Monday, July 26, 2010

The illusion of security

Back in June, I suggested that corporate policies that block social media on company computers and networks were doomed to failure because they would simply be bypassed by staff members using their iPhones and other portable devices. Now comes an article on The HR Capitalist that proves the point with a lovely example:

I'm strolling through the office of fine, employment-focused government agency one recent morning, and what did I see?

A government worker hitting Facebook from her iPhone within her cube. So I did what any visiting HR pro would do - I asked her if the agency blocked Facebook and other social sites.

She said, "Mmm hmm. All of 'em. And Hotmail too".

... It seems wireless networks trump corporate will when it comes to an employee’s use of social networks in the workplace... If you’re still blocking access and patting yourself on the back, remember the image of your employees dialing their favorite social network up on their smart phone. You’re not managing liability, you’re transferring it to a network that you don’t control. The illusion of security.

(With appreciation to Mark Graban of Lean fame for forwarding the link to me.)

12 comments:

Tonya said...

Not just security, but productivity. What takes 5 minutes on my computer takes 10 on my phone...

Sicilian said...

See it all day long at work every day.In nearly every department. Smart phones galore. Our departmnent banned phones except on a break or lunch. We are the only departmet to ban cell phone use at work.
Ciao

jimsey said...

Anecdotally, I can attest to this. Verizon/Motorola should be thanking my employer for their heavy handed IT policies. I never bothered to own a smart phone until my Fortune 50 employer decided to block everything under the sun (including any site hosted by blogger). On top of that, I'm taking my employer up on the opportunity to work at home two days a week, to have more freedom on the internet (on my personal laptop).

MedicalBillDog said...

Hey, as long as it's not happening in the OR, I'm okay with that.

Paul Levy said...

From Facebook:

Cheryl: Also, interesting from the perspective of the work place and "informal networks", and the human need to bond with others in social settings. The external nature of these iphone networks my mean that the internal networks, and the benefits of encouraging them in the workplace, for creativity, team building, etc., will be compromised. New frontiers for the Org Theorists.

Anonymous said...

and speaking of "security",there's this from the government:

http://www.washingtonpost.com/wp-dyn/content/article/2010/07/26/AR2010072605616.html?sub=AR

nonlocal

Paul Levy said...

Amazing. And you wonder why I have doubts about the government being innovative? http://runningahospital.blogspot.com/2010/07/can-cms-be-venture-capitalist.html

Craig said...

Great anecdote.
My company (a major pharma company) re-opened access to SM sites earlier this year.
Employees are expected to be productive with their time, regardless the distractions that may be accessible.
And with so much conversation taking place among stakeholders across healthcare, senior managers agreed it was short-sighted to encourage staff to keep their heads in the sand.

Anonymous said...

Paul;

I would venture a guess that the government is not too far behind private corporations in this matter, as some of your commenters indicate.

nonlocal

Paul Levy said...

From Kim on Facebook:

And for those of us in the marketing world, getting to know these social networks is actually WORK, since viral marketing has become huge....trusting the recommendations of your friends is often easier than trusting an "ad"!

fairhavenhorn said...

For a contrary view, I can understand the desirability of the situation that you describe. The issue is not social networking per se, it's the kinds of behavior that is encouraged by the social networking software.

First, having to re-key information acts as an important privacy protection. It's much too easy to attach a document and send it, forgetting that the document contains private information. The culprit honestly explains "oops, I forgot" or "I didn't realize that the other information was there." Re-keying the information introduces enough mental processing to trigger the thought "should I publish this?". It won't be perfect, but the exceptions will be few. People really do want to respect privacy.

Second, that same "I didn't know" on the receiving end makes links and attachments in social media a primary attack point for malware. It's very easy to introduce malware through social media, and the current state of protection in the software is extremely poor. Shifting that onto the smartphone is less than ideal, but at least it's just the smartphone that is put at risk, not the internal workstation.

Social media could adjust their software to make attaching documents harder, etc. but that would be quite unpopular. I do expect them to improve the protections against malware, because those should not interfere with the social activiites. For now, the position that smartphones are OK, workstation are not OK, may be a reasonable position to take. A lot will depend upon details of software and encouraged behavior because these problems are not inherent to the social sharing.

Aaron said...

Being a avid HR theorist, banning social media is the complete opposite direction HR needs to move. You need to encourage self responsibility. Being a authoritative rule setter, starts a negative trend of pigeon hole workers and preventing creative process. Besides, not everyone has the same work patterns. By preventing any time to retract from work while at work, actually LOWERS productivity.