A new report shows that 6.8% of all Internet visits in businesses are going to Facebook. Still, TechRepublic’s CIO Jury says IT shouldn’t block social media.
This verdict probably surprises most of you — it certainly surprised me — since IT tends to have a reputation for preferring the command-and-control environment of the 1990s, before consumer technologies and Web 2.0 invaded the workplace.
However, there are definitely some nuances to our CIO panel rejecting the idea of filtering social media sites. There’s still a pretty big group of IT leaders who prefer to completely filter all of these sites. And, even among the ones who don’t want to totally filter it, many of them believe in some selective filtering.
The proponents of filtering believe that there’s little to no business value to any of the social media sites, and therefore blocking them is a no-brainer.
“They are predominantly used for non-business activities,” said Matthew Metcalfe, Director of IS for Northwest Exterminating.
“We block all social networking sites. There is no company or work related value in these sites whatsoever,” said Dave Schartel, Director of IT for Home Health Care Management.
“It amounts to misuse of the public’s resources. We’re a public corporation,” said Tim Stiles, CIO of Bremerton Housing Authority.
James Riner, CIO of R & R Images, said, “The risks, both security and perceptual, are far too great to allow unfettered access [to social networking sites] to all employees. Only those whose job focus is social marketing should be accessing such sites during business hours or from business-owned resources.”
So here’s where it starts to get interesting. Even some of those who believe in blocking think there should be some exceptions, and even some of those who think blocking everything is not the answer believe that some blocking is necessary.
“IT should, by default, block social networking sites,” said Jeff Canon, CIO of Fire and Life Safety America. “IT should create a framework to manage access and work with business line managers in determining the risk and business need. For example, it may make sense for the sales team to access Linkedin. It could also make sense for the marketing and promotions department to access Facebook or Twitter. It probably does not make sense for an accounts payable clerk to have access to Facebook. Another recent survey found that some employees in their sample used social networking sites as much as two hours a day at work. Within that same sample, 87% of those using Facebook said they had no clear business reason for accessing the network.”
John Gracyalny, Director of IT for SafeAmerica Credit Union, said, “It should be done on a user-by-user basis. At our shop we have deployed a black box to control Internet use. Staff are limited to a specific ‘white list’ of sites that pertain to their job function, as defined by their department head, and all other sites are blocked. Mid-managers generally have more latitude, and execs have no restrictions other than global HR-type filters, (e.g. we block porn sites to the entire organization). Two staff members have no restrictions based on their job function, but their usages reports must be reviewed and approved both by their department head and myself on a monthly basis.”
However, Lance Taylor-Warren, CIO of H.A.W.C. Community Health Centers, brought up one of the challenges IT faces once it starts doing selective filtering. He said, “Yes, social networking sites should be blocked for personal use, but if a company is using it for business use it makes it very hard to keep them separate. This will continue to be a problem that IT staff will face for the forseeable future.”
Michael Spears, CIO of the NCCI, argued against this type of blocking as a general policy. He said, “Absent applications that raise security concerns, you need to manage productivity by managing - not through security. Let’s not treat this like the advent of the phone or the internet. ”
Another naysayer of blocking, Jerry Justice, IT Director of SS&G Financial Services, said, “No. We must monitor and adapt security models to a Web 2.0 world.”
Scott Lowe, CIO of Westminster College, added, “No to blocking, but there should be a ‘reasonable use’ policy in place.”
Chris Zalegowski, Director of IT for DEKA Research & Development, suggested a more specific approach: “I think you should find out first what the percentage is in your company (and equate that to dollars and/or lost time). Looking at an estimated national average is not a call to action to block the site but it should be reviewed internally. If you find out the average employee is spending an overabundance amount of time on social networking sites (and/or there is proven productivity loss), then yes blocking the site should be a consideration. If your company uses these sites as a marketing tool or customer interaction tool, then blocking it becomes harder to warrant.”
TechRepublic’s CIO Jury on this topic was:
Laurie Dale, Director of IT for Ability Beyond Disabilty
Randy Krzyston, Director of IT for Thomas Jefferson School of Law
Michael Spears, CIO of National Council on Compensation Insurance (NCCI)
James Riner, CIO of R & R Images
David Van Geest, Director of IT for The Orsini Group
Michael Hanken, VP of IT for Multiquip Inc.
Lisa Moorehead, Director of IT for MA Dept of Public Utilities
Mitchell Herbert, IT Director for McCormick Barstow
Scott Lowe, CIO of Westminster College
Joshua Grossetti, Head of IT for Triumvirate Environmental
Edward Beck, VP of IT for Line 6, Inc.
Joel Robertson, CIO of King College