HomeCyber SecuritySocial Networking Sites And The Risks They Pose To Businesses

Social Networking Sites And The Risks They Pose To Businesses

4 December 2009

Social networking, where internet users share information, pictures and videos through specially designed websites, has proved a useful way for the modern worker to stay connected with friends. But for businesses, the use of social networking by employees can present a raft of problems if it is not properly addressed.

One of the main problems is the draw it represents on employee time. Cyber-skiving, the act of using computers for personal use during working hours, has become a common part of the average employee’s working day, with a recent report by Hotels.com estimating that as many as 132 million working hours are squandered online during the festive period alone.

Accessing social networking sites can also pose a security risk, as such sites are a common breeding ground for viruses and phishing attempts, where fraudsters attempt to obtain sensitive information by posing as legitimate sources. In addition, the high level of multimedia content such as photographs and videos can put significant strain on a network’s bandwidth, taking capacity away from legitimate business activities.

Another key concern is the risk to a business’s reputation if an employee posts information about their work online. In some cases, negative comments about employers have cost staff their jobs, such as Kimberely Swann from Clacton-on-Sea, who was sacked from her role as an office administrator for describing her work as boring on Facebook.

Similarly, Waitrose, Tesco and M&S all suffered damage to their brands when staff were caught using offensive language in social networking forums to describe customers. Companies are particularly at risk if a member of staff reveals confidential information that breaches the firm’s data protection responsibilities. In January 2009, for example, Boots the Chemist hit the headlines when it was revealed that staff had been joking about customers’ embarrassing medical problems on Facebook.

While employers can’t realistically control everything an employee does online, steps can be taken to limit or prohibit such activity during working hours through an acceptable use policy. Such a policy should set out which sites can or cannot be visited during working hours and, if necessary, can be backed up by system administrator imposed blocks on certain sites.

In addition, a reasonable conduct policy can be introduced to make employees aware of what can reasonably be said about a company online. This policy should give clear examples of what could constitute misconduct and should clearly outline the disciplinary process in such cases.

To make such policies effective, internet usage should be monitored and where misconduct is suspected, evidence should be gathered carefully to ensure that companies are not exposed to claims of unfair dismissal at a later date. For example, where an employee is suspected of spending a large proportion of their working day on social networking sites, computer forensic experts can be called in to analyse the employee’s browsing history and produce legally admissible evidence.

For any company with employees, the key is to act now rather than waiting for a problem to arise. Introducing policies and talking to employees about these issues is vital, as it can often be the case that, far from being malicious, employees are simply unaware of the risks their online activities can pose.

Categories

Talk to our consultation team today

Contact Us

I can honestly say that your excellent customer service and communication has made our forensic instructions to you exceptionally easy. I am very conscious of the amount of time I must have taken up with various queries, requests, and then changed requests but you have always been very patient, polite and extremely helpful.

Case Review Manager - Criminal Cases Review Commission