Resolving the Great Social Media at Work Dilemma: Access or Security?
By BUFFERZONE Team, 28/03/2017
Social media is not just big: it is gigantic. Across the world there are over 2.3 billion active social media users, the average internet user has 5 separate social media accounts, and a staggering 1 million new users get on the social media train each day.
In light of these massive numbers, it is not surprising that a growing number of employees are accessing social media websites for a variety of justifiable reasons. For example, most sales reps would not dream of engaging a prospect without first conducting a social media background check, and marketing teams often rely on social media to keep an eye on the competition.
However, enterprise executives in all sectors — but especially those in the financial and healthcare spaces – are much less enamored by social media in the workplace. This is not because they have something fundamentally against the concept. Rather, it is because they are under increasing pressure to ensure that employees do not accidently or ignorantly reveal sensitive corporate information — which on the social media landscape can be done with a seemingly harmless like, share or vote. In fact, as strange as it sounds, even a stray emoji can potentially open the information breach floodgates (think of an employee who “winks” in response to a comment about a rumored merger, upcoming product launch, imminent exit from stealth mode, etc.).
What’s more, enterprises are not just being pressured by shareholders and stakeholders (e.g. customers, suppliers, channel partners, etc.). to govern employee social media use. Regulators such as Financial Regulatory Industry Authority (FINRA) and the Federal Financial Institutions Examination Council (FFIEC) have issued guidelines that, among other requirements, call upon enterprises to track, store and render audit-ready all social media activity. And “all” in this sense truly means “all”: every single post, tweet, re-tweet, upvote, downvote, like, dislike, share, and so on. Enterprises that fail in this duty risk fines, sanctions and/or reputation damage — any of which will undoubtedly trigger reactions among executives for which, alas, there is no emoji. Only acute anger, lasting embarrassment and plenty of apologizing.
Social Media or Not Social Media?
Understandably, these requirements — which are only going to become more onerous as the years unfold — are creating huge headaches for InfoSec professionals who are tasked with this massive compliance burden. As such it is not surprising that some enterprises have severely restricted social media access to select teams and specific purposes, or in some cases have blocked it entirely.
However, while this move might make sense in the executive boardroom, it is being met by employees with everything from angry derision to outright defiance. What’s more, experts point out that rigidly curtailing or banning social media is simply not good strategy, since the damage to productivity, morale, teamwork (e.g. marketing people can surf to YouTube while customer service people cannot), collaboration, transparency, and so on outweigh the benefits — especially since employees with basic Googling skills can easily learn how to circumvent restrictions and access restricted websites.
BUFFERZONE: The Best of Both Worlds
The good news is that executives do not have to risk an employee uprising or brace for impact on a threat landscape where regulators are almost as terrifying as cyber criminals. Instead, they can both enable access and increase security – not one instead of the other — with BUFFERZONE’s new Read-Only Browsing feature.
As the term suggests, this exciting new feature renders all web browsing sessions to social media sites as read-only. As a result, employees can surf to social media websites and connect with prospective customers, check out the competition, and do anything else social media-related that is part of their scope and mandate. However, since they cannot leave comments or interface with social media elements (e.g. likes, upvotes, etc.), there is no risk that they will leak sensitive or secure information.
What’s more, organizational proxy servers can be configured to enforce all access to social media websites to come from the BUFFERZONE virtual container. As such, employees cannot circumvent the policy. But then again, they have no incentive to do so since they are not blocked from social media websites in the first place.
Add it all up, and it is the best of both worlds: access and security. The only people happier than employees are InfoSec professionals who no longer face an unsustainable compliance burden, and executives who are spared the wrath of regulators.