Social media ban: should companies join the Marines?
- — 07 August, 2009 00:13
It's always hard to argue with the U.S. Marines. Social networks do pose a security risk, but should business let the Marines lead the way? Does banning Twitter, Facebook, MySpace, et al, make sense outside the military?
Reading the Marine Corps' order, valid for one year and issued by its CIO, General G. J. Allen, I am struck that they may have it backwards. Rather than banning at-work usage, maybe they'd be better off banning social networking from members' homes?
"These Internet sites in general are a proven haven for malicious actors and content and are particularly high risk due to information exposure, user-generated content and targeting by adversaries," the memo said.
"The very nature of social-networking sites creates a larger attack and exploitation window, exposes unnecessary information to adversaries and provides an easy conduit for information leakage," that puts the Corps and its networks in danger.
The order, however, does not prohibit Marines or their dependents from accessing social networks from their personal computers, which seems to negate much of its effectiveness.
It might actually have been better to limit usage on personally owned computers, which the Corps probably can't monitor, instead allowing monitored social network access from its own network.
Theoretically, the Marines could watch keystrokes, look for forbidden content and filter for malicious code on its own network, but cannot do the same for a Marine sitting at home.
If unauthorized releases of information are a big issue, they may be easier to prevent on the Marine's corporate network than when users are networking from someplace else.
I am not sure whether the Marines have the right to control, or monitor, service members' off-duty computer usage, but if information security is a concern it might be a good idea.
Your company probably doesn't have the option of monitoring what employees do at home, but the Marines remind us that social networks do present a security risk.
Private businesses may be less concerned about information leaks and more about malicious code. Still, banning at-work use of social networks might make good sense.
An equally valid reason might be the amount of time users spend on their Facebook and MySpace pages or Twittering. Sure, there are business uses for social networks, but how many employees actually use them in a manner that's effective for their employers? Versus the number who use social networks from work to complain about work?
Facing an at-work social networking ban, I can imagine employees complaining, "It's not like this is the military!" But, it's hard to say the Marines don't have a point. For a business concerned with productivity and security, it just might make good sense to "Join the Marines."