Most organizations see the potential of social networking technologies, but they also face concomitant risks - risks for which they may not yet be adequately prepared, suggests new research conducted by i4cp.
Yes, social networking can be a boon to an organization by encouraging knowledge sharing, fueling innovation, and boosting productivity. But unfettered social networking on the part of employees can also be calamitous, sending the wrong kind of messages to the world, creating confusion for customers, and potentially compromising the company brand.
Most of today's firms use social networking technologies. The i4cp survey found that over half (58%) of respondents said their companies use these technologies, a number that climbs to 61% among the largest companies (those with 10,000 or more employees). And it's quite possible that even those that say their companies don't use these technologies have employees who are informally using social networking Web sites, collaborating via instant messaging, or otherwise engaging in some sort of technology-facilitated social networking.
Even in companies that knowingly use these technologies, however, there are some serious concerns about the security issues. When asked about the potential risks that are of concern to a high or very high extent, 38% cited leaks of confidential information, 36% cited damage to the organization's reputation, and 33% cited loss of employee productivity.
Leaking of confidential information especially worries large companies, with over half (54%) reporting it as a risk to a high or very high extent. Likewise, large companies are more fearful that social networking will result in damage to their reputation, with 47% considering it a risk from a high to very high extent.
Survey respondents brought up other risks as well, such as the permanency of content uploaded to social networking cites. Another problem is the proliferation of so many social networking sites and the accompanying challenge of monitoring the content, as well as the potential for information to be spread unevenly or inaccurately over many sites. And some participants expressed concern about networking sites that enable individuals to ask others to provide them with job recommendations. Such recommendations might be erroneously perceived as an endorsement by an organization.
"Big companies are big targets and so have higher risks," said Mark Vickers, VP of research at i4cp. "They're more likely to have a well-known brand to protect, and there are plenty of competitors that would love to glean their trade secrets. At the same time, the big ones probably need these technologies more. That's assuredly because there are more people whose ideas can be leveraged for greater productivity, and also because internal communication is harder. The trick is how to solve this conundrum of greater need and greater risk."
Networks are often a loosely woven lattice through which the most valuable of an organization's assets - information - can slip. Yet, among those who say their companies have adopted these technologies, over a third (37%) don't have a policy in place that defines what information is permitted to be shared. And, when asked, "How does your organization validate that the [social networking] technology is secure enough for users to participate?", 41% said they didn't know. Without clear parameters, the odds increase that content an organization would rather not be made public will be posted somewhere in cyberspace.
It is, of course, easier to safeguard information when the organization itself controls the technology. Among the companies that have protections in place to safeguard confidential information, most (61%) cited the use of firewalls to guard against external breaches, and half said they have policies that forbid the sharing of regulated content. But just 38% provide training that spells out what should and should not be shared, and just 34% said they task individuals with monitoring content. What's more, when it comes to validating how secure technologies are, only 36% say there's diligent internal testing, and even fewer (24%) conduct a risk analysis.
Of course, simply restricting workplace social networking altogether may not be the best way to go. As one survey participant noted, there might be more risk involved in not embracing social networking, since forbidding or tightly restricting access can create backlash. Employees may feel compelled to communicate outside the organization's structure, which can create a boomerang effect and manifest in decreased internal communication. Developing a structure that employees can work within is more likely to net positive results.i4cp Recommendations
- In consultation with an expert, consider establishing a policy on workplace social networking and communicating it often with employees. Distributing a user agreement that employees must read and sign may be a good place to start.
- Consider creating guidelines that define sanctioned venues so that there is no question about what's acceptable and what is not in your company.
- Define goals and purposes of using social networking in the organization's day-to-day business.
- Ensure that social networking done in the course of business is professional and consistent with branded messaging.
- Maintain regular communication with employees on developments in social networking and any changes in policy, ensuring that everyone is mindful that this is an evolving medium that will require adjustment and sometimes compromise.