Although our blue-chip members find that allowing staff
to use social networking sites can havesignificant advantages in terms of knowledge
sharingand market research, they also see
that the risks of using such sites must be understood and managed -
and the right policies and governance controls put in place,
writes Ollie Ross, head of research atThe Corporate IT Forum
(Tif).
The main risk of social networking comes from the blurring of a
participant's professional and personal profile. Very often, social
networkers align themselves with professional networking groups
that indicate clearly who employs them and what their job function
is.
Potentially, this can make it very easy for criminals to harvest
information that can be used against them or their companies - so
called
"social engineering".
This danger is accentuated by the informal nature of the social
networking environment. Popular networking sites, such as
MySpace,
Facebook and
Bebo, are all designed to be
highly consumer-friendly. This can potentially make participants
less careful about the information they divulge about themselves,
their organisation and their organisation's activities, products
and services.
When people e-mail or post wall messages on their home page they
often forget - or do not realise - that their messages are not
private. The photos and materials they upload or the words they
write can be seen by many thousands of people and are recorded.
Additionally, any company that allows staff to use external
social networking sites on corporate machines must understand that
their employees' communications can be traced back to a company IP
address. This means that an organisation can be liable for the
messages and material posted. This is especially relevant if a
company has set up its own social networking site.
Whether they are sending information out at home or at work, if
an individual can in any way be associated with their company or
organisation they can unintentionally damage their employer's brand
through sending out inappropriate information.
Finally, although marketing departments are often keen to use
social networking sites to test company positioning and to
understand the reputation of a brand, this must be approached
carefully as there can be a loss of "message control" and a
subsequent impact on the brand.
There is also the danger of using social networking for
inauthentic marketing - something that must be guarded against as
it can impact negatively on the brand. Examples include fake
personas and ghost written blogs - so called
"astroturfing".
Tif
Information Security Service >>
Read more expert advice from the Computer Weekly Security Think
Tank >>