It seems that as these younger workers are graduating and entering the work force, we are undergoing a significant sea change in how workers view and respect sensitive information in the daily course of business. The advent of Social Media tools such as Facebook and Twitter has changed our ability to rapidly access and disseminate information. This makes it more important than ever to be sensitive to our responsibilities to guard our clients' information. However, the natural approach of management today is to simply put a stop to it.

The good, bad and ugly of Social Networking

 The good of Social Networking is that is a powerful sharing and collaboration tool. Used properly it facilitates and accelerates our ability to communicate, quickly replacing e-Mail as the tool of choice. Whereas e-mail is a one-to-one communication platform and can be managed via encryption and other tools, social media tools are one-to-many, immediate, and there are few if any tools available to restrict or manage their use.  Just as we needed to develop Internal Control Procedures to train and convey to employees what were permissible uses of e-Mail, so too must we develop procedures to establish guidelines and limitation on what is allowable uses of Social Networking in our workplace and, what information is restricted and may not be conveyed outside the office as well.

Even though the risks of exposing information via social networking is bad, there are good benefits to creating a Facebook site, or Twitter account for your firm to convey positive information to clients and potential clients. This should be done by employees who are passing positive information on to others.

The bad side of Social Networking is that you cannot stop it. Blocking firewalls and routers from accessing certain sites is, for the most part, a useless endeavor with easy work arounds.  Such measures do not affect users who use such tools at home or on the road.  It is extremely important therefore to educate everyone in the office to use social networking tools appropriately.

The ugly side is that once you develop good Internal Control Procedures you must enforce them. If an employee, after training, violates the rules appropriate actions must be taken.

Creating Internal Control Procedures

You might consider the following steps to establish policies on social networking published by SHRM Online:

• Get fully informed about the various social networking venues, their thrust and theme, successes and foibles.

• Identify the kinds of social networking conduct by employees that your company wants to regulate.

• Decide the level at which some sites will be filtered or blocked by your company's computer network.

• Determine the job categories that have inherent, appropriate workplace uses for social networking and grant access to social networks to workers in those groups only.

• Craft a clear, concise policy that can withstand legal scrutiny.

• Ensure that employees read and sign the policy.

• Update the policy annually, based upon policy reviews conducted jointly by HR and other corporate managers, employment lawyers and other experts.

• Make sure managers buy into the policy, and communicate it through multiple channels.

There are a number of web-sites that offer advice on creating your policy.  The federal government recently published Guidelines for Secure Use of Social Media by Federal Departments and Agencies.

This document can be found at
http://www.cio.gov/Documents/Guidelines_for_Secure_Use_Social_Media_v01-0.pdf

IBM has published their guidelines for blogging, wikis, social networks, virtual worlds and so forth at http://www.ibm.com/blogs/zz/en/guidelines.html

If you want to educate yourself, or your staff on the subject of Social Network Etiquette, read this article
http://www.msnbc.msn.com/id/32691783/ns/technology_and_science-tech_and_gadgets/

There is also a sample short Internal Control Procedure at http://www.tsif.com/socialnetworking.htm

First, Do No Harm

What information is proper to share over the Internet and what isn't, is really not that difficult to understand.  Most of the time good common sense can be your guide. Don't tweet or post a comment about anyone that you would not say to their face!  If the information is client related, or is information that belongs to the firm - DON'T POST IT!  If your office has rules about what may be written down in the firm, notes, comments and so forth, to include in client files - all these rules apply to cyberspace as well.

Keep your personal Facebook or Twitter accounts personal and do not include work. It really is as simple as that. But every once in a while someone just does a dumb post by accident, exposing sensitive information, it is more likely to occur because you are mad, or upset, or bored.  Stop and take a deep breath before you post. It may be better to go home, take a run, or just yell out loud in the woods than post something you will live to regret.

If you are looking for a long and profitable career, pay attention to what you post on your personal posts as well.  Now that web based search engines are included social networking posts, your comments cannot be taken back, and they may exist across the Internet for many years to come! If you have pictures on your sites that you would not want your minister or your mom to see – perhaps there are good reasons to take them down.

Dr. Bob Spencer is an internationally recognized author, lecturer, and consultant who has written more than a dozen books on technology in business and can be reached at www.bobspencer.com. Dr. Bob is associated with K2 Enterprises, www.k2e.com and Network Management Group, www.nmgi.com as a consultant.

Randolph P. Johnston (Randy) is one of the founding shareholders of NMGI, having worked in technology for over 30 years. He has written multiple college texts on technology as well as course materials for K2 Enterprises where is also a shareholder. Randy speaks and consults nationally on accounting software, paperless and CPA firm technologies, and is an internationally known speaker.