Look Busy! 5 Rules for Social Networking at Work

Your boss is worried. And her boss is worried, and so is her boss’ boss and so on… They’re all worried about Facebook and what you’re doing there.

More than 50% the largest corporations in America are so worried that they do not allow their employees to visit any social networking sites at work. No Facebook. No Twitter. Not even any LinkedIn! That could get pretty depressing.

Some of their worry is justifiedeven military officials have been caught posting classified information online. But a complete social networking ban is probably unenforceable, as the US Army has discovered. And in a new survey, we’re finding that over 50% of employees are still using Facebook at work.

Even if employers forbid social networking on company PCs, are they going to monitor what you’re doing on your smart phone?

Banning social media may even lead to a DECREASE in employee productivity. Yes, a DECREASE. Limited social network use has been linked to an overall increase in employees’ concentration and productivity. And companies like Dell have proven than embracing social networking can improve the bottom line.

Now, if your employer bans social networking for security reasons, that makes more sense.

Joan Goodchild of CSO Online lays out some excellent arguments against using Facebook specifically in her article “10 Security Reasons to Quit Facebook (And One Reason to Stay On).” And F-Secure’s Chief Research Officer Mikko Hyppönen refuses to open a Facebook account for security reasons, though he’s a fan of Twitter.

Despite the risks, I believe that shutting employees out from social networks disconnects them from what Ralph Waldo Emerson called “the current of events.” Employers can’t afford to keep employees who aren’t connected to rapidly evolving business climate around them. And employees— in an economy where anything that can be automated will be— shouldn’t neglect the opportunity to develop a unique online identity.

But if you’re going to engage in online communities during work hours, it’s your obligation to be safe and savvy about it. Here are a few specific steps you should take to protect yourself, your employer and your job:

1. Know your company’s social media policy and follow it.
Are you allowed to use social networks on company PCs? How often? Which sites? Should you comment as employee or about company matters? What company information are you allowed to share? Who should you consult if you have a question about any of these issues? All of these questions and more should be answered in your company’s social media policy. If you have never read your company’s policy, do it now. If your company doesn’t have a policy, suggest that they create one. Here are some examples. If the policy isn’t realistic, make a case for a policy that works.

2. Use different passwords for your work and your social media accounts.
Smart passwords matter. Annika has written about the importance of creating and remembering strong passwords.  A vulnerable password on your Facebook account can jeopardize your personal reputation and friends. Don’t magnify the risk by using the same password for your corporate network.

3. Always log off when you leave your desk.
It’s smart security to log off your computer when you leave your desk. This is even more important when you have your social networking accounts open. If you leave your desk with your browser open to Facebook, you’re begging for a goofy co-worker to post a ridiculous status update in your name. In fact, it’s good policy to log off any site when you’re not using it. You probably don’t want the reputation of being the guy or gal who is always on Facebook, even when you’re sleeping.

4. Avoid unnecessary risks.
Don’t click on or forward links you are unsure about—check any URL with F-Secure’s free Browsing Protection. If someone is asking you for financial help or to spread the word about some controversy, check it out when you get home. Most importantly, leave installing software to the experts. If you need to install a plug-in to see something linked off a Twitter page, you probably don’t need to see that page.

5. Think about what you share with whom.
You know that you should never post anything on the web that you wouldn’t want to see in a newspaper. Consider anything that you post —including items you limit to only “friends” or “friends of friends”— to potentially be in the public domain. This list of 11 things you should never do online provides some great guidelines about what not to share.

Things that you’re fine with being public now may seem embarrassing or even painful later. You may wish for all those pictures of you and your ex or the videos of you and your former coworkers at karaoke would just disappear. But they won’t. So consider who you add to which accounts. Maybe you just want to use Facebook exclusively for non-work friends. Maybe you only want professional connections on LinkedIn. Whatever you do, think before you accept an invitation to connect. And on a site like Twitter, where your tweets are probably open to everyone, think before you share anything.

How do you use social networks at work? Do you have any rules to add? We’d love to know. Take this quick survey and comment below.

More posts from this topic

5825408292_11759e3304_o

Only 10% protected – Interesting study on travelers’ security habits

Kaisu who is working for us is also studying tourism. Her paper on knowledge of and behavior related to information security amongst young travelers was released in May, and is very interesting reading. The world is getting smaller. We travel more and more, and now we can stay online even when travelling. Using IT-services in unknown environments does however introduce new security risks. Kaisu wanted to find out how aware young travelers are of those risks, and what they do to mitigate them. The study contains many interesting facts. Practically all, 95,7%, are carrying a smartphone when travelling. One third is carrying a laptop and one in four a tablet. The most commonly used apps and services are taking pictures, using social networks, communication apps and e-mail, which all are used by about 90% of the travelers. Surfing the web follows close behind at 72%. But I’m not going to repeat it all here. The full story is in the paper. What I find most interesting is however what the report doesn’t state. Everybody is carrying a smartphone and snapping pictures, using social media, surfing the web and communicating. Doesn’t sound too exotic, right? That’s what we do in our everyday life too, not just when travelling. The study does unfortunately not examine the participants’ behavior at home. But I dare to assume that it is quite similar. And I find that to be one of the most valuable findings. Traveling is no longer preventing us from using IT pretty much as we do in our everyday life. I remember when I was a kid long, long ago. This was even before invention of the cellphone. There used to be announcements on the radio in the summer: “Mr. and Mrs. Müller from Germany traveling by car in Lapland. Please contact your son Hans urgently.” Sounds really weird for us who have Messenger, WhatsApp, Facebook, Twitter, Snapchat and Skype installed on our smartphones. There was a time when travelling meant taking a break in your social life. Not anymore. Our social life is today to an increasing extent handled through electronic services. And those services goes with us when travelling, as Kaisu’s study shows. So you have access to the same messaging channels no matter where you are on this small planet. But they all require a data connection, and this is often the main challenge. There are basically two ways to get the data flowing when abroad. You can use data roaming through the cellphone’s ordinary data connection. But that is often too expensive to be feasible, so WiFi offers a good and cheap alternative. Hunting for free WiFi has probably taken the top place on the list of travelers’ concerns, leaving pickpockets and getting burnt in the sun behind. Another conclusion from Kaisu’s study is that travelers have overcome this obstacle, either with data roaming or WiFi. The high usage rates for common services is a clear indication of that. But how do they protect themselves when connecting to exotic networks? About 10% are using a VPN and about 20% say they avoid public WiFi. That leaves us with over 70% who are doing something else, or doing nothing. Some of them are using data roaming, but I’m afraid most of them just use whatever WiFi is available, either ignoring the risks or being totally unaware. That’s not too smart. Connecting to a malicious WiFi network can expose you to eavesdropping, malware attacks, phishing and a handful other nasty tricks. It’s amazing that only 10% of the respondents have found the simple and obvious solution, a VPN. It stands for Virtual Private Network and creates a protected “tunnel” for your data through the potentially harmful free networks. Sounds too nerdy? No, it’s really easy. Just check out Freedome. It’s the super-simple way to be among the smart 10%.   Safe surfing, Micke   PS. I recently let go of my old beloved Nokia Lumia. Why? Mainly because I couldn’t use Freedome on it, and I really want the freedom it gives me while abroad.   Image by Moyan Brenn  

August 24, 2015
BY 
suicide

Forget the personality tests – Ask Facebook instead (Poll)

It’s amazing how advertising can power huge companies. Google has over 57 000 employees and some 66 billion US dollars in revenue. And Facebook with 12 billion and 10 000 employees. These two giants are the best know providers of ad-financed services on the net. And modern advertising is targeted, which means that they must know what the users want to see. Which means that they must know you. Let’s take a closer look at Facebook. We have already written about their advertising preferences and I have been following my data for some time. Part of the data used to target ads is input by yourself, age, gender, hometown, movies you seen etc. But Facebook also analyzes what you do, both in Facebook and on other sites, to find out what you like. It’s obvious how the tracking works inside Facebook itself. Their servers just simply record what links you click. Tracking in the rest of the net is more sinister, it’s described in this earlier post. Your activity record is analyzed and you are assigned to classes of interest, called “Your Ad Preferences” by Facebook. Advertisers can then select classes they want to target, and the ad may be shown to you based on these classes. You can view and manage the list using a page that is fairly well hidden deep in Facebook’s menus. Let’s check your preferences in moment, but first some thoughts about this. Advertising may be annoying, but it is the engine that drives so many “free” services nowadays. So I’m not going to blame Facebook for being ad-financed. I’m not going to blame them for doing targeted ads either. That can in theory be a good thing, you see more relevant ads that potentially can be of value to you. But any targeted ad scheme must be based on data collection, and this is the tricky part. Can we trust Facebook et al. to handle these quite extensive personal profiles and not misuse them for other purposes? It’s also nice that Facebook is somewhat open about this and let you view “Your Ad Preferences” (Note. Not available in all countries.). But that name is really misleading. The name should be “Facebook’s Ad Preferences for You”. Yes, you can view and delete classes, but that gives you a false sense of control. Facebook keeps analyzing what you do and deleted classes will reappear shortly. I made a full clean-up a couple of months ago, but now I have no less than 210 classes of interest again! This is really amazing if you take into account that I block tracking outside of Facebook, so those activities are not contributing. And I have a principle of not clicking ads in any on-line media, including Facebook. And liking commercial pages in a very restrictive manner. But the thing is that Facebook has realized that people dislike ads. “Suggested posts” or “Sponsored posts” are in fact masqueraded ads and any interaction with them will record your interest in the classes they represent. I have to admit that I do click this kind of content regularly. And where did that suicide thing come from? No, I’m fine. I’m not going to jump off a bridge and I’m not worried about any of my dearests’ mental health. I have not interacted with any kind of Facebook content related to suicide. Except that I can’t know that for sure. Facebook tries to give an open and honest image of itself when presenting its Ad Preferences settings and the possibilities to manage them. But this rosy picture is not the full truth. The inner workings of Facebook advertising is in reality a very complex secret system. When you interact with something on Facebook, you have no way of knowing how it affects your profile. Something I have clicked was apparently associated with suicides even if I had no clue about it. Ok, time to take the Facebook personality test. Let’s see what kind of person they think you are. Follow these instructions: Go to Facebook and locate an ad, a “sponsored post” or a “suggested post”. These items should have a cross or a down-arrow in the upper right corner. Click it. Select “Why am I seeing this?” from the pop-up menu. This screen contains some interesting info but proceed to “Manage your ad preferences”. Review the list and come back here to tell us what you think of it. Delete the inappropriate classes. Deleting all may reduce the number of ads you see.   So let’s see what people think about this test’s accuracy:   [polldaddy poll=9023953]   So using Facebook’s Ad Preferences as a personality test may be entertaining, but not very accurate after all. You should probably look elsewhere for a real test. The catch is that you can select what test to take, but not how others collect data about you. Someone else may rely on this test when evaluating you. You have actually granted Facebook the right to share this data with basically anyone. Remember this clause in the agreement that you read and approved before signing up? “We transfer information to vendors, service providers, and other partners who globally support our business, such as providing technical infrastructure services, analyzing how our Services are used, measuring the effectiveness of ads and services, providing customer service, facilitating payments, or conducting academic research and surveys.” You did read it before signing, didn’t you?   Safe surfing, Micke   Image: Screenshot from facebook.com  

August 13, 2015
BY 
AshleyMadison

Is it OK to cheat on the AshleyMadison cheaters? (Poll)

The user register of AshleyMadison has been hacked. You don’t know what that is? Well, that’s perfectly fine. It’s a dating site for people who want to cheat on their spouses. Many dislike this site for moral reasons, but there is apparently a demand for it. The Canadian site has some 37 million users globally! Some user data has already been leaked out and the hackers, calling themselves Impact Team, have announced that they will leak the rest unless the site shuts down. So this hack could contribute to many, many divorces and a lot of personal problems! "We will release all customer records, profiles with all the customers' sexual fantasies, nude pictures and conversations and matching credit card transactions, real names and addresses." The Impact Team This is one hack in a long row, not the first and certainly not the last site hack where user data is leaked. But it is still remarkable because of the site’s sensitive nature. Think about it. What kind of information do you store in web portals and what bad could happen if that data leaks out? If you are cheating on your spouse, then that is probably one the most precious secrets you have. Disclosure of it could have devastating effects on your marriage, and maybe on your whole life. Millions of users have put their faith in AshleyMadison’s hands and trusted them with this precious secret. AshleyMadison didn’t misuse the data deliberately, but they failed to protect it properly. So it’s not that far-fetched to say that they cheated on the cheaters. What makes the AshleyMadison hack even worse is the site’s commercial nature. Users typically pay with a credit card issued in their own name. They can appear anonymously to their peers, but their true identities are known to the site owner, and stored in the database. So any leaked information can be linked reliably to real people. The sad thing is that the possibility of a leak probably never even crossed the mind of these 37 million users. And this is really the moral of the story. Always think twice before storing sensitive information in a data system. You must trust the operator of the system to not misuse your data, but also to have the skills, motivation and resources to protect it properly. And you have very poor abilities to really verify how trustworthy a site is. This is not easy! Refraining from using a site is naturally the ultimate protection. But we can’t stop using the net altogether. We must take some risks, but let’s at least think about it and reflect over what a compromised site could mean. This hack is really interesting in another way too. AshleyMadison is a highly controversial site as cheating is in conflict with our society’s traditional moral norms. The hack is no doubt a criminal act, but some people still applaud it. They think the cheaters just got what they deserved. What do you think? Is it right when someone takes the law in his own hands to fight immorality? Or should the law be strictly obeyed even in cases like this? Can this illegal hacking be justified with moral and ethical arguments? [polldaddy poll=8989656]       Micke   Image: Screenshot from www.ashleymadison.com  

July 21, 2015
BY