Entries from January 2010 ↓

There are solutions to security issues other than blocking

I spend a fair amount of time on StopBlocking.org debunking the myth of lost productivity so many people fear will result from employee access to social media. Productivity is just one of the two big fears expressed about employee access, though. The other is security; specifically, the prospects for the introduction of malware and viruses.

Nobody claims visiting Facebook or Twitter, in and of itself, will result in infection. The worry is that employees will load a seemingly innocent but actually malicious third-party app or click a shortened URL that leads them to page crafted to infecvt computers or relieve employees of confidential information.

I have no intention of minimizing the risks ever-present on the web. There’s no shortage of scumbags who want nothing more than to exploit you.

But let’s be clear: Simply blocking access is the lazy, easy way out. By taking steps to protect the company’s networks — steps that take a bit of work — your systems can remain pristine while your company can reap the benefits of employees who network with prospective customers and recruits while building higher levels of engagement with existing customers.

There are plenty of resources online that outline how to protect a network. One of the best I’ve seen appeared on ReadWriteWeb, authored just a couple months ago by Sarah Perez. She lists eight ways to keep your networks safe:

  • Don’t assume a link is “safe” because it’s from a friend.
  • Don’t assume Twitter links are safe because Twitter is now scanning for malware.
  • Don’t Assume Bit.ly Links are safe.
  • Use an up-to-date web browser.
  • Keep Windows up-to-date.
  • Keep Adobe Reader and Adobe Flash up-to-date.
  • Don’t assume you’re safe because you use a Mac.
  • Be wary of email messages from social networks (because email addresses can be “spoofed” by hackers).

Perez provides a lot of detail on each of these points — the post is well worth reading — but it all comes down to two workplace realities for companies that want to do business in the networked world:

  • Employees need to be educated and held accountable.
  • IT departments need to keep systems updated.

I’m routinely surprised by the number of companies I visit where every employee desktop is running Internet Explorer 6, where employees can’t update Flash or the Adobe Reader, where updates to software aren’t pushed out on a regular basis. I know IT departments are stretched thin and devote an inordinate amount of time to maintaining legacy systems because their budgets have been slashed. But failsing to keep employee computers updated is like the manager of a corporate auto fleet failing to change the oil or the air filter and letting employees drive around on bald tires.

As for employees, both IT and internal communications need to undertake an effort to educate employees about their own obligations when using the web — for work or no-nwork purposes. It’s incumbent upon companies to make their employees security-literate so they don’t follow unsafe shortened URLs (show them how to find out where the URL actually goes first) or respond to questionable emails.

As this blog has pointed out repeatedly, there are tremendous benefits that can accrue to organizations that encourage their employees to interact on social networks. The solution to the risks involved is not to simply shut off access, but rather to minimize the risk through good, old-fashioned hard work.

90% of UK councils block employee social media access

Reports of the degree to which organizations are blocking employee access to social sites continues to be discouraging, particularly given the reasons for these policies are based on misinformation and a fundamental failure to recognize the value that would accrue to organizations that developed smart policies to foster smart engagement between employees and the public.

This time around, the bad news comes out of the UK, where 90% of councils restrict access to social media. The results come from a study conducted by SOCITM, the professional association for public sector ICT management. Ironically, this group had earlier encouraged organizations to lift such restrictions, recognizing that “social media is…an economical way for public sector organisations to deliver services, communicate with staff and engage with the community.”

According to the study, 67% of councils have implemented scorched-earth policies, blocking all use of social media. Among the remaining 33%, some confine use to lunchtime and before and after work. The SOCITM report interprets these finds as proof that councils don’t see any business value to employee participation in social media.

There’s an almost equal split between councils that view security as the main reason for limiting or blocking access and those who see productivity as the problem. Still, SOCITM believes that stopping employees from tapping into these sites is impossible, given the fact that most workers have their own devices — like smartphones — that give them access to services like Facebook and Twitter. But the fact that employee access increases engagement with the communities the councils serve is the dimension of the report that jumped out at me. According to Christopher Head, who co-authored the report:

CIOs and heads of ICT need to take the lead and educate colleagues on the organisation’s management team about the benefits of social media, as well as finding ways to accommodate them appropriately and safely through the corporate infrastructure.

This advice is coming from more and more quarters, including reserach firm Gartner, which has urged businesses to take advantage of employees’ connection to sites like Facebook to facilitate their business-to-consumer strategies.

It just seems managers would rather succumb to baseless fears and take the easy way out than listen to the advice of experts who know what they’re talking about.

What employees see vs. the truth

A colleague sent this screen capture to me. It’s what he got on his work computer after he tried to access this site, StopBlocking.org:

That’s right. Websense — maker of site-blocking tools — blocked this site. Now, Websense could have been truthful in its explanation for why it blocks access to StopBlocking.org. It could have said, “We’re not providing access to this site because if you read it and agree with it, you may no longer want to pay us for our products.” Instead, Websense resorts to dishonesty. In case you can’t read the small print, here’s what it says:

“Security risk blocked for your protection. This Websense category is filtered: Proxy Avoidance. Sites in this category may pose a security threat to network resources or private information, and are blocked by your organization.”

Let’s be clear: This is a WordPress blog and a WikiMedia wiki. It’s nothing but text and graphic images. There is no software to download, no forms to complete. You need a password to edit the wiki, but that’s just to keep spammers out. No personal information is collected as part of the password process. And you don’t have to be a wiki editor to read the wiki contents, so there’s no need to even get a password if you don’t want to contribute to the contents.

In other words, in absolutely no way is StopBlocking.org a security risk.

I can’t say I’m surprised. Any company that would make up numbers about lost productivity would make up excuses to mask the real reason they don’t want you to read the contents of a website.

Open access is smart business, not an employee entitlement

Cross-posted from a shel of my former self.

At first, I shrugged off the semi-literate comment left to one of my posts over on Stop Blocking, the site I started to advocate for reasonable employee access to the Net, and particularly to social media sites.

The post to which “reason,” as he called himself left a comment reported on a study that showed 54% of companies were blocking access. Here’s his response:

isnt it funny in todays world how everyone thinks they deserve better than what they are getting without haveing to really work for it no job owes you facebook time so feel your rights are being taken for granted grow up you big baby work time is not your fun time so if you block your workers from facebook @ work dont feel that blocking reduces productivity and engagement, limits recruiting capabilities, and denies networking that ultimately benefits the organization. thats a bunch of crap do your job facebook dont pay your bills you lucky to even have a job.

I blew off the comment initially, relegating it to the “just doesn’t get it” dustbin. But I found the comment kept coming back to me, not because reason’s reasoning is right but because he seems to think that I’m advocating for employee rights in my efforts to get companies to stop blocking.

I’m not an employee rights advocate. If I were, very few of my clients would be interested in my services. My goal is to help organizations succeed. I’ve achieved my goals if companies are more profitable, more competitive, more nimble, more productive. I’m campaigning to get companies to open employee access to social sites because increasingly the networked connectivity of workers is driving competitiveness, productivity and other indicators of improved performance.

The fact is, through all my years working in employee communications, I’ve never been concerned with whether employees are happy. It’s not a company’s job to ensure employee happiness. Employee job satisfaction is another story. It’s tangible, it’s measurable and it has a direct bearing on employee engagement, which is a predictor of organizational growth.

But even job satisfaction is just one return a company gets from networked employees. Zappos encourages its employees to network on the job, resulting in a reputation for stellar customer service. Employees engaged in their social networks can also reduce the cost and improve the quality of recruiting. It can surface issues the company needs to address. It can generate ideas for new products and services. It improves employee productivity.

On that last note, productivity, I came across an item today on TMCnet sporting the provocative headline, “Workplace Productivity at an All-Time Low.” The press release touted the products of a company called Pandora — not the music streaming site, blocked by a number of companies — but rather one that “allows managers to analyze activities performed by employees and the time spent on different work items. It also affords the ability to track computer usage at a group and/or an individual level, cross-reference activities reported by an employee, and access an employee’s desktop in real-time.”

The all-time low productivity claim is based on this calculation:

On average, workers with an Internet connection spend 21 hours per week online while in the office, a little more than four hours per day. And on average, 26% of that time is spent on personal-interest websites. That amounts to roughly an hour per day, or 22 hours per month.

Pandora is just one of many companies that profit from the fear they produce with such outlandish claims. As I’ve repeatedly noted, these calculations don’t account for the benefits such networking brings to the organization, the improved productivity highlighted in a University of Melbourne study, or the amount of work these employees perform outside the 9-to-5 office hours because they’re networked. In fact, another story that crossed my desk today points out that companies in the UK were able to maintain productivity even as snowbound workers were unable to get to the office because their ability to connect with each other and the office let them get their work done from home.

And, as I’ve also noted before, these lost-productivity assertions don’t stand up to statistical scrutiny. According to the U.S. Department of Labor, nonfarm business sector labor productivity increased in the third quarter of 2009 by 8.1%. That’s a far more credible number than the back-of-the-envelope calculations Pandora, Websense and other monitoring-and-blocking companies use in their scare campaigns. In fact, it reveals the productivity claims by these companies as an outright lie.

Yet these tactics continue to influence managers, as evidenced by the fact that most companies block access despite the fact that blocking is contrary to their own self interests.

Leaders need to realize that organizations that encourage their employees to network during work — guided by clear policies and improved business literacy — will experience success that eclipses that of organizations that block access.

It’s not a question of employee entitlements. It’s a question of smart business practices.