Limit your liability from social networking

Although Tif members find that allowing staff to use social networking sites can have advantages in terms of knowledge sharing and market research, they also see that the risks of using such sites must be understood and managed

Although our blue-chip members find that allowing staff to use social networking sites can have significant advantages in terms of knowledge sharing and market research, they also see that the risks of using such sites must be understood and managed - and the right policies and governance controls put in place, writes Ollie Ross, head of research at The Corporate IT Forum (Tif).

The main risk of social networking comes from the blurring of a participant's professional and personal profile. Very often, social networkers align themselves with professional networking groups that indicate clearly who employs them and what their job function is.

Potentially, this can make it very easy for criminals to harvest information that can be used against them or their companies - so called "social engineering".

This danger is accentuated by the informal nature of the social networking environment. Popular networking sites, such as MySpace, Facebook and Bebo, are all designed to be highly consumer-friendly. This can potentially make participants less careful about the information they divulge about themselves, their organisation and their organisation's activities, products and services.

When people e-mail or post wall messages on their home page they often forget - or do not realise - that their messages are not private. The photos and materials they upload or the words they write can be seen by many thousands of people and are recorded.

Additionally, any company that allows staff to use external social networking sites on corporate machines must understand that their employees' communications can be traced back to a company IP address. This means that an organisation can be liable for the messages and material posted. This is especially relevant if a company has set up its own social networking site.

Whether they are sending information out at home or at work, if an individual can in any way be associated with their company or organisation they can unintentionally damage their employer's brand through sending out inappropriate information.

Finally, although marketing departments are often keen to use social networking sites to test company positioning and to understand the reputation of a brand, this must be approached carefully as there can be a loss of "message control" and a subsequent impact on the brand.

There is also the danger of using social networking for inauthentic marketing - something that must be guarded against as it can impact negatively on the brand. Examples include fake personas and ghost written blogs - so called "astroturfing".

Tif Information Security Service >>

Read more expert advice from the Computer Weekly Security Think Tank >>


Read more on IT risk management

SearchCIO
SearchSecurity
SearchNetworking
SearchDataCenter
SearchDataManagement
Close