Business use of social networking demands clear internet-use policies

Companies are increasingly coming to rely on social...

Companies are increasingly coming to rely on social networking sites to create and maintain crucial business contacts, but the potential risks are as great as the advantages.

Intellectual property theft has been a serious challenge for business organisations ever since e-mail become commonplace in the work environment. But the use of social networking sites has thrown wide open the floodgates for leaking confidential information.

The problem was highlighted last week when the London High Court ordered a former employee of a recruitment agency to disclose the business contacts he added to his LinkedIn social networking site account before leaving the company.

The agency, Hays Specialist, alleges that former employee Mark Ions used LinkedIn to steal business contacts for use by his own company, which he set up before resigning from Hays last year. Ions denies the claims.

The case shows that businesses are finding it more difficult to protect confidential information when their staff rely on web-based tools such as LinkedIn that are controlled by third parties.

The most obvious defence is to shut down employee access to social networking sites. But for recruitment companies such as Hays, the value of social networking is too great, and they have to find an alternative way of managing the risk.

Technology has a role to play, but security professionals agree that companies first need to clarify the restrictions and obligations staff are required to follow.

Phillip Carnell, an associate at law firm CMS Cameron McKenna, says that organisations should ensure their employment contracts and internet-usage policies are updated to include social networking.

The risk of loss of information is nearly always indicated by the behaviour of the individual, says Paul Dorey, chairman of the Insitute of Information Security Professionals.

But if there are approprate internet-use policies in place, the professional security team for the company will be able to monitor unusual data movements and intervene, he said.

In fact, behavioural monitoring is becoming a key security tool. Companies are deploying appliances that plug in to networks to monitor the activities of their staff and alert administration to any unusual activity.

Manufacturing company Abbey Corrugated & Abbey Board has restricted access to social networking and other sites the company considers inappropriate for business use, but IT manager Steve Butler says activity monitoring is also an important security strategy.

Butler says employees are required to sign up to a policy governing their internet and other network activities and are made aware that it will be enforced using the activity monitoring and logging tools in place.

It could take several months for Hays to consider the information it receives about the information its former employee used to add people to his LinkedIn contact list. The case could lead to a landmark trial that will set an important precedent that will inform company policies on the use of social networking sites.

Read more on IT risk management