A pragmatic approach to corporate social media usage is critical for commercial advantage

Every year, thousands of people are hurt (or worse) in traffic incidents but we carry on driving. A car in itself is not dangerous but is a lethal weapon when placed in the wrong hands yet no-one suggests banning cars or driving.

It comes down to risk management. If everyone follows the Highway Code – essentially a set of policies and guidelines – then the risk of collision decreases and our roads become a great deal safer.

However, in today’s new social media world, some nervousness appears to have gripped IT decision-makers who simply prevent employees from using Facebook, LinkedIn and Twitter, blocking them completely for reasons of “productivity”, if not network security. Whilst some organisations allow access during lunch breaks, the fear of the unknown has driven many companies to take a totally black and white view on social networking in the workplace.

This ‘all or nothing’ approach is not new and happens each time we reach a new stage of technology evolution. It was prevalent in the early days of wireless LAN when a directional antenna made with a Pringles can was used to help malicious hackers spot wireless networks that were open to attack leading to widespread mistrust of wireless technology.

This stunted the initial uptake of wireless LAN communications and the obvious benefits we reap today took a long time to materialise.

The rise of social networking poses the latest security challenge for IT directors in just the same way, it is user driven and those users are typically not security conscious. But, along with threats come opportunities, and ignoring the immense power of social media as a significant new client engagement channel might be considered by some as commercial suicide.

Despite recent claims that membership has fallen on social media sites in the UK, it still represents a billion plus membership, a huge community for companies to interact with.

Look at it in a slightly different way by drawing a parallel with your company’s approach to business travel. According to the Office of National Statistics, UK business travellers spent a whopping £4billion conducting business trips during 2010. Someone will have done the maths and calculated that business coming in would more than compensate the initial £4billion investment.

Mature policies and processes are in place to facilitate business travel and great consideration has been given to assessing the risk associated with staff having to travel to conduct their duties and then training them as a duty of care. CIOs should apply the same “Policy, Train and Manage” principle to social media. Forbidding the use of social media simply does not make commercial sense.

Getting it right can not only help generate revenues but can also change stakeholder perception and ultimately improve customer satisfaction. People are using social media channels to praise or air their grievances about the products and services they experience – especially in a business to consumer environment.

Banning social networking outright in the work environment effectively isolates companies from what the marketplace is saying about them and denies them the right to reply or protect and defend their brand.

Only recently, when responding to a Parliamentary question in the House of Commons on the Foreign Office’s use of social media, Foreign Secretary William Hague revealed how he had set up a special Digital Diplomacy department that encouraged the use of social media to deliver foreign policy priorities and even get messages across to British nationals in consular crisis situations.

Staff are trained to engage effectively through Facebook and Twitter, often writing blogs, in local languages, that are picked up by online publications in their host countries. With an amazing 300,000 followers between these two sites alone, the Government clearly recognises the importance of a strong social media presence.

By all means make social media more accessible but make sure your corporate network is protected with the right technology to support your policies and guidelines. Many companies are still relying on old firewall technology to keep security threats at bay – this isn’t enough, traditional firewalls were designed for traditional problems.

A blended approach to social media security is required that combines the wealth of sophisticated technology available today with a set of sensible and flexible processes. Employees need clear guidelines on how they should access and use social media in the work environment and IT directors need genuine visibility and control of the applications used and data sent by the individual user.

There are several simple but effective measures companies can take to gain better control over social media in their business environment, for example, training and educating employees of the dangers of social media. Restricting the use of certain applications with social media sites such as chat and gaming and nominating relevant personnel to post or respond to comments on the company’s products and services are just some of the practical steps one can take to control the situation.

Along with the right technology, these activities should form the basis of a best-practice policy that supports existing corporate HR and risk management procedures – including those business traveller processes previously mentioned – and is communicated widely across the organisation in the usual manner.

Social media is no longer the exclusive domain of marketeers. By applying risk management best-practice, IT directors are strategically placed to help their client-facing departments increase their digital presence in the workplace and use it for competitive, commercial advantage.

Danny Williams is a Security Specialist at LAN2LAN where he is responsible for PCI/DSS and Mobility solutions. He has over 30 years' IT and telecommunications experience gained in a variety of sectors including telco, finance, media and the military. Prior to LAN2LAN, Danny worked for Pilgrims Group. With the rise in social media in the workplace, Danny believes IT security down to user level should form an integral part of the business continuity planning process. Danny has a Diploma in Marketing from the Chartered Institute of Marketing.