A common misconception is that it’s up to the IT department to impose restrictions on access to social media at work. Pat Devlin outlines where and how HR should be involved
As employees in companies of all sizes continue to discover new and creative ways to use the web, organisations today are struggling to maintain control of the corporate network while empowering workers, partners, and other stakeholders with access to critical functionality. A staggering number of new social networking applications have emerged and the number grows daily.
While it’s undeniable that social media has brought a new era of opportunity and cooperation for organisations, it has also at the same time brought its fair share of challenges. Many HR departments have yet to fully appreciate the security and compliance issues related to unfettered employee social access. Although security software may help with some aspects of controlling employee access, it is not a panacea.
Indeed, while IT managers were once apt to deny access to applications whose origins were found in the consumer world, such an approach is increasingly problematic. After all, applications such as Facebook have proven immensely valuable for many in the business world, particularly among HR, sales and marketing groups. These social networking sites are now literally the most popular sites on the internet and hence a hacker’s paradise. The increasing number of cyber attacks on these sites – Facebook, Google and most recently LinkedIn – are a testament to this fact.
How can policies and rules be developed to support application control software and protect the information bank of an organisation?
Although most effective policies are developed with input from all departments across an organisation, HR departments must take charge of implementation and education in order to get maximum buy-in from the staff. These policies in turn help to guard the organisation against unexpected and unwanted outcomes, and unethical or even illegal behaviours. As circumstances change, policies must evolve in step with these changes and HR’s input becomes critical in shaping these policies in line with the values and needs of the staff.
Avoiding HR’s coup on the social world
While technology is ultimately a platform to secure an organisation’s network, HR managers are the vehicle to drive this control smoothly through the organisation in a way that will ensure sustainable compliance.
HR is about understanding people’s needs, values and capabilities. Throw social media into this incendiary mix and you have a volatile concoction of emotion, outside interaction, personal bias and situational uncertainties to form a ticking time bomb. So what are the available options for HR departments to diffuse the situation without imposing military style controls that only increase employee resistance and drive operations underground?
One of the key things to remember is that people like to be involved and they don’t like surprises. Any change in status quo will result in resistance. Policies must therefore be developed with input from the employees through working groups, feedback loops and surveys in order to be effective. Some of the outliers have implemented information sharing and visibility as a best practice in their organisations with great results. HR departments must leverage its expertise in this space to gain the maximum amount of information and develop insights into what is best for the organisation and its people.
If a policy states that users should not access outside mail accounts or Web-based mail agents utilising an organisation’s resources, then the risks of doing so must also be explained to them. HR then becomes the department that can develop and enforce policies to protect the organisation from unnecessary litigation, vulnerabilities from outside attacks as well as implement effective controls.
The HR department’s involvement in policy development and implementation must therefore become a part of the solution rather than perceived by the employees as part of the problem which is the basis of sustainable compliance.