Private Enterprise and Social Media

In one of The Wall Street Journal‘s frequent debate articles, this time about whether businesses should allow employees to use social media at work, a couple of comments made by the pro-use debater jumped out at me.

When I first began helping companies use Twitter and Facebook more than a decade ago, every organization started with this question: how can we use social media without compromising our security and privacy obligations?

The answer to this question seems straightforward, yet the debater equivocated.  While a business needs access to social media for its advertising and other communications with current and future customers, the plain fact, made all the more plain with recently revealed misbehaviors of Facebook and Twitter, is that businesses cannot use social media without severe risk of compromising their security and privacy obligations.  The business models of social media like Twitter and Facebook depend on exploiting exactly those privacy data, and those enterprises—and not only Twitter and Facebook—have shown themselves incapable of maintaining security regarding those data.

And this one:

The same kind of risk/benefit assessment applies to the use of personal social-media accounts by employees.

While it is true that companies can reduce risk if they ban personal social-media use during business hours, discourage employees from making any online references to their work and maybe even ban personal smartphones from the workplace, that is a terrible idea for the same reason companies now embrace social-media marketing: you can’t be a successful company in the social-media era unless you accept some level of social media-related risk.

This is just flat wrong.  In the first place, there’s no reason at all an employee should be conducting personal business on company time and company equipment.  Normal breaks and lunch hours answer the first part, but it’s still company equipment.

More importantly, the claim of no success without employees on social media is wrong.  I worked for one of the most successful defense contractors in the world in our niche of the industry.  Along with hundreds of fellow employees I worked behind a cipher lock.  No radios (and so no cell phone), no personal tablets or laptops or the like, we were air-gapped from the Internet.  We survived the isolation.  In fact, we thrived in that environment, and so did our company.  Companies that don’t do classified work still do proprietary work.  There’s no more need for those employees to access the Internet than there was for us.  They’ll thrive, too.  Saying a business just must surrender and accept social media-related risk is nothing but a quitter’s attitude.

And: any company is better off operating short-handed than operating with an employee who will put the company at risk with his own security errors, especially if those errors flow from doing personal business on company time or equipment.

Leave a Reply

Your email address will not be published. Required fields are marked *