Should you block your employees from accessing social media?

In the past, I’ve been known to instruct companies to block all employees from social media. Times are changing.

The fact is, Facebook is now the second most popular site on the Internet, second only to Google. We have to understand that some of our employees can actually be performing useful work using social media.

To me, one of the most shocking facts is that companies do not control their Internet access. There are wonderful web tools out there that will allow you to:

  • Track who’s going to what sites
  • Log employee activity in case you ever need evidence in a lawsuit
  • Selectively block groups and/or individual users from accessing specific categories of sites

I find that the main reason companies do not use these tools is that the blocking scenario makes executives choose between yes to allow or no to block. Deciding between yes and no is easy when you’re thinking about some categories of sites. But there will always be several sites that are difficult to come to agreement about.

In order to get over the hump, it is important to start blocking the sites that everyone can agree to block. And if you have final say at your company, then you can decide which site you want to block. The point is, if you can’t decide on specific categories, you don’t have to block them right now. Just by setting up these tools, they increase your security. More and more websites are being infected with malware and that can result with you and your users becoming infected to something known as a drive-by download. These tools will do their very best to protect you from drive-by downloads.

Contact your IT department today and ask them to enable Internet blocking, logging, and tracking.

Please post your comments on this blog.


3 Comments

  • Rob Keene December 30, 2010 at 6:09 am - Reply

    Social media sites are some of the worst distributors of “drive-by malware.” Like webmail sites they also increase the risk of distributing business information that is protected by various laws and regulations. How can you control these risks while effectively conducting business through SM?

    • Mike Foster December 30, 2010 at 9:44 am - Reply

      Rob – you are right – Many clients have identified social media sites as the source of big IT security problem. Drive-by-download malware is “winning” even when organizations have anti-virus installed and updated properly. The malicious code sometimes changes faster than the anti-virus provider can update the signature files. Anti-virus by itself is considered only 40% effective against the drive-by downloads.

      The best defense, though there are no guarantees, is defense in depth including:

      Web filtering software – not only does it block sites you prefer to block, many of the filters strive to detect and block malicious code even on sites that are allowed. Having the web filtering in place is one of the first lines of defense.

      Strong firewalls at the perimeter

      Strong software firewalls on each workstation

      Application and Operating System patches – very important!

      And, an emerging tool that has the potential of being much more effective than anti-virus is application whitelisting from vendors such as http://www.bit9.com/ and http://www.savantprotection.com/en/

      And as always, end-user training security awareness training can help tremendously. Even though there will be some users in the organization who surf irresponsibly, downloading files, clicking on pop-ups, opening every attachment they receive, etc. at least the majority of your team members can help reduce the risk by practicing responsible and more secure activities while online.

      And what if the user surfs social media sites, or any other sites for that matter, and infects their home computer? Blocking all users from bringing memory sticks, DVD’s, CD’s and other storage devices is often impractical. Some VPN’s are improperly configured and can even allow the malware to travel from the home PC directly into the office when the user connects.

  • zandy November 24, 2011 at 9:27 pm - Reply

    I believe definitely it should be block.

Leave a Reply

Your email address will not be published. Required fields are marked *