Your boss is worried. And her boss is worried, and so is her boss’ boss and so on… They’re all worried about Facebook and what you’re doing there.
More than 50% the largest corporations in America are so worried that they do not allow their employees to visit any social networking sites at work. No Facebook. No Twitter. Not even any LinkedIn! That could get pretty depressing.
Some of their worry is justified – even military officials have been caught posting classified information online. But a complete social networking ban is probably unenforceable, as the US Army has discovered. And in a new survey, we’re finding that over 50% of employees are still using Facebook at work.
Even if employers forbid social networking on company PCs, are they going to monitor what you’re doing on your smart phone?
Banning social media may even lead to a DECREASE in employee productivity. Yes, a DECREASE. Limited social network use has been linked to an overall increase in employees’ concentration and productivity. And companies like Dell have proven than embracing social networking can improve the bottom line.
Now, if your employer bans social networking for security reasons, that makes more sense.
Joan Goodchild of CSO Online lays out some excellent arguments against using Facebook specifically in her article “10 Security Reasons to Quit Facebook (And One Reason to Stay On).” And F-Secure’s Chief Research Officer Mikko Hyppönen refuses to open a Facebook account for security reasons, though he’s a fan of Twitter.
Despite the risks, I believe that shutting employees out from social networks disconnects them from what Ralph Waldo Emerson called “the current of events.” Employers can’t afford to keep employees who aren’t connected to rapidly evolving business climate around them. And employees— in an economy where anything that can be automated will be— shouldn’t neglect the opportunity to develop a unique online identity.
But if you’re going to engage in online communities during work hours, it’s your obligation to be safe and savvy about it. Here are a few specific steps you should take to protect yourself, your employer and your job:
1. Know your company’s social media policy and follow it.
Are you allowed to use social networks on company PCs? How often? Which sites? Should you comment as employee or about company matters? What company information are you allowed to share? Who should you consult if you have a question about any of these issues? All of these questions and more should be answered in your company’s social media policy. If you have never read your company’s policy, do it now. If your company doesn’t have a policy, suggest that they create one. Here are some examples. If the policy isn’t realistic, make a case for a policy that works.
2. Use different passwords for your work and your social media accounts.
Smart passwords matter. Annika has written about the importance of creating and remembering strong passwords. A vulnerable password on your Facebook account can jeopardize your personal reputation and friends. Don’t magnify the risk by using the same password for your corporate network.
3. Always log off when you leave your desk.
It’s smart security to log off your computer when you leave your desk. This is even more important when you have your social networking accounts open. If you leave your desk with your browser open to Facebook, you’re begging for a goofy co-worker to post a ridiculous status update in your name. In fact, it’s good policy to log off any site when you’re not using it. You probably don’t want the reputation of being the guy or gal who is always on Facebook, even when you’re sleeping.
4. Avoid unnecessary risks.
Don’t click on or forward links you are unsure about—check any URL with F-Secure’s free Browsing Protection. If someone is asking you for financial help or to spread the word about some controversy, check it out when you get home. Most importantly, leave installing software to the experts. If you need to install a plug-in to see something linked off a Twitter page, you probably don’t need to see that page.
5. Think about what you share with whom.
You know that you should never post anything on the web that you wouldn’t want to see in a newspaper. Consider anything that you post —including items you limit to only “friends” or “friends of friends”— to potentially be in the public domain. This list of 11 things you should never do online provides some great guidelines about what not to share.
Things that you’re fine with being public now may seem embarrassing or even painful later. You may wish for all those pictures of you and your ex or the videos of you and your former coworkers at karaoke would just disappear. But they won’t. So consider who you add to which accounts. Maybe you just want to use Facebook exclusively for non-work friends. Maybe you only want professional connections on LinkedIn. Whatever you do, think before you accept an invitation to connect. And on a site like Twitter, where your tweets are probably open to everyone, think before you share anything.
How do you use social networks at work? Do you have any rules to add? We’d love to know. Take this quick survey and comment below.
If you like sailing and tall ships, I can recommend this podcast about Pam Bitterman’s book Sailing to the far horizon. It’s a great story about the last years of the community-operated ship Sofia, covering both a lot of happy sailing and the ship’s sad end in the early eighties. But this is not about hippies on a ship, it’s about how we record and remember our lives. In the podcast Pam tells us how the book was made possible by her parents saving her letters home. Perhaps they had a hunch that this story will be written down one day. Going on to state that e-mails and phone calls wouldn’t have been saved that way. That’s a very interesting point that should make us think. At least it made me think about what we will remember about our lives in, say, twenty years? We collect more info about what we are doing than ever before. We shoot digital pictures all the time and post status updates on Facebook. We are telling the world where we are, what we are doing and what we feel. Maybe in a way that is shallower than letters home, but we sample our lives at a very granular rate. The real question is however how persistent this data is? If we later realize we have experienced something unique enough to write a book about, have our digital life left enough traces to support us? Pam wrote the book about Sofia some twenty years later. A twenty year old paper is still young, but that’s an eternity in the digital world. Will you still be on the same social media service? Do you still have the same account or have you lost it. Does the service even exist? And what about your e-mails, have you saved them? How are your digital photos archived? You may even have cleaned up yourself to fit everything into a cheaper cloud account. Here’s something to keep in mind about retaining your digital life. Realize the value of your personal records. You may fail to see the value in single Facebook posts, but they may still form a valuable wholeness. If you save it you can choose to use it or not in the future. If you lose it you have no choice. Make sure you don’t lose access to your mail, social media and cloud storage accounts. That would force you to start fresh, which usually means data loss. Always register a secondary mail address in the services. That will help you recover if you forget the password. Use a password manager to avoid losing the password in the first place. Redundancy is your friend. Do not store important data in a single location. The ideal strategy is to store your files both on a local computer and in a cloud account. It provides redundancy and also stores data in several geographically separated locations. This is easy with younited because you can set it to automatically back up selected folders. Mail accounts have limited capacity and you can’t keep stuff forever. Don’t delete your correspondence. Check your mail client instead for a function that archives your mail to local storage. Check your social media service for a way to download a copy of your stuff. In Facebook you can currently find this function under Settings / General. It’s good to do this regularly, and you should at least do it if you plan to close your account and go elsewhere. Migrate your data when switching to a new computer or another cloud service. It might be tricky and take some time, but it is worth it. Do not see it as a great opportunity to start fresh and get rid of "old junk". If you are somewhat serious about digital photography, you should get familiar with DAM. That means Digital Asset Management. This book is a good start. Pam did not have a book in mind when she crossed the Pacific. But she was lucky and her parents helped her retain the memories. You will not be that lucky. Don’t expect your friends on Facebook to archive posts for you, you have to do it yourself. You may not think you’ll ever need the stuff, just like Pam couldn’t see the book coming when onboard Sofia. But you never know what plans the future has for you. When you least expect it, you might find yourself in a developing adventure. Make yourself a favor and don’t lose any digital memories. Safe surfing, Micke
Most of us have some kind of relationship with Facebook. We either love it, hate it or ignore it. Some of us are hooked. Some have found new opportunities, and many have got themselves into a mess on Facebook. Some are worry-free and totally open while others are deeply concerned about privacy. But we probably all agree that Facebook has changed our lives or at least impacted our ways to communicate. Facebook has showed that social media is an important tool for both business and private affairs. Facebook was in the right place at the right time to become the de-facto standard for social media. But the success of Facebook is also what makes it scary. Imagine the power you have if you know everything about everyone in the civilized world. And on top of that with quite loose legislation about what you can do with that data. Ok, everything and everyone are exaggerations, but not too far from the truth. Others have tried to challenge Facebook, but no one has succeeded so far. One reason is that social media automatically is monopolizing. The most important selection criteria is where your friends are, and that drives everyone into one common service. The fact that even Google failed with Google+, despite their huge resources and a ready user base from services like Gmail, just underlines how solid Facebook’s position is. Ello is the latest challenger and they certainly have an interesting approach. Ello tries to hit Facebook straight in its weakest point and provide a service that respect user integrity. They may lack the resources of Google, but they can be credible in this area. The choice between Facebook and Google is like a rock and a hard place for the privacy minded, but Ello is different. Their manifesto says it all. Will Ello survive and will they be the David that finally defeats Goliath? Ello is in a very early phase and they certainly have a very long way to go. But remember that their success depends on you too. You may not be a product on Ello, but you are certainly a feature. The main feature, actually. The team can only provide a framework for our social interactions. But people to be social with is absolutely crucial for any social network. So Ello’s raise or fall is mostly in our hands now. They need enough pioneers to make it a vibrant society. The development team can make the service fail, but they can only create potential for success. Ello needs you to materialize that potential. So what’s my honest opinion about Ello? The fact that the service is based on privacy and integrity is good. We need a social media service like this. But there are also many open questions and dark clouds on Ello’s sky. People have complained about its usability. And yes, usability is quite weird in many ways. It’s also very obvious that Ello is too premature to be a tool for non-technical users. Now in October 2014, I would personally only invite people who are used to beta software. But both usability and the technical quality can be fixed, it just takes more work from the team. A bigger question mark is however the future business model of Ello. On Facebook you’re a product and that’s what pays for the “free” service. But how is Ello going to strike a balance between privacy and funding the operation? This is one of the big challenges. Another is if the privacy-promise really is enough? Many of us are already privacy-aware, but the vast majority is still quite clueless. What Ello needs is either a big increase in privacy awareness or something clever that Facebook doesn’t provide and can’t copy quickly. It may seem futile for a small startup to challenge Facebook. But keep in mind that Facebook was small too once in the beginning. Facebook showed us that we need social media. Perhaps Ello can show us that we need social media with integrity. But anyway, you are among those who decide Ello’s future by either signing up or ignoring it. Safe surfing, @Micke-fi on Ello Picture: ello.co screen capture
Yet another high-profile vulnerability in the headlines, Shellshock. This one could be a big issue. The crap could really hit the fan big time if someone creates a worm that infects servers, and that is possible. But the situation seems to be brighter for us ordinary users. The affected component is the Unix/Linux command shell Bash, which is only used by nerdy admins. It is present in Macs as well, but they seem to be unaffected. Linux-based Android does not use Bash and Windows is a totally different world. So we ordinary users can relax and forget about this one. We are not affected. Right? WRONG! Where is your cloud content stored? What kind of software is used to protect your login and password, credit card number, your mail correspondence, your social media updates and all other personal info you store in web-based systems? Exactly. A significant part of that may be on systems that are vulnerable to Shellshock, and that makes you vulnerable. The best protection against vulnerabilities on your own devices is to make sure the automatic update services are enabled and working. That is like outsourcing the worries to professionals, they will create and distribute fixes when vulnerabilities are found. But what about the servers? You have no way to affect how they are managed, and you don’t even know if the services you use are affected. Is there anything you can do? Yes, but only indirectly. This issue is an excellent reminder of some very basic security principles. We have repeated them over and over, but they deserve to be repeated once again now. You can’t control how your web service providers manage their servers, but you can choose which providers you trust. Prefer services that are managed professionally. Remember that you always can, and should, demand more from services you pay for. Never reuse your password on different services. This will not prevent intrusions, but it will limit the damage when someone breaks into the system. You may still be hurt by a Shellshock-based intrusion even if you do this, but the risk should be small and the damage limited. Anyway, you know you have done your part, and its bad luck if an incident hurts you despite that. Safe surfing, Micke PS. The best way to evaluate a service provider’s security practices is to see how they deal with security incidents. It tells a lot about their attitude, which is crucial in all security work. An incident is bad, but a swift, accurate and open response is very good. Addition on September 30th. Contrary to what's stated above, Mac computers seem to be affected and Apple has released a patch. It's of course important to keep your device patched, but this does not really affect the main point of this article. Your cloud content is valuable and part of that may be on vulnerable servers.