Taming the social network: Warning: Stupidity ahead, please exercise caution
The problem with using software tools to combat social media ills is that they lack a "stupidity filter," FaceTime's Carter notes. The world's best social media security or DLP suite can't keep employees from posting something dumb or embarrassing to their walls.
"What's most important is education," says Carter. "Educate, re-educate, and educate again. Put technology coaching solutions in place, where you can remind users of the risks regularly and remind them also of your company policy about visiting sites that are not relevant to business."
Every company needs to address social networking and create comprehensive policies governing how they can and can't be used. Yet four out of five enterprises lack such policies, says Kurt Underwood, managing director, global risk leader for IT for Protiviti, a risk management consultancy. That can lead to major legal and regulatory problems down the road.
"You can try to ignore social networks, but the legal and reputational dangers will still be there," he says. "If employees are using business resources -- network servers, desktops, or laptops -- to access a social media site or using any portion of it for business purposes, the data being shared on it needs to be viewed just as you'd view information shared across the company's email system. That's a big eye-opener for most CIOs."
Creating social policies doesn't have to be an ordeal. Sites like Social Media Governance or Social Media Today are designed to help organizations create workplace policies for social media. But the best source for laying the rules of the social road may be sitting in the corporate cafeteria.
When IBM needed to create Internet guidelines for its 400,000 global employees, it turned to the most logical source: the employees themselves. IBM published its first set of guidelines around blogging in 2005, which was created via an employee-driven wiki. Those rules have been overhauled twice since then to reflect changes in technology, including a 2010 version that deals explicitly with social networks.
The guidelines are filled with commonsense advice; for example, they recommend not posting anonymously, trying not to pick fights, always writing in the first person, identifying yourself as an employee when posting about company matters, and making it clear the comments you post are your own personal opinions, not those of IBM.
What you won't find: heavy-handed warnings or details about the punishments meted out for social media misconduct.
"One thing that's critical and built into both our guides about social computing and about proper business conduct is the notion of trust," says John Rooney, program lead for innovation and collaboration at IBM. "We have a culture where we want our employees to understand they're trusted to act professionally and to represent the best interests of IBM. If potential conflicts do come up, we have ways to manage that. But we've had very few cases where we had to take any action in that regard."
The key to creating policies employees will actually follow is achieving the right balance between formal rules and gentle encouragement, says Scott Gracyalny, managing director and global lead of risk technology services at Protiviti.