Technology presents us with new opportunities and challenges on a regular basis. Social networks and other “web 2.0” applications are starting to make inroads into the mainstream of the internet (ask how many of your iPhone-using friends have apps for one or both of these to measure the reality of the hype). As a result, staff at your business are bringing their internet usage habits into the workplace. Prospective customers are looking for you through these tools. And business owners may want to consider the implications for their organizations.
IT departments at most organizations have struggled with having an effective internet usage policy for staff with internet access. The difficulty has been in balancing the security of the network from viruses and other security threats against the need of users to access internet resources for business purposes. The rise of google as a synonym for searching the web has increased the overall utilization of the internet as a business research tool. Trying to keep inappropriate content from appearing in search results poses a real challenge for IT departments.
In addition, with the advent of more sophisticated attacks from web sites, IT departments have struggled to block phishing and other infectious sites and patch their organization’s computers to be resistant to attacks from the internet. Facebook and twitter have both been used by malicious users to launch attacks on users of these sites (either by writing malicious applications and publishing them on facebook, or by posting malicious links in twitter postings). The unfortunate knee-jerk reaction of most IT departments is to simply block these sites at the corporate firewall, preventing staff from having any access to these internet resources.
The typical rationale has been that these are not work-related sites, and staff are just wasting time using them on the clock, therefore, shutting down access to them at work is perfectly reasonable. But, that rationale may no longer work as the web 2.0 world begins to take shape. For one thing, more businesses are establishing fan pages on facebook in order to advertise their services and provide information to their customers. Innovative businesses also may develop applications for facebook that are both popular and help to advertise the services offered by the organization. Businesses also use twitter to keep customers in the loop on activities and events of the company, or monitor twitter to evaluate how its own advertising campaign may be progressing in reaching certain demographics.
Web 2.0 technologies are becoming more pervasive on the internet, which also increases the minimum skill sets of staff working for organizations that use web technologies to reach customers. Blocking these technologies from the corporate network may result in a less-skilled workforce. And, ultimately, according to Gartner, such efforts are futile and bound to fail because of the pervasive nature of these technologies. (See CNET article)
It would seem that liberalization of internet use policies at companies, then, is an inevitable result. And with that increased access comes new responsibilities for staff and businesses. A landlord sued a former tenant for defamation earlier this year as a result of some tweets by the tenant about mold in her apartment. (See article here) Twitter itself is a rather informal medium for posting information online – similar to having an instant message chat in the chat rooms of yesteryear (which seem so quaint today). And because it streams posts real time, you may say something that you later regret. Imagine, for example, that your business allows access to twitter, and one of your employees angrily posts a series of defamatory tweets about a competitor or vendor. Your organization may be slapped with a lawsuit if that competitor is monitoring twitter for tweets mentioning it by name.
Facebook represents similar challenges for organizations, especially where employees may blur the line between their social lives and work lives by forming, for example, groups on facebook of other employees. Suppose a group of employees creates a group for only certain kinds of employees from your organization, and intentionally excludes others (perhaps on the basis of gender or age). Is your organization discriminating against the excluded group? Does your organization have liability for the acts of your employees in forming the exclusive group?
The web can also present a trade secret leak for those of you that have proprietary information or processes that are used by your business to generate revenue. Social media also present challenges for protecting intellectual property, and avoiding infringement claims by others (tarnishment of famous marks on twitter – I’m sure a case is brewing as I type this story).
These questions are unanswered. And I don’t offer these hypotheticals to scare your organization into shutting down the internet connection at the office. My point is to encourage your organization to think about your policies related to internet usage and what constitutes acceptable use of the internet during normal work hours. Establishing an effective policy, and consistently enforcing that policy with your staff goes a long way to managing your exposure to a law suit. Controlling the internet at the organization’s firewall is unlikely to be a sufficient risk management tool.
There are a number of good starting points for a good internet usage policy for organizations. Here are some principles to consider when drafting yours:
- Empower staff to be responsible for their internet usage.
- Disrespectful communication is not acceptable, whatever the medium of communication.
- Do not download and install software from the internet that is not approved by your IT staff.
- Use the internet for professional reasons.
- Be mindful that staff representations online reflect on the reputation of their employer.
- There are real-world consequences for staff that abuse access to the internet.
If your organization uses facebook or twitter today to market itself, re-enforce with your staff that organizational posts should be approved prior to posting on the web. The immediacy of these services should be resisted by staff in order to ensure a consistent and accurate message is communicated to the outside world.