Security Over ROI: No One Gets Fired For Banning Instant Messaging
from the why-not-ban-the-phone dept
Network World has a great opinion piece about the fact that no one gets fired for banning instant messaging at work, noting how security policies often over-protect at the risk of harming potential efficiencies. This has been true for years. When telephones first became common, some companies banned anyone from having a telephone on their desk. In later years, it was true of desktop computers, internet connections, certain applications and specific websites. Lately, there’s been an effort to ban social networks. In each case, the reasoning is pretty clear. Security professionals want to lock things down, and the easiest way to do that is to simply ban stuff. It’s not their job to see if the applications are actually useful or could provide real ROI to a company. So the real question is how can companies avoid being overly aggressive in banning applications or websites, while still avoiding opening themselves up to too much risk?
Comments on “Security Over ROI: No One Gets Fired For Banning Instant Messaging”
I did.
Well, technically I wasn’t fired, just RIF’d, along with fully half of the data security department.
The company was experiencing bandwidth exhaustion during business hours, and we determined a huge chunk of the traffic was social networking sites. With no budget to upgrade the Internet link to fractional Gigabit, and with the approval of management, we took steps to de-prioritize this traffic, freeing up bandwidth for “business” applications.
With the employee backlash against the sudden slowdown in their social networking access, a scapegoat had to be found!
ban the social networking!
As a broad statement I would say that unless you are specifically using the internet as the primary resource to promote your company or product there is little reason to allow access to social networking sites at work. However there quit a few reasons to ban them. Not even related to security is simply production. I bet there is alot of dead weight in downsized company if there is such a backlash from the general employees. It takes some big ones to complain about not being able to goof off on the internet and a bigger idiot spineless boss to back them up and not back up the IT department. I handle this by not even asking permission to block the sites. That’s right I gladly block them completely not just lower the priority. I even have the routers display a message that the site has been blocked and logged by the IT department. We did it for a joke at first but the reaction from the employees was that they better not mess around on the internet. it’s saved us alot of grief overall.
Can’t believe the company would Downsize for lookig after the greater good. Idiots won again.
Re: ban the social networking!
As a broad statement I would say that unless you are specifically using the internet as the primary resource to promote your company or product there is little reason to allow access to social networking sites at work
People used to say the same thing about the telephone.
These days, communication is quite important. Blocking the way people communicate is simply bad business — and many people communicate via social networking sites.
Yes, our companies does work via the internet, but we recently signed a deal because I saw someone mention something in their facebook status. Why block out that opportunity?
Not even related to security is simply production.
So, measure productivity. If someone is not being productive, then deal with that. Don’t ban completely.
That’s right I gladly block them completely not just lower the priority. I even have the routers display a message that the site has been blocked and logged by the IT department.
I’m glad I don’t work for your company, and I think in 10 years or so you’ll regret bragging about blocking useful tools from your employees, just as companies used to ban email.
Re: Re: Even non-profits affected
It’s already becoming an issue here at our school district. We do allow Linkedin, but none of the others. It has become an issue for us because other school districts within the state do not limit access for staff.
Teachers have had the most frustrating time networking with teachers in other schools. Even the state association of teachers has had difficulty. Couple this with blocking ning.com (NCTE is using for the this year’s conference – ncte2008.ning.com), video sites (consultant has no access to her own videos while working here), and outside email (said consultant cannot check their email while here) and you get the result of a lot of wasted time.
In fairness, the current staff inherited a badly managed network. AD is not setup correctly, so we have only one policy for students *and* staff. When that is fixed soon, it will be better. In the meantime, though, it’s frustrating work around here…
Silly.
There are VERY few office environments that would benfit at all from social networking apps at work. If you are an effecient productive employee, you should fill you time with WORK not with socializing. Where I work if you are on personal email, facebook or any of that stuff you are fired, and thats exactly how it should be.
Re: Silly.
Well, i tell you what guys. If our IT dept starts playing games with social networking sites, we would all quit. Our company benefits from allowing us to visit social network sites by enjoying our continued goodwill. Quantify that, if you can.
Our company requires IM, and is promoting social networking
We’re a high tech company, with approximately 350K employees. Some companies embrace new communication technologies, rather than banning them.
What users are worried about
The average user “needs” their social networking, the bad part is that they do it in the business environment. I can’t say that I have seen anything worthwhile come from social networking while at work. I say an outright ban is needed sometimesand this is one of them.
Wow... That's crazy...
We’ve used Yahoo! Instant Messenger for two years now to communicate between stores. It’s been awesome! We no longer have to interrupt each other with telephone calls for little stuff; it just stays on the screen until someone has time to answer it and information is always in writing.
IM: yes. Social sites: no
I can see using IM at work. It’s just another type of communcations device; essentially real time email.
Social sites, e.g. Facebook, Myspace, etc., have limited value at work, unless a MySpace or other page is part of your company’s web presence. But hanging out on their to share photos and crap w/ your friends shouldn’t be done at work.
However, I realize that some people are more productive by taking a little stress-reducing time at work. You simply can’t expect people to be productive all the time; if they aren’t surfing the web they will chat w/ coworkers, talk on the phone, or simply doodle on paper while staring at the wall.
A better solution is to simply monitor productivity and Internet usage. If the work productivity drops and ‘net usage is up, then you can take action. But if the work quality isn’t suffering, then obviously having unfettered Internet access isn’t a problem.
If bandwidth is an issue, just modify the QoS protocols and throttle the culprits.
Can see both sides
We use IM religiously throughout the day and it’s been a great productivity tool, especially with multiple offices around the globe.
Now my peer uses the internet to watch TV programming and movies daily. Yes, I said daily.
Being an internet company, many web sites are used for marketing and strategic analysis…so it would be tough to selectively block sites.
It all comes down to professionalism!
same story, different tune
IT Security people try to justify the darnedest things, rather than fix what’s broken. I worked at an insurance company where using Windows file sharing was banned. The only explanation I ever got was “we’re not a p2p company”
Security BOFHs are trained at the North American Headquarters of Wackenhut to treat all unknowns as a threat.
Employee: Why, is that a Banana on your desk?
BOFH: DONT TOUCH IT! IT MAY BE A BOMB!
I can see how yahoo IM or Windows Live Messenger could be used in a business environment, as someone said above communicating between stores is one way.
But unless you’re promoting a product or service on say Facebook there is no need to have access to it at work.
unbillable
The real issue is fair return for wages. Last month on an office cell phone, one of my former employees ran up 18 hours of use. Occasional use is one thing; stealing hours is another. As a small business owner, boy, do I feel stupid.
Yet another written policy for the books.
Reasons why companies want to block social/community sites
Many companys have a company culture. Empolyees are expected to play a part in developing that culture. That culture also has expectations of an employees social life.
Many companies have a “corporate outside of work social time
co-ordinator”. Very often the employees who’s social life is tied to the company social life, advance the corporate ladder faster, because their life is then tied to the company.
Consequently Social Networks remind employees that there is life “away from the people at the office.”
Just make the tools worthless and people won't bother to use them
Where I work we have a network Instant Messaging application (Novell) that everyone is allowed/encouraged to use for interoffice communications. Adoption was great, brief communications allowed quicker response times and easier communication, then something happened…..
ITS globally disabled the ability to save or print conversations from the IM application itself… So give your employees a communication tool, then once they start using it, neuter its functionality so it’s rather worthless for documentation. Someone IM’s asking a user to take care of a specific issue, and they include all the relevant details in the IM, the receiving party either has to process the request while looking at the IM window, or they have to manually copy and paste the conversation into Word or another text editor to print out a copy to attach with the resolved issue.
I’m guessing that someone higher up said something they shouldn’t have over IM and someone printed it out and distributed it, thus embarrassing the individual, who then pushed our IT department to limit the functionality of the tool, since it was obviously a problem with the communication tool and not the sender, right?
Gotta luv gubbernment workers…. (Government Worker, isnt’ that an Oxymoron?)