Security Over ROI: No One Gets Fired For Banning Instant Messaging

from the why-not-ban-the-phone dept

Network World has a great opinion piece about the fact that no one gets fired for banning instant messaging at work, noting how security policies often over-protect at the risk of harming potential efficiencies. This has been true for years. When telephones first became common, some companies banned anyone from having a telephone on their desk. In later years, it was true of desktop computers, internet connections, certain applications and specific websites. Lately, there's been an effort to ban social networks. In each case, the reasoning is pretty clear. Security professionals want to lock things down, and the easiest way to do that is to simply ban stuff. It's not their job to see if the applications are actually useful or could provide real ROI to a company. So the real question is how can companies avoid being overly aggressive in banning applications or websites, while still avoiding opening themselves up to too much risk?


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Downsized, Dec 3rd, 2008 @ 5:28pm

    I did.

    Well, technically I wasn't fired, just RIF'd, along with fully half of the data security department.

    The company was experiencing bandwidth exhaustion during business hours, and we determined a huge chunk of the traffic was social networking sites. With no budget to upgrade the Internet link to fractional Gigabit, and with the approval of management, we took steps to de-prioritize this traffic, freeing up bandwidth for "business" applications.

    With the employee backlash against the sudden slowdown in their social networking access, a scapegoat had to be found!

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    sizing up, Dec 3rd, 2008 @ 5:57pm

    ban the social networking!

    As a broad statement I would say that unless you are specifically using the internet as the primary resource to promote your company or product there is little reason to allow access to social networking sites at work. However there quit a few reasons to ban them. Not even related to security is simply production. I bet there is alot of dead weight in downsized company if there is such a backlash from the general employees. It takes some big ones to complain about not being able to goof off on the internet and a bigger idiot spineless boss to back them up and not back up the IT department. I handle this by not even asking permission to block the sites. That's right I gladly block them completely not just lower the priority. I even have the routers display a message that the site has been blocked and logged by the IT department. We did it for a joke at first but the reaction from the employees was that they better not mess around on the internet. it's saved us alot of grief overall.

    Can't believe the company would Downsize for lookig after the greater good. Idiots won again.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Mike, Dec 3rd, 2008 @ 6:21pm

    Silly.

    There are VERY few office environments that would benfit at all from social networking apps at work. If you are an effecient productive employee, you should fill you time with WORK not with socializing. Where I work if you are on personal email, facebook or any of that stuff you are fired, and thats exactly how it should be.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    PassinThru, Dec 3rd, 2008 @ 6:25pm

    Our company requires IM, and is promoting social networking

    We're a high tech company, with approximately 350K employees. Some companies embrace new communication technologies, rather than banning them.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Sammy Boy, Dec 3rd, 2008 @ 6:51pm

    What users are worried about

    The average user "needs" their social networking, the bad part is that they do it in the business environment. I can't say that I have seen anything worthwhile come from social networking while at work. I say an outright ban is needed sometimesand this is one of them.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Rose M. Welch, Dec 3rd, 2008 @ 6:57pm

    Wow... That's crazy...

    We've used Yahoo! Instant Messenger for two years now to communicate between stores. It's been awesome! We no longer have to interrupt each other with telephone calls for little stuff; it just stays on the screen until someone has time to answer it and information is always in writing.

     

    reply to this | link to this | view in thread ]

  7.  
    icon
    crystalattice (profile), Dec 3rd, 2008 @ 7:54pm

    IM: yes. Social sites: no

    I can see using IM at work. It's just another type of communcations device; essentially real time email.

    Social sites, e.g. Facebook, Myspace, etc., have limited value at work, unless a MySpace or other page is part of your company's web presence. But hanging out on their to share photos and crap w/ your friends shouldn't be done at work.

    However, I realize that some people are more productive by taking a little stress-reducing time at work. You simply can't expect people to be productive all the time; if they aren't surfing the web they will chat w/ coworkers, talk on the phone, or simply doodle on paper while staring at the wall.

    A better solution is to simply monitor productivity and Internet usage. If the work productivity drops and 'net usage is up, then you can take action. But if the work quality isn't suffering, then obviously having unfettered Internet access isn't a problem.

    If bandwidth is an issue, just modify the QoS protocols and throttle the culprits.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Tom, Dec 3rd, 2008 @ 8:19pm

    Can see both sides

    We use IM religiously throughout the day and it's been a great productivity tool, especially with multiple offices around the globe.

    Now my peer uses the internet to watch TV programming and movies daily. Yes, I said daily.

    Being an internet company, many web sites are used for marketing and strategic analysis...so it would be tough to selectively block sites.

    It all comes down to professionalism!

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    A. Developer, Dec 3rd, 2008 @ 8:24pm

    same story, different tune

    IT Security people try to justify the darnedest things, rather than fix what's broken. I worked at an insurance company where using Windows file sharing was banned. The only explanation I ever got was "we're not a p2p company"

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Dec 3rd, 2008 @ 8:45pm

    Security BOFHs are trained at the North American Headquarters of Wackenhut to treat all unknowns as a threat.

    Employee: Why, is that a Banana on your desk?
    BOFH: DONT TOUCH IT! IT MAY BE A BOMB!

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Paul`, Dec 3rd, 2008 @ 8:55pm

    I can see how yahoo IM or Windows Live Messenger could be used in a business environment, as someone said above communicating between stores is one way.

    But unless you're promoting a product or service on say Facebook there is no need to have access to it at work.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Ted, Dec 3rd, 2008 @ 9:43pm

    unbillable

    The real issue is fair return for wages. Last month on an office cell phone, one of my former employees ran up 18 hours of use. Occasional use is one thing; stealing hours is another. As a small business owner, boy, do I feel stupid.
    Yet another written policy for the books.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, Dec 3rd, 2008 @ 10:01pm

    Re: Silly.

    Well, i tell you what guys. If our IT dept starts playing games with social networking sites, we would all quit. Our company benefits from allowing us to visit social network sites by enjoying our continued goodwill. Quantify that, if you can.

     

    reply to this | link to this | view in thread ]

  14.  
    icon
    Mike (profile), Dec 3rd, 2008 @ 11:04pm

    Re: ban the social networking!

    As a broad statement I would say that unless you are specifically using the internet as the primary resource to promote your company or product there is little reason to allow access to social networking sites at work

    People used to say the same thing about the telephone.

    These days, communication is quite important. Blocking the way people communicate is simply bad business -- and many people communicate via social networking sites.

    Yes, our companies does work via the internet, but we recently signed a deal because I saw someone mention something in their facebook status. Why block out that opportunity?

    Not even related to security is simply production.

    So, measure productivity. If someone is not being productive, then deal with that. Don't ban completely.

    That's right I gladly block them completely not just lower the priority. I even have the routers display a message that the site has been blocked and logged by the IT department.

    I'm glad I don't work for your company, and I think in 10 years or so you'll regret bragging about blocking useful tools from your employees, just as companies used to ban email.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    David Ruschinek, Dec 4th, 2008 @ 4:55am

    Reasons why companies want to block social/community sites

    Many companys have a company culture. Empolyees are expected to play a part in developing that culture. That culture also has expectations of an employees social life.
    Many companies have a "corporate outside of work social time
    co-ordinator". Very often the employees who's social life is tied to the company social life, advance the corporate ladder faster, because their life is then tied to the company.

    Consequently Social Networks remind employees that there is life "away from the people at the office."

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    School Techie, Dec 4th, 2008 @ 6:23am

    Even non-profits affected

    It's already becoming an issue here at our school district. We do allow Linkedin, but none of the others. It has become an issue for us because other school districts within the state do not limit access for staff.

    Teachers have had the most frustrating time networking with teachers in other schools. Even the state association of teachers has had difficulty. Couple this with blocking ning.com (NCTE is using for the this year's conference - ncte2008.ning.com), video sites (consultant has no access to her own videos while working here), and outside email (said consultant cannot check their email while here) and you get the result of a lot of wasted time.

    In fairness, the current staff inherited a badly managed network. AD is not setup correctly, so we have only one policy for students *and* staff. When that is fixed soon, it will be better. In the meantime, though, it's frustrating work around here...

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    anymouse, Dec 4th, 2008 @ 8:20am

    Just make the tools worthless and people won't bother to use them

    Where I work we have a network Instant Messaging application (Novell) that everyone is allowed/encouraged to use for interoffice communications. Adoption was great, brief communications allowed quicker response times and easier communication, then something happened.....

    ITS globally disabled the ability to save or print conversations from the IM application itself... So give your employees a communication tool, then once they start using it, neuter its functionality so it's rather worthless for documentation. Someone IM's asking a user to take care of a specific issue, and they include all the relevant details in the IM, the receiving party either has to process the request while looking at the IM window, or they have to manually copy and paste the conversation into Word or another text editor to print out a copy to attach with the resolved issue.

    I'm guessing that someone higher up said something they shouldn't have over IM and someone printed it out and distributed it, thus embarrassing the individual, who then pushed our IT department to limit the functionality of the tool, since it was obviously a problem with the communication tool and not the sender, right?

    Gotta luv gubbernment workers.... (Government Worker, isnt' that an Oxymoron?)

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This