We have users that repeatedly get infected with viruses and spyware no matter what level or type of antivirus and antispyware software we install. It’s rather odd that ONLY THOSE particular users get re-infected day after day and that they all have MySpace accounts, FaceBook accounts, or whatever. Their employers have to continually pay us to come and clean these infections.
My reply was a bit terse. I asked Jones if he believed all the companies that don’t block access were lying about not encountering the problems he cited. (And no, I wasn’t snarky enough to point out that “outdated” is one word.)
The security issue does, however, appear to be supplanting productivity concerns as the main reason companies block access to Facebook and other social media sites. Among the dominant social networks, Facebook presents the biggest risk to company security, according to 60% of the respondents to a survey of 500 companies conducted by Sophos, an IT security organization. No other network comes close. MySpace ranks second, with 18% of companies identifying it as a concern, followed by Twitter (17%) and LinkedIn (4%).
The concerns are not illegitimate. The incidents of reported malware and spam attacks through social networks has jumped 70% since April of last year. Social networks have become common launching pads fore a couple of particularly nasty worms. The risk of infection, though, is not the only security issue that keeps IT staff up at night. Employees’ individual behavior represents a risk, particularly as web-unsavvy employees fall prey to phishing and other devious ploys. And then there’s the fear that employees will share information they shouldn’t.
Sarah Perez goes into considerable detail on the Sophos report in her post on ReadWriteWeb. Perez also notes that even Sophos isn’t advocating an outright block, despite the study’s findings:
Unfortunately for those in charge of enforcing corporate security, simply blocking Facebook and other social networks via URL is not a realistic solution anymore. The networks are often a large part of a company’s marketing and sales strategies, notes Sophos, meaning they cannot be blocked outright. Instead, companies are encouraged to use a unified approach for mitigating threats that combines data monitoring, malware protection and granular access for their employees.
A Financial Times article (free registration required) has the same advice, noting that organizations have too much to gain from employee interactions on social networks. The article, penned by the head of an information risk management and e-discovery firm, rightly notes that leetting employees access social networks from work gives them “the ability to locate the right people, information and expertise quickly, but they also greatly aid external networking, sales and marketing activities.”
The article (which I discovered on the Idea Peepshow blog, notes thyat 89% of businesses in the UK have no policies governing employee use of social networks and calls for companies to establish and enforce such policies.
As I’ve noted before, protecting the company is a matter of ensuring the proper network safeguards are in place (such as anti-malware/spyware software and the latest virus definitions) and that employees understand their responsibilities.
It works in a lot of companies that don’t block access. It can work in yours.
I spend a fair amount of time on StopBlocking.org debunking the myth of lost productivity so many people fear will result from employee access to social media. Productivity is just one of the two big fears expressed about employee access, though. The other is security; specifically, the prospects for the introduction of malware and viruses.
Nobody claims visiting Facebook or Twitter, in and of itself, will result in infection. The worry is that employees will load a seemingly innocent but actually malicious third-party app or click a shortened URL that leads them to page crafted to infecvt computers or relieve employees of confidential information.
I have no intention of minimizing the risks ever-present on the web. There’s no shortage of scumbags who want nothing more than to exploit you.
But let’s be clear: Simply blocking access is the lazy, easy way out. By taking steps to protect the company’s networks — steps that take a bit of work — your systems can remain pristine while your company can reap the benefits of employees who network with prospective customers and recruits while building higher levels of engagement with existing customers.
There are plenty of resources online that outline how to protect a network. One of the best I’ve seen appeared on ReadWriteWeb, authored just a couple months ago by Sarah Perez. She lists eight ways to keep your networks safe:
Don’t assume a link is “safe” because it’s from a friend.
Don’t assume Twitter links are safe because Twitter is now scanning for malware.
Don’t Assume Bit.ly Links are safe.
Use an up-to-date web browser.
Keep Windows up-to-date.
Keep Adobe Reader and Adobe Flash up-to-date.
Don’t assume you’re safe because you use a Mac.
Be wary of email messages from social networks (because email addresses can be “spoofed” by hackers).
Perez provides a lot of detail on each of these points — the post is well worth reading — but it all comes down to two workplace realities for companies that want to do business in the networked world:
Employees need to be educated and held accountable.
IT departments need to keep systems updated.
I’m routinely surprised by the number of companies I visit where every employee desktop is running Internet Explorer 6, where employees can’t update Flash or the Adobe Reader, where updates to software aren’t pushed out on a regular basis. I know IT departments are stretched thin and devote an inordinate amount of time to maintaining legacy systems because their budgets have been slashed. But failsing to keep employee computers updated is like the manager of a corporate auto fleet failing to change the oil or the air filter and letting employees drive around on bald tires.
As for employees, both IT and internal communications need to undertake an effort to educate employees about their own obligations when using the web — for work or no-nwork purposes. It’s incumbent upon companies to make their employees security-literate so they don’t follow unsafe shortened URLs (show them how to find out where the URL actually goes first) or respond to questionable emails.
As this blog has pointed out repeatedly, there are tremendous benefits that can accrue to organizations that encourage their employees to interact on social networks. The solution to the risks involved is not to simply shut off access, but rather to minimize the risk through good, old-fashioned hard work.
Reports of the degree to which organizations are blocking employee access to social sites continues to be discouraging, particularly given the reasons for these policies are based on misinformation and a fundamental failure to recognize the value that would accrue to organizations that developed smart policies to foster smart engagement between employees and the public.
This time around, the bad news comes out of the UK, where 90% of councils restrict access to social media. The results come from a study conducted by SOCITM, the professional association for public sector ICT management. Ironically, this group had earlier encouraged organizations to lift such restrictions, recognizing that “social media is…an economical way for public sector organisations to deliver services, communicate with staff and engage with the community.”
According to the study, 67% of councils have implemented scorched-earth policies, blocking all use of social media. Among the remaining 33%, some confine use to lunchtime and before and after work. The SOCITM report interprets these finds as proof that councils don’t see any business value to employee participation in social media.
There’s an almost equal split between councils that view security as the main reason for limiting or blocking access and those who see productivity as the problem. Still, SOCITM believes that stopping employees from tapping into these sites is impossible, given the fact that most workers have their own devices — like smartphones — that give them access to services like Facebook and Twitter. But the fact that employee access increases engagement with the communities the councils serve is the dimension of the report that jumped out at me. According to Christopher Head, who co-authored the report:
CIOs and heads of ICT need to take the lead and educate colleagues on the organisation’s management team about the benefits of social media, as well as finding ways to accommodate them appropriately and safely through the corporate infrastructure.
This advice is coming from more and more quarters, including reserach firm Gartner, which has urged businesses to take advantage of employees’ connection to sites like Facebook to facilitate their business-to-consumer strategies.
It just seems managers would rather succumb to baseless fears and take the easy way out than listen to the advice of experts who know what they’re talking about.
A colleague sent this screen capture to me. It’s what he got on his work computer after he tried to access this site, StopBlocking.org:
That’s right. Websense — maker of site-blocking tools — blocked this site. Now, Websense could have been truthful in its explanation for why it blocks access to StopBlocking.org. It could have said, “We’re not providing access to this site because if you read it and agree with it, you may no longer want to pay us for our products.” Instead, Websense resorts to dishonesty. In case you can’t read the small print, here’s what it says:
“Security risk blocked for your protection. This Websense category is filtered: Proxy Avoidance. Sites in this category may pose a security threat to network resources or private information, and are blocked by your organization.”
Let’s be clear: This is a WordPress blog and a WikiMedia wiki. It’s nothing but text and graphic images. There is no software to download, no forms to complete. You need a password to edit the wiki, but that’s just to keep spammers out. No personal information is collected as part of the password process. And you don’t have to be a wiki editor to read the wiki contents, so there’s no need to even get a password if you don’t want to contribute to the contents.
In other words, in absolutely no way is StopBlocking.org a security risk.
I can’t say I’m surprised. Any company that would make up numbers about lost productivity would make up excuses to mask the real reason they don’t want you to read the contents of a website.
At first, I shrugged off the semi-literate comment left to one of my posts over on Stop Blocking, the site I started to advocate for reasonable employee access to the Net, and particularly to social media sites.
The post to which “reason,” as he called himself left a comment reported on a study that showed 54% of companies were blocking access. Here’s his response:
isnt it funny in todays world how everyone thinks they deserve better than what they are getting without haveing to really work for it no job owes you facebook time so feel your rights are being taken for granted grow up you big baby work time is not your fun time so if you block your workers from facebook @ work dont feel that blocking reduces productivity and engagement, limits recruiting capabilities, and denies networking that ultimately benefits the organization. thats a bunch of crap do your job facebook dont pay your bills you lucky to even have a job.
I blew off the comment initially, relegating it to the “just doesn’t get it” dustbin. But I found the comment kept coming back to me, not because reason’s reasoning is right but because he seems to think that I’m advocating for employee rights in my efforts to get companies to stop blocking.
I’m not an employee rights advocate. If I were, very few of my clients would be interested in my services. My goal is to help organizations succeed. I’ve achieved my goals if companies are more profitable, more competitive, more nimble, more productive. I’m campaigning to get companies to open employee access to social sites because increasingly the networked connectivity of workers is driving competitiveness, productivity and other indicators of improved performance.
The fact is, through all my years working in employee communications, I’ve never been concerned with whether employees are happy. It’s not a company’s job to ensure employee happiness. Employee job satisfaction is another story. It’s tangible, it’s measurable and it has a direct bearing on employee engagement, which is a predictor of organizational growth.
But even job satisfaction is just one return a company gets from networked employees. Zappos encourages its employees to network on the job, resulting in a reputation for stellar customer service. Employees engaged in their social networks can also reduce the cost and improve the quality of recruiting. It can surface issues the company needs to address. It can generate ideas for new products and services. It improves employee productivity.
On that last note, productivity, I came across an item today on TMCnet sporting the provocative headline, “Workplace Productivity at an All-Time Low.” The press release touted the products of a company called Pandora — not the music streaming site, blocked by a number of companies — but rather one that “allows managers to analyze activities performed by employees and the time spent on different work items. It also affords the ability to track computer usage at a group and/or an individual level, cross-reference activities reported by an employee, and access an employee’s desktop in real-time.”
The all-time low productivity claim is based on this calculation:
On average, workers with an Internet connection spend 21 hours per week online while in the office, a little more than four hours per day. And on average, 26% of that time is spent on personal-interest websites. That amounts to roughly an hour per day, or 22 hours per month.
Pandora is just one of many companies that profit from the fear they produce with such outlandish claims. As I’ve repeatedly noted, these calculations don’t account for the benefits such networking brings to the organization, the improved productivity highlighted in a University of Melbourne study, or the amount of work these employees perform outside the 9-to-5 office hours because they’re networked. In fact, another story that crossed my desk today points out that companies in the UK were able to maintain productivity even as snowbound workers were unable to get to the office because their ability to connect with each other and the office let them get their work done from home.
And, as I’ve also noted before, these lost-productivity assertions don’t stand up to statistical scrutiny. According to the U.S. Department of Labor, nonfarm business sector labor productivity increased in the third quarter of 2009 by 8.1%. That’s a far more credible number than the back-of-the-envelope calculations Pandora, Websense and other monitoring-and-blocking companies use in their scare campaigns. In fact, it reveals the productivity claims by these companies as an outright lie.
Yet these tactics continue to influence managers, as evidenced by the fact that most companies block access despite the fact that blocking is contrary to their own self interests.
Leaders need to realize that organizations that encourage their employees to network during work — guided by clear policies and improved business literacy — will experience success that eclipses that of organizations that block access.
It’s not a question of employee entitlements. It’s a question of smart business practices.
For the first few years of my first job in the business world, my department manager would make monthly circuits of the office carrying pages and pages of telephone records. He would stop at each of his employees’ offices and cubes and review the calls made from their phones. Personal calls earned a rebuke.
Eventually, he gave up on this routine as the company grew to accept calls non-work-related numbers as an integral part of employees’ lives. Making doctors’ appointments, talking to kids’ teachers, checking in at home — these all eventually became non-issues at most organizations.
For the networked generation, checking in on Facebook is no different, according to a Deloitte study that assessed teen attitudes about ethics. Teens “are as likely to post something on a social networking site as they are to pick up a phone,” according to Maureen Mohlenkamp, Deloitte’s deputy ethics officer. According to a Pittsburgh Post-Gazette article reporting on the study, “Social networking has become so critical to the younger generation of workers, Ms. Mohlenkamp believes that having access to the sites might someday be viewed as an employee perk, along the lines of health benefits or a company cell phone.”
The key takeaway from the study, according to Mohlenkamp: “For companies to be viewed as an employer of choice, they will need to provide access to these sites. Then, it will be important for them to provide the appropriate training and education for new hires to prevent risks to the employee and the organization.”
The training and education will be necessary because 40 percent of teens — along with a third of adults (based on another Deloitte study) — fail to consider that bosses, recruiters, parents and college admission staff could look at, and be influenced by, what they post to their pages.
Opinion Research Corp. conducted the study the week of September 21 among 1,000 teens between the ages of 12 and 17.
Bob LeDrew tweeted the link to this video from TED, featuring Stefana Broadbent. It runs about 9 minutes and the connection between Stefana’s observations about how the Internet fosters intimacy and companies blocking access comes near the end. Stick with it; it’s worthwhile.
I’ve been wondering if there’s any research to suggest that those making the decision to block employee access to social media are mostly non-users of these technologies. There’s anecdotal evidence that organizations that reject blocking are led by people who recognize the value of social media based on their own engagement with it, while the comments of those who defend blocking suggest a high degree of unfamiliarity with the sites they are banning.
I routinely read quotes from executives who have blocked access insisting, for instance, that time spent on Facebook produces no business value. In the meantime, those leaders who are active on Facebook have sussed the business value based on their own interactions — the ability to identify new hires, to hear directly from customers, to evangelize the organization and its products, and so on.
According to a survey from the Government Executive Business Council, half of federal mangers don’t use Facebook at all,and nearly 15% use it less than once per week. Close to 60% of this group has never logged into LinkedIn; 23% it less than once a week. More than 80% said they never Tweet. Seven percent log on less than once each week.
There is no correlation in the study between this lack of familiarity with networks (an obvious consequence of never examining them) and efforts to keep employees from accessing them, but you have to figure these federal managers would be more inclined to buy into the hype and succumb to the temptation to keep employees away from Facebook and other new-media venues. Formal research would probably produce interesting results.
In the meantime, since we’re talking about federal managers here, if the administration is serious about getting government to pursue transparency, collaboration and participation with the public, I agree with NextGov blogger Allan Holmes, who suggests, the government “may want to first encourage federal managers to use these tools.”
(Allan, how about a link to the survey results?)
Hat tip to Tony Molloy for pointing me to the post.
While yet another completely bogus, self-serving studyhas assigned a completely unrealistic dollar amount to employee use of social networks on the job, an unlikely voice has arisen in opposition to blocking employee access.
Ann Cavoukian, the minister privacy commissioner for the Canadian province of Ontario, has called blocking employee access a mistake. According to an article in itbusiness.ca, Cavoukian said, “It’s like waving the proverbial red flag in front of your staff -– it’s almost a challenge to them to find a way around it.”
By itself, that wouldn’t lead most employeres to eschew blocking — after all, they may reason, employees who want to find a way around policies should simply be fired. But Cavoukian doesn’t stop there, noting that bans can often be counterproductive. For example, she said, finding a way to get to the sites they want to can actually take longer than just going to an unblocked site.
Cavoukian was speaking in the wake of a study released by Morse plc, a London-based company that makes money helping companies block employee access to site. Yep, another completely unbiased study by an organization with not self-interest wrapped up in the results.
Morse conducted its survey with 1,460 U.K. office workers. The results: 57% spend 40 minutes per day on average visiting social networks. That adds up to a full week each year, the value of which is, according to Morse, US $2.4 billion dollars in lost productivity.
Morse consultant Phillip Wicks called employee access to social networks “a productivity black hole.” Clearly he hasn’t seen — or has ignored — the unbiased reasearch that shows employees with access to social networks are actually more productive than those without it.
And, of course, the study doesn’t not take into account the hours these employees work in excess of the minimum eight-hour day, the amount of work they take home, and the amount of time spent on social networks that produces a benefit to the organization.
It’s reassuring to know I’m not alone in this assessment. According to Robin Wauters writing in TechCrunch Europe:
Maybe it’s just the concept of ‘business hours’ that isn’t something the new generation of office workers is apt at dealing with, considering they grew up living in a fragmented world where social media make up integral parts of their lives that cannot simply be turned off. Perhaps it’s a cultural thing or a management problem, but one thing it is most definitely not: the fault of Twitter or Facebook.
Or do you really think that guy next to you who spends hours staring at his Facebook news feed is suddenly going to be way more productive when the IT department blocks access to the site?
One more survey to ignore, move along now, nothing to see here.
(Hat tip to Tony Molloy for point out the TechCrunch Europe piece.)
Kudos to Cavoukian, who might also talk about another way in which blocking access is counterproductive: killing employee engagement leading to less enthusiastic and satisfied workers.
Kudos to Robin Wauters.
And to the self-serving, deceptive, methodology-challenged dolts at Morse plc: Fail.
Companies everywhere are blocking employee access to the Net, fueled by questionable research and irresponsible pronouncements of self-serving individuals and organizations. This site is designed to serve as a hub information resource for those who believe the benefits of providing access far outweigh the risks.
I’m not an employee rights advocate. If I were, very few of my clients would be interested in my services. My goal is to help organizations succeed. I’ve achieved my goals if companies are more profitable, more competitive, more nimble, more productive. I’m campaigning to get companies to open employee access to social sites because increasingly the networked connectivity of workers is driving competitiveness, productivity and other indicators of improved performance.