Solved

Should I block social media on my corporate network?

Posted on 2014-12-08
12
210 Views
Last Modified: 2014-12-18
Hello all,
I am getting mixed signals on the vulnerability of allowing social media on my corporate network.  I am contemplating blocking all access to social media for all users except for our Marketing department who is the only area who really need access.  And allowing them access through a seperate network.  I guess my first question is;
 Is social media a vulnerability to my corporate network?
 Is is overkill to worry about letting users have access to social media via our corporate network?
My belief is, better safe than sorry.   I am looking forward to the responses and your views on social media in the workplace.
0
Comment
Question by:brisma
  • 3
  • 3
  • 2
  • +3
12 Comments
 
LVL 20

Accepted Solution

by:
Russ Suter earned 250 total points
ID: 40487046
Social media, in and of itself, doesn't really represent much of a security risk. The risk is the people using it. If you have truly savvy users then there's little to worry about. I've yet to work at a company where I don't have at least a few users who shouldn't be anywhere near a mouse.

The other issue is one of productivity. Restricting users access to social media sites gives them one less distraction from doing their regular work.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 40487047
Social media is a fruitful way to socially engineer bogus links which harbor viruses and malware designed to steal information from computers. You cannot stop this.

So to the extent you allow it (for specific users or for everyone), you need to train people on common sense computing. People should not click on links they do not know or understand no matter how inviting. Social "friends" may not be friends at all.
0
 
LVL 26

Assisted Solution

by:Thomas Zucker-Scharff
Thomas Zucker-Scharff earned 250 total points
ID: 40487066
The 2 previous experts have hit it on the head.  SM can be a boon, especially to HR, but user training is a must.  Links in twitter are the worst.  I have had many people infected because they haphazardly click links in twitter posts.  Note that even if you block SM by blocking port 448, you it is fairly easy to set up notifications through email, so the user training is imperative.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 40487074
"The other issue is one of productivity. Restricting users access to social media sites gives them one less distraction from doing their regular work."

Unfortunately it has been found that blocking social media generally leads to staff being EVEN LESS productive than when you allow it.  Those people addicted to social media will resort to using their personal smart phone and using social media on those devices.  We took the decision over a year ago to allow social media to all 4000+ employees and after an initial burst in network traffic we see hardly any noticeable increase now at

Of course we have a policy in place that states clearly what is and is not acceptable, when and how social media can/should be used.  Users generally tend to behave better when treated as responsible adults rather than as convicts or children.
0
 

Author Comment

by:brisma
ID: 40487119
I thank you all for the replies.  We are a very small company and I am the lone IT guy.  Russ made a point that there are some users that should not have access to a mouse, I agree with that statement whole-heartedly, and it does not matter how much training you do,  there will always be problems.  I believe 90% percent of vulnerability is the end user.   Neilsr brought up a study that stated allowing SM improves employee productivity.  That may be true in some cases but I can say I had a supervisor come to me and request blocking certain sites and monitor internet activity and that person told me that productivity improved in the department and her employees were getting their jobs done.  I look forward to more replies.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 40487145
The latter point you made is more a management point than the social engineering / malware point.

It is really up to management to monitor peoples' productivity. If they cannot help but much around with Facebook, Twitter and so on, then they should be blocked. But to say again, this is a management issue.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 37

Expert Comment

by:Neil Russell
ID: 40487154
Bear in mind that Monitoring and Blocking are two very different things. We don't block but we do monitor. As I said, we have clear policies and guidelines that explain what an employee can and cannot do.
If you have a good policy in place then it is about people management. If you have staff spending 50% of a working day on SM then you have a HR issue not a Technical one.
0
 

Author Comment

by:brisma
ID: 40487165
So to steer this back to a security question.
If social media is not imperative for users, would you take the necessary step to eliminate from your corporate network and have it accessible on a separate network for the users who do need it?
Or is this overkill?
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 40487173
I would look at your firewall or other like product to block people from websites. Putting them on a separate network causes complications and I think is overkill.

At my clients, management practices and training solve most of the problems.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 40487562
Agreed. As I said, its not a technical but a political and management issue.   If you can't trust your users to be sensible then should they be your users?  If your antivirus and web monitoring software do not do their job correctly, replace them.

A user that feels trusted and appreciated is far more likely to be productive than one who you tell "We dont trust you, you can't access the internet because you might do stupid things".

As they say, A happy workforce is a productive workforce.
0
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
ID: 40487586
well said neilsr, but I can't trust my boss because he can be relied upon to click on any old link that comes his way.  I have straightened out his machine more times than I would like to count.  In order to get work done and make it a little easier on him I tell him certain things just can't be done, even if they can.  It works, since he is not willing to change his browsing/clicking habits this is the only solution I came up with that appeases all sides.  I lock down his machine as much as possible without making it impossible for him to work.

I make more frequent backups of his data than of others'. His machine has a greater degree of security than most as well.
0
 
LVL 10

Expert Comment

by:Schuyler Dorsey
ID: 40507277
Social media DOES have some security implications. There have been a lot of strains of malware over the past 24 months that use Facebook and Twitter as their C2 server.

For example, the malware writer may create a Twitter profile and tweet to it. When the malware infects a computer, it will make a call out to twitter to check that Twitter profile. The malware-writer's tweets acts as commands to the malware.

Blocking social media is usually a BUSINESS decision though and not a technical decision. But at the same time, you need to understand the technical security risk as well.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now