook, Twitter and LinkedIn, and the company is opened up to malicious content, phishing schemes and account hijackings. Block all social media sites, and the business risks losing young talent to competitors or will challenge employees to find workarounds. Which can be equally dangerous.
But because IT execs don't own these social networking sites and thus have no influence in enforcing strong passwords and vulnerability management, the key to achieving a safe compromise, a new Forrester Research report says, is focusing on what IT execs can influence: a corporate acceptable use policy.
Policies should encompass the following five questions, according to Forrester's report: To Facebook or Not to Facebook. Additionally, companies have to take into consideration whether these policies extend to remote groups outside the corporate network—such as remote workers and contractors—and if so, under what conditions these policies would be in effect.
1. Do all employees need the same level of access to social networking sites? Most likely, the report says, the answer is no. Marketing and sales, for example, may require more liberal policies if they're regularly posting videos and tweeting; a policy for the finance or sales departments, however, may need to be more restrictive. It's important to consider the company culture when writing the policy—how liberal or restrictive is it in terms of personal computing in the workplace?
[To learn more about social media policies, read "How to Devise a Stellar Social Media Policy: NASA's Tips."]
2. Is there a need for employees to download software? Third-party Facebook applications, for example, can present security risks, so if the company allows access to the site, consider blocking the ability to download software from it. "This will of course dilute the social networking experience, but in many ways, it's an acceptable compromise for workplace access," the report says.