Many workers within the UK’s largest employer – the public sector – have never seen a social media policy. In a survey of 500 public sector IT staff, 14 per cent admitted that they have no social media policy at all that public sector employees must adhere to.
With Facebook being used by half the UK population, equating to 30 million, and Twitter being used by 13 per cent of the population, 7 million people, the potential to inadvertently leak proprietary data through these channels is huge.
Given that the public sector is the largest UK employer, with roughly 6.2 million employees and 506,000 of these working in the civil service alone, the issue of implementing policies to manage online interactions is of crucial importance for the security of the UK government.
And yet, when it comes to social media policy, the public sector is actually better off than the private sector. In a survey of UK business owners, 39 percent indicated that there is no policy in place regarding social media networking.
With human behaviour being identified as the biggest threat to information security, finding ways to educate users on how to handle their social interactions will go a long way towards ensuring overall security.
The power of social media engagement has been recognised the world over. For example, the Public Administration of Canada has just launched a global social media site called Public Service Without Borders, to create a virtual community of professionals involved in all aspects of public administration.
However, the issue of restricting access remains contentious. The Danish State Employer’s Authority has revaluated its positioning on whether additional central guidance governing the use of social media by public sector employees should be implemented.
In the UK the IT management forum, Socitm, found that 67 per cent of IT managers in the public sector blocked employee access to social media sites altogether. Security was cited as the main concern.
It’s an on-going challenge for IT managers in any enterprise to find the right balance between empowering staff to take advantage of the latest technology and ensuring that sensitive corporate data is not laid wide open to attack – and this concern can be even more pronounced in the public sector, where private citizen’s data could be at risk.
ICT security policies are a moving target at the moment, especially with social networking, which is changing and evolving all the time. However, setting out consistent clear policies across the whole of the UK and empowering staff to make the right decisions will be key to their success.
Social networking has moved beyond strictly personal use. What employees share online can now be of great importance to public sector organisations, especially if it’s proprietary or confidential information. Education on privacy settings, what can and cannot be shared publically, will help prevent data breeches and potentially embarrassing situations across the whole of the public sector.
Public sector organisations should follow these top tips:
- Analyse your data and determine which categories of data must be secured — a blanket approach to “secure everything” won’t work.
- Establish sensible and understandable policies for governance and compliance.
- Incorporate policy enforcement into your infrastructure as much as possible. Employee training is a must, but effective IT organizations balance this with infrastructure that enforces policies and helps protect against human error.
- Provide employees with safe, secure, easy-to-use tools that protect enterprise data without disrupting how they get their work done — including their use of social media.
- Identify key areas where it makes sense to build, maintain and expand secure business interaction networks internally and externally to guarantee that data on the move is protected and well governed.