Look Busy! 5 Rules for Social Networking at Work

Your boss is worried. And her boss is worried, and so is her boss’ boss and so on… They’re all worried about Facebook and what you’re doing there.

More than 50% the largest corporations in America are so worried that they do not allow their employees to visit any social networking sites at work. No Facebook. No Twitter. Not even any LinkedIn! That could get pretty depressing.

Some of their worry is justifiedeven military officials have been caught posting classified information online. But a complete social networking ban is probably unenforceable, as the US Army has discovered. And in a new survey, we’re finding that over 50% of employees are still using Facebook at work.

Even if employers forbid social networking on company PCs, are they going to monitor what you’re doing on your smart phone?

Banning social media may even lead to a DECREASE in employee productivity. Yes, a DECREASE. Limited social network use has been linked to an overall increase in employees’ concentration and productivity. And companies like Dell have proven than embracing social networking can improve the bottom line.

Now, if your employer bans social networking for security reasons, that makes more sense.

Joan Goodchild of CSO Online lays out some excellent arguments against using Facebook specifically in her article “10 Security Reasons to Quit Facebook (And One Reason to Stay On).” And F-Secure’s Chief Research Officer Mikko Hyppönen refuses to open a Facebook account for security reasons, though he’s a fan of Twitter.

Despite the risks, I believe that shutting employees out from social networks disconnects them from what Ralph Waldo Emerson called “the current of events.” Employers can’t afford to keep employees who aren’t connected to rapidly evolving business climate around them. And employees— in an economy where anything that can be automated will be— shouldn’t neglect the opportunity to develop a unique online identity.

But if you’re going to engage in online communities during work hours, it’s your obligation to be safe and savvy about it. Here are a few specific steps you should take to protect yourself, your employer and your job:

1. Know your company’s social media policy and follow it.
Are you allowed to use social networks on company PCs? How often? Which sites? Should you comment as employee or about company matters? What company information are you allowed to share? Who should you consult if you have a question about any of these issues? All of these questions and more should be answered in your company’s social media policy. If you have never read your company’s policy, do it now. If your company doesn’t have a policy, suggest that they create one. Here are some examples. If the policy isn’t realistic, make a case for a policy that works.

2. Use different passwords for your work and your social media accounts.
Smart passwords matter. Annika has written about the importance of creating and remembering strong passwords.  A vulnerable password on your Facebook account can jeopardize your personal reputation and friends. Don’t magnify the risk by using the same password for your corporate network.

3. Always log off when you leave your desk.
It’s smart security to log off your computer when you leave your desk. This is even more important when you have your social networking accounts open. If you leave your desk with your browser open to Facebook, you’re begging for a goofy co-worker to post a ridiculous status update in your name. In fact, it’s good policy to log off any site when you’re not using it. You probably don’t want the reputation of being the guy or gal who is always on Facebook, even when you’re sleeping.

4. Avoid unnecessary risks.
Don’t click on or forward links you are unsure about—check any URL with F-Secure’s free Browsing Protection. If someone is asking you for financial help or to spread the word about some controversy, check it out when you get home. Most importantly, leave installing software to the experts. If you need to install a plug-in to see something linked off a Twitter page, you probably don’t need to see that page.

5. Think about what you share with whom.
You know that you should never post anything on the web that you wouldn’t want to see in a newspaper. Consider anything that you post —including items you limit to only “friends” or “friends of friends”— to potentially be in the public domain. This list of 11 things you should never do online provides some great guidelines about what not to share.

Things that you’re fine with being public now may seem embarrassing or even painful later. You may wish for all those pictures of you and your ex or the videos of you and your former coworkers at karaoke would just disappear. But they won’t. So consider who you add to which accounts. Maybe you just want to use Facebook exclusively for non-work friends. Maybe you only want professional connections on LinkedIn. Whatever you do, think before you accept an invitation to connect. And on a site like Twitter, where your tweets are probably open to everyone, think before you share anything.

How do you use social networks at work? Do you have any rules to add? We’d love to know. Take this quick survey and comment below.

More posts from this topic

8402394000_861ef1b969_z

Mikko Hypponen to Talk Privacy at the Mobile World Congress

This year’s Mobile World Congress (MWC) is coming up next week. The annual Barcelona-based tech expo features the latest news in mobile technologies. One of the biggest issues of the past year has enticed our own digital freedom fighter Mikko Hypponen to participate in the event. Hypponen, a well-known advocate of digital freedom, has been defending the Internet and its users from digital threats for almost 25 years. He’s appearing at this year’s MWC on Monday, March 2 for a conference session called “Ensuring User-Centred Privacy in a Connected World”. The panel will discuss and debate different ways to ensure privacy doesn’t become a thing of the past. While Hypponen sees today’s technologies as having immeasurable benefits for us all, he’s become an outspoken critic of what he sees as what’s “going wrong in the online world”. He’s spoken prominently about a range of these issues in the past year, and been interviewed on topics as diverse as new malware and cybersecurity threats, mass surveillance and digital privacy, and the potential abuses of emerging technologies (such as the Internet of Things). The session will feature Hypponen and five other panelists. But, since the event is open to public discussion on Twitter under the #MWC15PRIV hashtag, you can contribute to the conversation. Here’s three talking points to help you get started: Security in a mobile world A recent story broken by The Intercept describes how the American and British governments hacked Gemalto, the largest SIM card manufacturer in the world. In doing so, they obtained the encryption keys that secure mobile phone calls across the globe. You can read a recent blog post about it here if you’re interested in more information about how this event might shape the discussion. Keeping safe online It recently came to light that an adware program called “Superfish” contains a security flaw that allows hackers to impersonate shopping, banking, or other websites. These “man-in-the-middle” attacks can be quite serious and trick people into sharing personal data with criminals. The incident highlights the importance of making sure people can trust their devices. And the fact that Superfish comes pre-installed on notebooks from the world’s largest PC manufacturer makes it worth discussing sooner rather than later. Privacy and the Internet of Things Samsung recently warned people to be aware when discussing personal information in front of their Smart TVs. You can get the details from this blog post, but basically the Smart TVs voice activation technology can apparently listen to what people are saying and even share the information with third parties. As more devices become “smart”, will we have to become smarter about what we say and do around them? The session is scheduled to run from 16:00 – 17:30 (CET), so don’t miss this chance to join the fight for digital freedom at the MWC. [Image by Hubert Burda Media | Flickr]

Feb 27, 2015
BY 
DoS

What is a DoS attack really?

Ordinary people here in Finland have been confronted with yet another cybersecurity acronym lately, DoS. And this does not mean that retro-minded people are converting back to the pre-Windows operating system MS-DOS that we used in the eighties. Today DoS stands for Denial of Service. This case started on New Year’s Eve when customers of the OP-Pohjola bank experienced problems withdrawing cash from ATMs and accessing the on-line bank. The problems have now continued with varying severity for almost a week. What happens behind the scene is that someone is controlling a large number of computers. All these computers are instructed to bombard the target system with network traffic. This creates an overload situation that prevents ordinary customers from accessing the system. It’s like a massive cyber traffic jam. The involved computers are probably ordinary home computes infected with malware. Modern malware is versatile and can be used for varying purposes, like stealing your credit card number or participating in DoS-attacks like this. But what does this mean for me, the ordinary computer user? First, you are not at risk even if a system you use is the victim of a DoS-attack. The attack cannot harm your computer even if you try to access the system during the attack. Your data in the target system is usually safe too. The attack prevents people from accessing the system but the attackers don’t get access to data in the system. So inability to use the system is really the only harm for you. Well, that’s almost true. What if your computer is infected and participates in the attack? That would use your computer resources and slow down your Internet connection, not to speak about all the other dangers of having malware on your system. Keeping the device clean is a combination of common sense when surfing and opening attachments, and having a decent protection program installed. So you can participate in fighting DoS-attacks by caring for your own cyber security. But why? Who’s behind attacks like this and what’s the motive? Kids having fun and criminals extorting companies for money are probably the most common motives right now. Sometimes DoS-victims also accuse their competitors for the attack. But cases like this does always raise interesting questions about how vulnerable our cyber society is. There has been a lot of talk about cyber war. Cyber espionage is already reality, but cyber war is still sci-fi. This kind of DoS-attack does however give us a glimpse of what future cyber war might look like. We haven’t really seen any nations trying to knock out another county’s networks. But when it happens, it will probably look like this in greater scale. Computer-based services will be unavailable and even radio, TV, electricity and other critical services could be affected. So a short attack on a single bank is more like an annoyance for the customers. But a prolonged attack would already create sever problems, both for the target company and its customers. Not to talk about nation-wide attacks. Cyber war might be sci-fi today, but it is a future threat that need to be taken seriously.   Safe surfing, Micke   Image by Andreas Kaltenbrunner.  

Jan 5, 2015
BY 
New MERCEDES

In what color would you like your new Mercedes?

A new Mercedes. Nice. Or maybe an Audi R8? That would be cool. But hold it! Don’t sell your old car yet! Liking and sharing that giveaway campaign on Facebook will NOT give you a new car. Those prizes doesn’t even exist. They are just hoaxes. Internet and Facebook is full of crap, junk, rubbish, nonsense and gibberish. Nobody knows how many chain letters there are spreading some kind of unbelievable story. False celebrity news, bogus first-aid advice, phony charity campaigns and this kind of giveaways. We tend to think about these chain letters as hoaxes, pretty harmless jokes that doesn’t hurt us. But that’s not the full story. A hoax can be harmful, like the outright dangerous first aid advice that some people keep spreading. But a car giveaway is probably a harmless and safe prank, even if it’s false? No, not really. These chain letters are actually not traditional hoaxes, they are like-farming scams. There’s no free lunch, you don’t pay for Facebook with money but with your private data. The like-farming scams work in the same currency. You will not lose any money even if you like the page and share it. Instead you will participate in building a page with a lot of supporters, which is valuable and can be sold later. Needless to say, you will not get any of that money. Here’s how it works. Any business has a problem when starting on Facebook. An empty page without likes isn’t trustworthy. So the scammers set up a page containing anything that can go viral. A promise to get a luxury car works well. They just have to tell everyone to like the page and to share it as much as possible, to keep the chain reaction going and get even more likes. The scammers wait until there’s enough likes before they clean out the content, rename it and start looking for a buyer. The price is in “$ per k”, meaning dollars per 1000 likes. A page with 100 000 likes could sell for over $1000. So sharing the page can make quite a lot of money for the scammers if you have a lot of gullible friends, who in turn have a lot of gullible friends, and so on … The downside for you is that the likes stick even if the page is redesigned for some totally different purpose. Your face will be an evangelist for the page’s new owners and show up next to their brand. And you have no idea about what you will be promoting. I have friends who are anti-fur activists. You can probably imagine what one of them would feel when discovering that she likes a fur-coat designer! And finally some concrete advice. Review your list of old likes regularly. Remove everything except those things you truly like and want to support. When you encounter a giveaway post like this, check the involved brand’s main page in Facebook by searching for the brand name. You will in most cases notice that the giveaway is a totally different page that just is named similarly. That’s a strong scam indicator. Use common sense. From the above you get an idea about what likes in Facebook are worth. Does it make sense to give away luxury cars for this? Don’t participate in scams like this. It might feel tempting, but remember that your chance to win is exactly zero. Spread knowledge every time you see a scam of this kind. Comment with a link to this post or the appropriate description on Hoax-Slayer or Snopes.   Those sites are by the way fun and educating reading. I recommend spending some time there getting familiar with other types of hoaxes too. Read at least these two articles: Facebook car giveaway on Snopes and Facebook like-farming scams on Hoax-Slayer .   Safe surfing, Micke  

Dec 16, 2014
BY