Home     Contacts     Editorial     Advertising     Subscribe     Archives     Search     CMA Canada  
Current Print Edition
May 2008
Columns Table of Contents   Printer Friendly

Online social networking arrives in the office

Social media sites, still seen by many as recreational venues for teenagers and university students, have become a common fixture in the office, and are gaining popularity in a variety of business uses. Few organizations, however, understand the implications.

By Jacob Stoller

When Microsoft invested in Facebook last fall, it was a sign that social media sites had hit the mainstream. While there have been setbacks — usage numbers for several sites have posted declines in recent months — most experts agree that online social networking is here to stay. More importantly, the use of social media sites, such as Facebook, has expanded from the dormitory room into the office. 

This transition is a logical one, according to Dirk Trojan, a consultant with the information management and strategy practice at Calgary-based Cenera. “The power of this thing is going to be harnessed in many different ways,” he says. “Businesses and organizations are social networks, and so this is simply doing the things that we do by other means.”

HR departments, including Cenera’s, are starting to use social-networking sites to find and qualify candidates. Salespeople are using business-oriented networking sites, such as LinkedIn, to connect with prospects and customers. Consulting organizations are using the technology for knowledge management. “A lot of organizations, larger organizations especially, are serious about leveraging this stuff to build communities of practice,” Trojan explains. “It’s almost a collaborative platform — how can we know what we know?”

Protecting private information

The use of social media sites on the corporate network, however, is getting mixed reviews from business stakeholders. There are concerns about employees wasting valuable time chatting with their friends online. Social networking can also tie up the corporate network by creating excessive traffic. The number one concern, however, is security, particularly around the potential leaking of sensitive information.

Some organizations, alarmed by the potential of leaking sensitive information, have gone as far as banning social media sites outright. This tactic, however, may be avoiding the real issue. “My view would be that it comes down to everything but the technology,” he says. “I think it’s fair to say that you’ve already lost if you just simply take away the venue or the tool. This is really about acceptable behaviours, not acceptable use.” Furthermore, as Trojan points out, prohibition was also considered by many businesses when the Internet, and more recently instant messaging, gained prevalence.

It’s clear, however, that organizations need to be much more aware of this trend and its potential impact. “It’s very much a cutting-edge kind of issue,” Constantine Karbaliotis, security and privacy awareness specialist at security software vendor Symantec, says. “I don’t believe organizations really understand the extent to which social and business networking sites are utilized and are so pervasive.”

Users tend to be naïve as well, even those who are very adept using social media sites. “There’s an impression among frequent online users that what they’re doing is somehow private,” Fazila Nurani, a Toronto-based lawyer and founder of Priva-Tech Consulting, says. “They really don’t get how widely it could be distributed.” 

A particularly unforgiving aspect of social networking is that everything is recorded and, for all intents and purposes, permanent. Public information posted on a media site can be easily copied or downloaded and stored by others. Furthermore, as the New York Times recently reported, information posted on Facebook remains in their system even after an account has been deactivated.

This permanence contributes to what Karbaliotis refers to as the aggregation factor. “It’s been observed by people in the technology community,” explains Karbaliotis, “that if you have multiple social networking sites, and maybe also a business networking site that you belong to, and if you look at all the information aggregated across those locations, there’s often enough information there to commit identity theft. People look at individual sites and say ‘well, I didn’t put anything there specifically that would cause a problem.’ But they’re not looking at the aggregate of the information that’s available.”

User beware

An area where extreme caution is advised is in the uploading of customer information.  “I’m thinking particularly of business networking sites in this regard,” Karbaliotis, says “because some of them offer tools that allow users to upload all their contacts. This allows users to put their trust in a third party. It sounds like it’s a great convenience and service, but business contact information, particularly in Europe, is considered personal information. Users could potentially bring their company into a position of liability.”

In spite of the potential risks, social media sites don’t go out of their way to warn users of the dangers of sharing information. “Their default privacy settings are not great, in terms of having a private network,” Nurani explains, “so users would have to go and set their privacy settings so that they have a closed network as opposed to an open network. For instance, the default on Facebook is going to be public — the information is publicly available. Users can control who sees their profile and who sees their comments, however, users have to click on the privacy option when they are setting up an account with Facebook and edit the settings to create a closed network.”

This has been a hot topic recently for regulators. “There’s been a lot of talk between privacy commissioners and Facebook to try to make the default settings more privacy protective,” Nurani explains, “but that’s not the perspective that Facebook is taking. They want to have it open unless the user says otherwise.”

The law, generally speaking, has very limited reach when it comes to protecting users and the companies they work for. Canada has strong privacy legislation in place; however, it is not enforceable because the Internet transcends borders and legal jurisdictions. User education, in fact, may be the government’s strongest weapon.

“If you’re going to participate in any of these sites,” Nurani explains, “absolutely the first thing users need to do is read the privacy policy.  I think the critical part to read is ‘who else has access to my information?’ or ‘who is it shared with?’ Those are the parts of the policy to really focus on because that’s where consent is given.” As Nurani adds, consent will often be presumed by a user’s participation unless indicated otherwise. “So this leaves it on the user. It’s the user’s responsibility to ensure that he or she is okay with what happens with that information.”

Because individual responsibility is so pivotal here, organizations will need not just compliance from the employees, but participation in the process of ensuring that social networking is used appropriately and safely. “I think that a more enlightened approach,” says Trojan, “is for employers in the workplace to raise this issue very broadly and in a progressive upfront way, and ask employees what they would like to do about this. And it may be that employees actually do want some help.” 

Fortunately, there are many precedents — businesses have successfully coped with the introduction of instant messaging, email, Internet browsing, and even the telephone. “It is another forum,” says Rick Klumpenhouwer, director of consulting services at Cenera, “and another opportunity for an information breach.” 

Jacob Stoller (jacob@stollerstrategies.com) is a Toronto-based independent writer and researcher.

Top