Most businesses missing Facebook policy

More than half the respondents of a recent poll said their organisation does not have a policy on using Facebook.

Sixty-one percent of 127 IT security professionals polled by security firm nCircle said they have not instituted a Facebook usage policy.

But due to the ubiquity of social media sites such as Facebook, there is high potential for employees to accidentally release intellectual property or discuss confidential company information, Andrew Storms, director of security operations for nCircle, told SCMagazineUS.com.

“The bottom line is that most of the information you put in social networking sites become public," Storms said. "The general guidelines should be that if you put information on a site, it's best to assume it's public. And once it's public it's almost never removed."

Social network sites also pose other concerns to an organisation, Chenxi Wang, a principal analyst at Forrester Research, told SCMagazineUS.com in an email.

Facebook, for example, has many applications written by third parties and the security of these applications is often unverified, allowing them to potentially spread malware, she said.

A Facebook spokesperson could not immediately be reached for comment, but according to the company's developer site, applications must protect users' data.

Besides the security implications, Facebook also could pose a loss of productivity and bandwidth, Wang said.

Facebook, though, also provides benefits to an organisation, Wang said. They could use the site to advertise, as a recruiting tool or to perform informal background checks on prospective employees.

Facebook also is useful for collaboration and group communication, without the need for a physical infrastructure, Wang said. Many companies actually are conducting business meetings on Facebook.

But companies need to have a Facebook policy in place, she added.

“You should have a policy to regulate it," Wang said. "Depending on your business, your policy can be very restrictive to very liberal."

She recommend a group-specific policy, meaning that certain groups, such as marketing and human relations, may have access to Facebook, but other groups might only have limited access.

Web-filtering products can enable companies to customise settings about who can access Facebook -- and when.

As far as banning Facebook altogether, both Wang and Storms feel that is too drastic a position to take.

“Cutting it off altogether will deter young workers from joining the company and discourage existing workers who may enjoy the use of Facebook at home or other organisations,” Wang said.

See original article on scmagazineus.com