There's an interesting article over at PCWorld this week suggesting that social networking Web sites are putting businesses at risk for security breaches. Author Howard Price says now that it's possible to link personal accounts like Twitter and Facebook to accounts at career-oriented sites like LinkedIn, a single status message is often cross-posted across all of a user's accounts. That's not a big deal if your employees limit their messages to what they had for lunch, but it might be if your senior sales manager complains openly about a recent meeting with a potential client.
The ability to connect personal and professional social networking sites is beginning to blur the line between the two. At best, it might cause some embarrassment from employees who don't check themselves before discussing work-related issues online. At worst, it may compromise sensitive company information.
Take, for example, the story of James Andrews, Vice President of PR firm Ketchum. On a recent trip to Memphis, TN, for a meeting with execs from FedEx, Andrews tapped out a message on Twitter that read, "True confession but i’m in one of those towns where I scratch my head and say 'I would die if I had to live here!'" FedEx employees, who rather like their hometown, understandably became unglued at the insult.
Setting aside the obvious question of why anyone would want to hire a PR firm that clearly doesn't "get" the breadth, depth, or impact of social marketing, can you imagine the damage Andrews did to his company's -- and his own -- reputation? One careless remark can cost a business client, customers, or both.
So, what's an IT manager to do? The automatic reaction is to block employees from using social networking sites, but that's really not an effective plan when workers can simply send status messages from their mobile phones. As Price points out, "The thing that needs protecting is your data, not your Web access. Data protection has many forms, but all good data protection starts with solid and repetitive user education. The computer security industry is responding to this need by delivering tools for IT to help learn about important and sensitive data. By learning where data is stored, how it is handled and who has access, IT can build more effective policies to protect it more quickly."
It's also a good idea to develop some new policies and procedures to include in the company handbook. Outline clearly that employees are not permitted to discuss company business online without consent, and spell out the penalties if they do. It's hard to believe that people need to be reminded of such things, but they do. On the Internet, where nobody knows you're a dog, it's easy to get caught up in the anonymity and forget that you are what you Tweet.