Security Over ROI: No One Gets Fired For Banning Instant Messaging

from the why-not-ban-the-phone dept

Network World has a great opinion piece about the fact that no one gets fired for banning instant messaging at work, noting how security policies often over-protect at the risk of harming potential efficiencies. This has been true for years. When telephones first became common, some companies banned anyone from having a telephone on their desk. In later years, it was true of desktop computers, internet connections, certain applications and specific websites. Lately, there’s been an effort to ban social networks. In each case, the reasoning is pretty clear. Security professionals want to lock things down, and the easiest way to do that is to simply ban stuff. It’s not their job to see if the applications are actually useful or could provide real ROI to a company. So the real question is how can companies avoid being overly aggressive in banning applications or websites, while still avoiding opening themselves up to too much risk?

Filed Under: ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Security Over ROI: No One Gets Fired For Banning Instant Messaging”

Subscribe: RSS Leave a comment
Downsized says:

I did.

Well, technically I wasn’t fired, just RIF’d, along with fully half of the data security department.

The company was experiencing bandwidth exhaustion during business hours, and we determined a huge chunk of the traffic was social networking sites. With no budget to upgrade the Internet link to fractional Gigabit, and with the approval of management, we took steps to de-prioritize this traffic, freeing up bandwidth for “business” applications.

With the employee backlash against the sudden slowdown in their social networking access, a scapegoat had to be found!

sizing up says:

ban the social networking!

As a broad statement I would say that unless you are specifically using the internet as the primary resource to promote your company or product there is little reason to allow access to social networking sites at work. However there quit a few reasons to ban them. Not even related to security is simply production. I bet there is alot of dead weight in downsized company if there is such a backlash from the general employees. It takes some big ones to complain about not being able to goof off on the internet and a bigger idiot spineless boss to back them up and not back up the IT department. I handle this by not even asking permission to block the sites. That’s right I gladly block them completely not just lower the priority. I even have the routers display a message that the site has been blocked and logged by the IT department. We did it for a joke at first but the reaction from the employees was that they better not mess around on the internet. it’s saved us alot of grief overall.

Can’t believe the company would Downsize for lookig after the greater good. Idiots won again.

Mike (profile) says:

Re: ban the social networking!

As a broad statement I would say that unless you are specifically using the internet as the primary resource to promote your company or product there is little reason to allow access to social networking sites at work

People used to say the same thing about the telephone.

These days, communication is quite important. Blocking the way people communicate is simply bad business — and many people communicate via social networking sites.

Yes, our companies does work via the internet, but we recently signed a deal because I saw someone mention something in their facebook status. Why block out that opportunity?

Not even related to security is simply production.

So, measure productivity. If someone is not being productive, then deal with that. Don’t ban completely.

That’s right I gladly block them completely not just lower the priority. I even have the routers display a message that the site has been blocked and logged by the IT department.

I’m glad I don’t work for your company, and I think in 10 years or so you’ll regret bragging about blocking useful tools from your employees, just as companies used to ban email.

School Techie says:

Re: Re: Even non-profits affected

It’s already becoming an issue here at our school district. We do allow Linkedin, but none of the others. It has become an issue for us because other school districts within the state do not limit access for staff.

Teachers have had the most frustrating time networking with teachers in other schools. Even the state association of teachers has had difficulty. Couple this with blocking (NCTE is using for the this year’s conference –, video sites (consultant has no access to her own videos while working here), and outside email (said consultant cannot check their email while here) and you get the result of a lot of wasted time.

In fairness, the current staff inherited a badly managed network. AD is not setup correctly, so we have only one policy for students *and* staff. When that is fixed soon, it will be better. In the meantime, though, it’s frustrating work around here…

Mike says:


There are VERY few office environments that would benfit at all from social networking apps at work. If you are an effecient productive employee, you should fill you time with WORK not with socializing. Where I work if you are on personal email, facebook or any of that stuff you are fired, and thats exactly how it should be.

crystalattice (profile) says:

IM: yes. Social sites: no

I can see using IM at work. It’s just another type of communcations device; essentially real time email.

Social sites, e.g. Facebook, Myspace, etc., have limited value at work, unless a MySpace or other page is part of your company’s web presence. But hanging out on their to share photos and crap w/ your friends shouldn’t be done at work.

However, I realize that some people are more productive by taking a little stress-reducing time at work. You simply can’t expect people to be productive all the time; if they aren’t surfing the web they will chat w/ coworkers, talk on the phone, or simply doodle on paper while staring at the wall.

A better solution is to simply monitor productivity and Internet usage. If the work productivity drops and ‘net usage is up, then you can take action. But if the work quality isn’t suffering, then obviously having unfettered Internet access isn’t a problem.

If bandwidth is an issue, just modify the QoS protocols and throttle the culprits.

Tom says:

Can see both sides

We use IM religiously throughout the day and it’s been a great productivity tool, especially with multiple offices around the globe.

Now my peer uses the internet to watch TV programming and movies daily. Yes, I said daily.

Being an internet company, many web sites are used for marketing and strategic analysis…so it would be tough to selectively block sites.

It all comes down to professionalism!

David Ruschinek (profile) says:

Reasons why companies want to block social/community sites

Many companys have a company culture. Empolyees are expected to play a part in developing that culture. That culture also has expectations of an employees social life.
Many companies have a “corporate outside of work social time
co-ordinator”. Very often the employees who’s social life is tied to the company social life, advance the corporate ladder faster, because their life is then tied to the company.

Consequently Social Networks remind employees that there is life “away from the people at the office.”

anymouse says:

Just make the tools worthless and people won't bother to use them

Where I work we have a network Instant Messaging application (Novell) that everyone is allowed/encouraged to use for interoffice communications. Adoption was great, brief communications allowed quicker response times and easier communication, then something happened…..

ITS globally disabled the ability to save or print conversations from the IM application itself… So give your employees a communication tool, then once they start using it, neuter its functionality so it’s rather worthless for documentation. Someone IM’s asking a user to take care of a specific issue, and they include all the relevant details in the IM, the receiving party either has to process the request while looking at the IM window, or they have to manually copy and paste the conversation into Word or another text editor to print out a copy to attach with the resolved issue.

I’m guessing that someone higher up said something they shouldn’t have over IM and someone printed it out and distributed it, thus embarrassing the individual, who then pushed our IT department to limit the functionality of the tool, since it was obviously a problem with the communication tool and not the sender, right?

Gotta luv gubbernment workers…. (Government Worker, isnt’ that an Oxymoron?)

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...