Moving beyond zero-tolerance social media policies

Social media security policies must find the balance between restriction and permission.

Social media can be a risky proposition in the workplace, and it’s understandable that some managers may be tempted to turn off all avenues of access within their organization. Between malware-infested Twitter links and regrettable Facebook photos posted after the executive retreat, there are any number of ways social media can get you in trouble. But while the hard line approach would seem to be the most obvious and effective defensive strategy, efforts to prohibit employees from using social media may do more harm than good.

Social media’s business credentials
Social media’s penchant for distracting workers with party plans and pet videos is well documented, but its ability to improve individual productivity levels gets far less attention. Citing studies from the Harvard Business Review, Forrester research analyst Nick Hayes suggested that savvy social media use could streamline office communications and enable employees to get through their daily workloads 20 to 25 percent faster. Instead of watching crucial conversations get buried in inbox clutter, teams can often interact faster and more intuitively on social platforms.

If that’s not enough of a convincing argument, there are several more for skeptics to consider. As Hayes noted in a Forbes guest post, chances are at least one of your competitors is leveraging social media to great effect even if you are not. As a result, Draconian IT policies could hamper innovation and drop a business toward the back of the pack.

Finally, the truth is that today’s workers will use social media – finding their way around a prescribed policy one way or another. Maybe they’ll be updating statuses throughout the day on their smartphone. Or, if management is lucky, they will wait until after hours. In any case, management must acknowledge the behavior and establish a more enlightened framework for addressing the associated risks without compromising the potential benefits.

Social media policy essentials
In a recent interview with BankInfoSecurity, Wharton School of the University of Pennsylvania communications director Sherrie Madia suggested that the first step for companies to take should be clearly defining the scope of what will and will not be covered by rules and regulations. Potential policy points might include whitelisting applications approved for office use, which company products and services can be discussed online and what potential copyright issues employees may encounter.

After acceptable use expectations are set out on the table, companies must also make employees aware of the technical reinforcements that will be used to monitor and/or regulate their behavior. Not only is that a matter of ethics, it will also promote greater employee awareness of potential security risks if IT teams are willing and able to clearly explain their rationale for employing protective tools.

Are social media policies explicitly defined in your office? If so, what combination of rules and tools are you relying on? Let us know in the comments section below!

Matt Williams

A self-proclaimed ‘tech geek’, Matt has worked in technology for a decade and divides his time between blogging and working in IT. A huge New York Giants fan, when not watching football Matt gets his game on playing Call of Duty with his friends and other tech bloggers.