We live in a world where technology has changed the way people communicate, the way they are informed and how they do business. Traditional social networks have expanded from a few dozen acquaintances to hundreds of friends, friends of friends, connections and followers. We live in a world where people would rather communicate by sending a text message from their mobile phone, post comments on their favorite online network or send a short Tweet to inform all their friends that they have just got out of bed or they are out to dinner.

The growth of social networking platforms has been phenomenal. Millions of people around the world with access to the Internet are members of one or more social networks. They have a permanent online presence where they create profiles, share photos, share their thoughts with friends and spend hours catching up with what their hundreds of friends are doing with their lives.

Give most people access to the Internet and they will spend the next hour checking their email, their Facebook profile, their MySpace Web page, updating their Twitter account and their LinkedIn account. And it doesn’t happen only once a day. The time spent using social networking applications is one reason why many businesses are reluctant to allow employees to use sites like Facebook, MySpace and LinkedIn during office hours. Add the time spent on nonworkrelated browsing, and employers have a point. At the same time, however, businesses are starting to appreciate that social networking has its advantages, and there are many companies that have adopted social networking as another vehicle to gain a better presence online and a wider audience.

The Benefits

Expanding Market Research

Social networking sites give businesses a fantastic opportunity to widen their circle of contacts. Using Facebook, for example, a small business can target an audience of thousands without much effort or advertising. With a good company profile and little in terms of costs, a new market opens up, as do the opportunities to do business.

Personal Touch

Social networks allow organizations to reach out to select groups or individuals and to target them personally. Businesses can encourage their customers to become connections or friends, offering special discounts that would be exclusive to online contacts. This personal touch is not only appreciated but may give the business access to that customer’s own network of contacts.

Improve Your Reputation

Building strong social networks can help a business to improve its reputation with as little advertising as possible. Social networks can boost your image as thought leaders in the field and customers/contacts start to acknowledge your business as reliable and an excellent source of information/products that suit their requirements.

Low-Cost Marketing

Once social networks have become established and people become familiar with the brand, businesses can use the sites or applications to implement marketing campaigns, announce special offers, make important announcements and direct interested people to the specific Web sites. It is mostly free advertising, and the only cost to the business is the time and effort required to maintain the network and the official Web site.

The Concerns

Social networking sites are applications and, as such, are generally not a problem for organizations. It is the people who use them that are a cause for concern. Social networkers, if one can call them so, are the root of five problems for an organization that allows social networking at work.


One reason why organizations on social networking in the workplace is the fact that employees spend a great deal of time updating their profiles and sites throughout the day. If every employee in a 50-strong workforce spent 30 minutes on a social networking site every day, that would work out to a loss of 6,500 hours of productivity in one year! Although this may be a generalization, organizations look very carefully at productivity issues, and 25 hours of non-productive work per day does not go over well with management. When you factor in the average wage per hour you get a better (and decisive) picture.

There is also an effect on company morale. Employees do not appreciate colleagues spending hours on social networking sites (and others) while they are functioning to cover the workload. The impact is more pronounced if no action is taken against the abusers.


Although updates from sites like Facebook or LinkedIn may not take up huge amounts of bandwidth, the availability of (bandwidth-hungry) video links posted on these sites creates problems for IT administrators. There is a cost to Internet browsing, especially when high levels of bandwidth are required.

Viruses and Malware

This threat is often overlooked by organizations. Hackers are attracted to social networking sites because they see the potential to commit fraud and launch spam and malware attacks. There are more than 50,000 applications available for Facebook (according to the company) and while FaceBook may make every effort to provide protection against malware, these third-party applications may not all be safe. Some have the potential to be used to infect computers with malicious code, which in turn can be used to collect data from that user’s site. Messaging on social networking sites is also a concern, and the Koobface worm is just one example of how messages are used to spread malicious code and worms.

Social Engineering

Social engineering is becoming a fine art and more and more people are falling victim to online scams that seem genuine. This can result in data or identity theft. Users may be convinced to give personal details such as Social Security numbers, employment details and so on. By collecting such information, data theft becomes a serious risk. On the other hand, people have a habit of posting details in their social networking profiles. While they would never disclose certain information when meeting someone for the first time, they see nothing wrong with posting it online for all to see on their profile, personal blog or other social networking site account. This data can often be mined by cybercriminals.

Employers must be on the lookout for information that their employees may post, as this may have an impact on the company. People often post messages without thinking through what they’ve have written. A seemingly innocuous message such as “I’m working this weekend because we’ve found a problem in our front-end product” may be a spur-of-the-moment comment but could raise concern among customers who may use that system, especially if the company handles confidential or financial detail.

Reputation and Legal Liability

At then time of authorship, there have been no major corporate lawsuits involving evidence from social networking sites. However, organizations need to watch for employees who may be commenting publicly about their employer. For example, one young employee wrote on her profile that her job was boring and soon received her marching orders from her boss. What if a disgruntled employee decided to complain about a product or the company’s inefficiencies in his or her profile? There are also serious legal consequences if employees use these sites and click on links to view objectionable, illicit or offensive content. An employer could be held liable for failing to protect employees from viewing such material. The legal costs, fines and damage to the organization’s reputation could be substantial.

To Ban or Not to Ban?

There is no simple solution to any of the above issues. While internal controls and technology can be used to an extent to control employee use of social networking tools, it is impossible to control what they are posting at home.

And this is the dilemma that many businesses face today: They feel the need to change and adopt these new methods of communication but they are greatly concerned that the disadvantages and possible repercussions are too serious to ignore. Every action, every minute spent online (and on social networking sites) may expose an organization to numerous security threats. While the subject of productivity increase is debatable, the security issues are not – they are all too real.

Where does that leave businesses? 

They have three options:

Ban access to social networking sites (and access to Internet as well).
Set limits and restrictions on use.
Allow unmonitored access.

Banning access to social networking sites may be an optimal solution for some organizations, and one can see banks and government departments particularly keen on keeping the status quo. However, many smaller organizations may feel that taking a heavy-handed approach could be counterproductive, indicate a lack of trust in employees (probably justified to an extent) and is too restrictive.
On the other hand, you certainly do not want to give unfettered access to social networking sites. The best option may be to allow access to social networking sites while imposing limits (when these can be used, for how long, and by whom). Regardless of which option an organization may choose, they must ensure that the basic safeguards are in place:

  1. Up-to-date anti-virus software,
  2. A firewall and the ability to monitor the use of the Internet in general, and
  3. Ability to monitor social networking sites in particular.

Striking a Balance

What is worrying about social networking sites is that they encourage people to give as much information about themselves as possible. Even the most prudent and well-meaning individuals can give away information they should not – the same applies to what is put online via company-approved social networking platforms.

At the same time, nearly everyone today (even senior managers) has their own online profile on a social networking site and like the idea that they can keep in touch with contacts and friends (and their employees) via that interface.

If a business is going to allow access to social networking sites, there are some basic tips to follow:

Restrict access. Give employees a breather and allow them to access social networking sites during their lunch break, before and after office hours. Web filtering software gives administrators the ability to implement time-based access to these and other sites.
Educate and train staff. This is very important. Most employees are not aware how their actions online can cause security issues for the organization. Tell them in a language they understand how a simple click on a link they receive or an application they download can result in malware infecting their machine and the network. Additionally, tell them not to click on suspicious links and to pay attention when giving out personal details online. Just because employees are clever enough to have an online profile does not mean they are technically savvy or that they have a high level of security awareness.
Set security and usage policies. Have all employees sign any policies related to the use of the Internet at work, access to social networking sites and what they are allowed to say or do during office hours. Monitoring of all Web activity is important, and employees should be aware that their actions are being recorded and that failure to adhere to company policy can result in disciplinary action and/or dismissal.

David Kelleher is communications and research analyst at GFI.

This story originally appeared on Information Management, a sister publication to Health Data Management.


Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access