Chances are good that you or someone you know can’t access social networking sites from work. The question is, do you know why? I can remember being frustrated that I couldn’t access my Hotmail account from a job I had 15 years ago, when web mail was the biggest perceived threat to corporate productivity and security – and I worked in an IT department. While you might assume employers are trying to prevent a productivity drain from Farmville, there are typically several far better reasons for employers to be paranoid about social network usage from inside the company.
At HP Discover I had the chance to talk with security researcher, John Pirc, who is also co-author of the book Cybercrime and Espionage. Pirc had just finished a talk on the social media mistakes people make in the workplace and how those mistakes can hurt a company. The video below is a recording of the great conversation we had following his session.
How Can Social Networking Put Employers At Risk?
I’m of the opinion that companies are smarter to spend time educating people about potential risks, rather than locking them out from social networks. While things like playing games could be a productivity drain, anyone who would play a game rather than behave responsibly at work is likely to find some other way to avoid work. While I summed up the advice John Pirc gives by saying “don’t be stupid,” the risks to watch for are a bit more nuanced than that. Here are a handful of things to watch out for, whether you are using a social network at work or anywhere else.
Investigate Unknown Links Before You Click
Social networking sites are filled with shortened links with unknown destinations. Twitter is particularly prone to this as they convert every link to a t.co link in order to conserve space. Even if I trust the link sender, I tend to use a URL expander to identify the actual destination. You should be using a URL expander too. For simple short links, LongURL can identify the destination, but if you really want to check the security of a link, the Sucuri SiteCheck analyzes a number of safety risks about any link you want to visit.
The reason you need to check these links at work is twofold. If you click on an unknown link, you could potentially infect your work computer and put the company network at risk. The other risk is in being duped into providing your username and password to a site that appears safe. This second risk is even higher if you don’t use different passwords for each online service you use.
Use a Different Password on Each Site
It’s tempting to create one password and use it everywhere. One password is far easier to remember than dozens. People who hack accounts are counting on this. If you use the same password on your corporate network as the password you use for Facebook and your personal email account, it makes it far easier for someone to discover your password and access resources they shouldn’t have access to. Instead of taking the lazy way out and using the same password everywhere, get a password app, like 1password or Roboform and store a unique password for each site.
Stop Checking In Everywhere
Some security experts warn against checking in on Foursquare or Facebook so you don’t alert potential thieves of your absence from home. While there may be potential for getting robbed, there are other reasons to stop checking in. If you work in sales or are involved in strategic projects for your company, check-ins may tip competitors off to your business dealings. Checking in at the coffee shop next door to a major client for a few days could suggest a deal is brewing. And it should go with out saying that checking in for a job interview might make things awkward at your current employer, particularly if you friended co-workers on your social networks.
Keep Your Work Relationships Professional
While everyone approaches work relationships differently, keeping work relationships strictly professional can avoid a number of embarrassing issues down the road. If your boss isn’t your friend on Facebook, she won’t see every Farmville status update. Your co-workers also won’t know you drank a gallon of whiskey and danced in the city fountain if you aren’t sharing your photos with them. While those are both strong examples of my, “don’t be stupid” admonishment, if you do have the occasional lapse in judgment you can avoid potential fallout at work.
If The Public Doesn’t Know Keep it Private
As someone who frequently looks at technology before public release, I generally assume that I can’t talk about something until I see it in another news outlet. This is a good policy for your own work. Posting project details on your Facebook or LinkedIn profiles can reveal company secrets. Generally, if your company hasn’t revealed something, there’s a good reason for it – keeping company matters private may help you keep your job.
Do you proceed with caution when it comes to social networks and work? Why or why not?
I don’t even use my real name on Facebook because I don’t want to be easily found there. If I want to share with someone there, I’ll provide my Facebook username. For all business contacts, present and past, I keep it strictly on LinkedIn, unless I choose to include a former work associate on Facebook, something that is the exception rather than the rule.