There are solutions to security issues other than blocking

I spend a fair amount of time on StopBlocking.org debunking the myth of lost productivity so many people fear will result from employee access to social media. Productivity is just one of the two big fears expressed about employee access, though. The other is security; specifically, the prospects for the introduction of malware and viruses.

Nobody claims visiting Facebook or Twitter, in and of itself, will result in infection. The worry is that employees will load a seemingly innocent but actually malicious third-party app or click a shortened URL that leads them to page crafted to infecvt computers or relieve employees of confidential information.

I have no intention of minimizing the risks ever-present on the web. There’s no shortage of scumbags who want nothing more than to exploit you.

But let’s be clear: Simply blocking access is the lazy, easy way out. By taking steps to protect the company’s networks — steps that take a bit of work — your systems can remain pristine while your company can reap the benefits of employees who network with prospective customers and recruits while building higher levels of engagement with existing customers.

There are plenty of resources online that outline how to protect a network. One of the best I’ve seen appeared on ReadWriteWeb, authored just a couple months ago by Sarah Perez. She lists eight ways to keep your networks safe:

• Don’t assume a link is “safe” because it’s from a friend.

• Don’t assume Twitter links are safe because Twitter is now scanning for malware.
• Don’t Assume Bit.ly Links are safe.
• Use an up-to-date web browser.
• Keep Windows up-to-date.
• Keep Adobe Reader and Adobe Flash up-to-date.
• Don’t assume you’re safe because you use a Mac.
• Be wary of email messages from social networks (because email addresses can be “spoofed” by hackers).

Perez provides a lot of detail on each of these points — the post is well worth reading — but it all comes down to two workplace realities for companies that want to do business in the networked world:

• Employees need to be educated and held accountable.

• IT departments need to keep systems updated.

I’m routinely surprised by the number of companies I visit where every employee desktop is running Internet Explorer 6, where employees can’t update Flash or the Adobe Reader, where updates to software aren’t pushed out on a regular basis. I know IT departments are stretched thin and devote an inordinate amount of time to maintaining legacy systems because their budgets have been slashed. But failsing to keep employee computers updated is like the manager of a corporate auto fleet failing to change the oil or the air filter and letting employees drive around on bald tires.

As for employees, both IT and internal communications need to undertake an effort to educate employees about their own obligations when using the web — for work or no-nwork purposes. It’s incumbent upon companies to make their employees security-literate so they don’t follow unsafe shortened URLs (show them how to find out where the URL actually goes first) or respond to questionable emails.

As this blog has pointed out repeatedly, there are tremendous benefits that can accrue to organizations that encourage their employees to interact on social networks. The solution to the risks involved is not to simply shut off access, but rather to minimize the risk through good, old-fashioned hard work.