How to Tame the Social Network at Work
"It's very easy for someone to go around those blocks using a public proxy," he says. "Five minutes later they're back on Facebook and you've lost all control. Believe me, employees are very motivated when it comes to getting on Facebook."
Even if you did manage to somehow keep all your employees from accessing social networks at work, there's little you can do to keep them from tweeting their little heads off about company secrets when they head home at night. And social media blocker beware: Employees are more likely to rip into your company on social sites after hours if they can't get to those sites at work, Bonvanie adds.
"The motivation for someone to log on to Facebook and go off about their company is a lot higher if you block their access at work than if you allow them," Bonvanie says. "If you piss them off at work, that's what they're going to do when they get home. If the culture at work is to allow social media but be smart about it, tell people how to act and what not to say, they're not likely to do it at home."
A partial solution is provided by tools like FaceTime's Socialite or Palo Alto Networks' next-generation firewalls, which offer granular controls over which features each employee can access on the social network. For example, a company might allow full access to Facebook, but block usage of third-party apps like Farmville or native features like chat. Granular control could enable employees in the marketing or customer service departments to use Twitter to promote the company and solve user problems, while keeping those with access to sensitive information offline. Or it might allow some employees to simply read but not write -- so they can scan LinkedIn profiles for recruiting purposes, but not spend valuable company time updating their own résumés.
Some of these controls can extend outside the company as well. If an employee posts something they shouldn't from an off-network home PC or an Internet cafe, for example, Socialite can identify and archive the new posts the next time the user logs in to their accounts via the corporate net, notes Carter.
Another potential solution is data leak prevention software. About 70 percent of all data leaks are the result of an employee accidentally or intentionally spilling the beans, says Alexey Raevsky, CEO for Zecurion. DLP suites like Zecurion's can monitor all outbound communications -- email, chat, and social media updates -- and block anything deemed confidential or proprietary from leaving the company's network. But using DLP means keeping a close watch on what information your company deems sensitive and updating those filters regularly as it changes.
"Social media makes it easy to say things you shouldn't," says Bonvanie. "The technology needs to do more than a simple binary block or allow."
Taming the social network: Warning: Stupidity ahead, please exercise caution
The problem with using software tools to combat social media ills is that they lack a "stupidity filter," FaceTime's Carter notes. The world's best social media security or DLP suite can't keep employees from posting something dumb or embarrassing to their walls.
"What's most important is education," says Carter. "Educate, re-educate, and educate again. Put technology coaching solutions in place, where you can remind users of the risks regularly and remind them also of your company policy about visiting sites that are not relevant to business."
Every company needs to address social networking and create comprehensive policies governing how they can and can't be used. Yet four out of five enterprises lack such policies, says Kurt Underwood, managing director, global risk leader for IT for Protiviti, a risk management consultancy. That can lead to major legal and regulatory problems down the road.
"You can try to ignore social networks, but the legal and reputational dangers will still be there," he says. "If employees are using business resources -- network servers, desktops, or laptops -- to access a social media site or using any portion of it for business purposes, the data being shared on it needs to be viewed just as you'd view information shared across the company's email system. That's a big eye-opener for most CIOs."
Creating social policies doesn't have to be an ordeal. Sites like Social Media Governance or Social Media Today are designed to help organizations create workplace policies for social media. But the best source for laying the rules of the social road may be sitting in the corporate cafeteria.
When IBM needed to create Internet guidelines for its 400,000 global employees, it turned to the most logical source: the employees themselves. IBM published its first set of guidelines around blogging in 2005, which was created via an employee-driven wiki. Those rules have been overhauled twice since then to reflect changes in technology, including a 2010 version that deals explicitly with social networks.
The guidelines are filled with commonsense advice; for example, they recommend not posting anonymously, trying not to pick fights, always writing in the first person, identifying yourself as an employee when posting about company matters, and making it clear the comments you post are your own personal opinions, not those of IBM.
What you won't find: heavy-handed warnings or details about the punishments meted out for social media misconduct.
"One thing that's critical and built into both our guides about social computing and about proper business conduct is the notion of trust," says John Rooney, program lead for innovation and collaboration at IBM. "We have a culture where we want our employees to understand they're trusted to act professionally and to represent the best interests of IBM. If potential conflicts do come up, we have ways to manage that. But we've had very few cases where we had to take any action in that regard."
The key to creating policies employees will actually follow is achieving the right balance between formal rules and gentle encouragement, says Scott Gracyalny, managing director and global lead of risk technology services at Protiviti.
"Generally speaking, the policy should be comprehensive but not so rigid that it causes employees to try to circumvent your security controls," he says. "It should be written in a positive tone that creates a feeling of empowerment, as opposed to 'don't do this' or 'you can't do that.'"
Another solution: "Don't hire stupid employees," says Jan Aleman, CEO for Servoy, a developer of hybrid SaaS and on-premises software with 108 employees. "At Servoy people already know what they can and cannot say on Facebook. As an open source company we don't have a lot of secrets. You can already see everything our tech guys are doing, because we commit our code to a public place. But if you had a bigger company or less intelligent people working for you, you'd probably want some guidelines in place."
Taming the social network: Tapping insights from 500 million of your closest friends
Despite the difficulties, having a presence on social networks is rapidly becoming a requirement for doing business. Yet some enterprises are still balking, notes Underwood.
"It's like we're back in 1993, when enterprises were trying to decide whether to participate in this thing called the Internet or simply ignore it," he says.
For things like recruiting, marketing, and customer service, using public social nets is a no-brainer. For example, Servoy actively trolls Facebook groups built around fourth-generation programming languages like FoxPro and recruits their members to webinars. It also uses its Facebook presence to solicit feedback from customers.
"It's good to talk to your customers and find out what they think is important," says Aleman. "Otherwise you could develop your products in a way you think is best but isn't what the market wants."
IBM has folded Facebook and Twitter into its corporate communications strategy, just as it did with blogs five years ago, says Rooney.
"We have people on Facebook actively talking about the things they're working on at IBM, which we see as a big positive," says Rooney. "When people are looking for a particular kind of expertise, Facebook makes it more possible to discover that at IBM. Social media gives us a pathway to engage directly with clients, demonstrate openness, project the future of what we're working on. It's a way to collect feedback on what we're working on and improve our product offerings."
Language learning company Rosetta Stone recently integrated its Parature CRM and customer support systems with Facebook, offering the same knowledge bases and support options like live chat on Facebook as it does on its its own website, as well as the same ability to capture all of that real-time customer data in its CRM. Launched in August, Rosetta's Facebook page had already garnered more than 22,000 fans at press time.
A big difference between social media and typical online support channels is "the viral nature of a positive experience," says Parature founder Duke Chung. "When someone posts on a Facebook wall or uses our live chat and gets an answer to their question, we give them the option to share that experience with their friends. They can say, 'I just got my answer and now I'm back to learning Japanese faster than ever,' and 500 of their friends see it. It lets Rosetta's customers market their great experiences via Facebook streams."
The other big advantage, says Rosetta Stone senior vice president Jay Topper, is how much data companies can glean from sites like Facebook -- for absolutely free.
"Companies spend so much money trying to get information from their customers, while places like Facebook are essentially a free 24/7 focus group where every day thousands of people are providing you with a constant flow of information," he says. "It's mind-boggling how much you could mine from this."
Taming the social network: Your own private social network
Of course, you probably don't want your product road map being retweeted by Ashton Kutcher. You don't really need 10,000 people on Facebook to "like" ideas your development team is still mulling. It's usually not smart to post photos from company parties on Flickr or MySpace. Public social networks are poor solutions for a great many things.
But if you want the benefits of social nets -- collaboration across geographies, instant feedback, and real-time communication -- without the risks associated with public exposure, a private social network may be just the ticket.
For example, AT&T uses Spigit's social media technology to create a mass virtual water cooler for the telecom giant. About 45,000 employees -- roughly one-sixth of AT&T's global workforce -- participate in The Innovation Pipeline, its online brainstorming community. The company has already implemented one idea suggested by employees: creating a TV channel that shows the differences between HDTV and normal resolution, to help AT&T sell high-definition programming packages to its broadband U-Verse customers. Several more are in development, says Patrick Asher, innovation leader for the company.
If an idea is too good -- or such a no-brainer that it deserves immediate implementation -- company executives can pull it from Spigit sites before it leaks to competitors, notes Spigit CEO Paul Pluschkell.
"It's all about bringing ideas to market that much quicker," he says. "Until you execute on it, an idea is just an idea."
Gaming network IGN Entertainment uses Yammer, a hosted social networking service, to collaborate and comment on each others' ideas. It began when a single IGN engineer signed up for Yammer and now has spread virally to the entire company, says Greg Silva, vice president of HR. As the geeks critique, management can see who's contributing which ideas, and gauge how engaged they are with the company and the industry as a whole.
"Yammer gives our leadership team the opportunity to see which employees are consistently contributing ideas and adding to the conversation," Silva says. "And because we operate in five locations worldwide, it gives our employees the opportunity to engage in any discussion, no matter where it started."
When Synaptics, a $500 million maker of touchscreen technology, was looking for a "21st-century communications tool" that allowed people to collaborate 24/7, it turned to Broadvision's Clearvale, says Jim Harrington, senior vice president of global human resources for the company.
"Too many times when you send out email people just delete it without reading," he says. "Clearvale enables us to build communities inside our company that are able to communicate with external communities for things like recruiting. It also allows us to communicate between different internal communities such as marketing and product development, or between product development and human resources."
Internally or externally, the rest of the world is adopting social media. If your company isn't there, they'll just end up talking about you behind your back.
"The first thing you have to understand is that, if you're not present on social media, if you don't have brand and corporate advocates in these spaces, you'll have no opportunities to address concerns and correct problems," says IBM's Rooney. "You're not going to fix it or protect your brand by ignoring them. If you're engaging authentically and directly, if you exhibit openness and a willingness to listen, you've got a much greater opportunity to change hearts and minds."
A-Teams of IT: How to build a crack strike force Your mission, if you choose to accept it: Build a crack special ops team ready to tackle the toughest IT assignments
True IT confessions Supergeeks fess up to some of the dumbest things they've ever done -- and the lessons they learned as a result
The dirt locker: Dirty duty on the front lines of IT Seven more nasty tech jobs that make you want to bathe
IT personality types: 8 profiles in geekdom Forget Myers-Briggs. Here are the true archetypes that underlie the IT breed
Bridging the IT generation gap Older generations learned tech. The younger generation lives it. Organizations that want to succeed need the skills of both.
5 reasons IT pros should be paranoid Secret data leaks, data centers on the brink -- and your career hanging in the balance
Stupid user tricks 4: IT horror never ends Nine more real-world disasters courtesy of your network's weakest link
The 7 deadly sins of IT management Beware these common IT transgressions before you inadvertently sabotage your company's tech agenda
20 more IT mistakes to avoid Fall prey to any one of these common IT blunders and watch your company's prospects suffer -- not to mention your own
16 ways IT can do less with less Put the days of doing more with less behind you by cutting back on the overhead of IT
Seven things IT should be doing (but isn't) Taking a hard, honest look at what you need to accomplish is the key to keeping your business competitive -- and yourself gainfully employed
Read more about applications in InfoWorld's Applications Channel.