Business Social Networking

A good friend in Washington recently posted this on Facebook:

“I follow on Instagram almost all of my 6th grade youth group girls and I am continually amazed at how many of them have public profiles and post screen shots of their personal information. I wonder how many parents actually know what pictures they’re posting and if they really care…”

This is troubling on a couple of levels. First, many social media users tend to overshare their personal information and so are more susceptible to online fraud like email phishing. They’re opening themselves to a potentially higher likelihood of home burglary when they post near real-time photos of themselves on vacation or otherwise away from home. Young people, in particular, might be opening themselves to the worst kind of child abuse—a British newspaper did a search on Twitter and within two minutes found 20 users who expressed interest in “under-age images and child abuse”; within two hours they found 200.

Young people are typically the worst offenders because they care less about the privacy of their personal information. Lest you think I’m just some old guy making sweeping generalizations about young people, a new survey from the USC Annenberg Center for the Digital Future and Bovitz, Inc. found that while 77% of those 35 years of age or older agreed with the statement, “No one should ever be allowed to have access to my personal data or Web behavior,” only 70% of younger people agreed. I anticipate that as people grow up in an age of continual connectedness via social media, the proportion that care about personal privacy will continue to shrink.

However, employers need to be concerned about this, as well, since these are the people that will be your employees in the years to come. We hear on a regular basis how businesses must adapt their communication practices to young people entering the workforce—they need to make social media easily accessible, permit the use of personally owned smartphones and tablets, and generally migrate away from an email-centric mode of communication and collaboration. While that’s true, business decision makers also need to be concerned about the very real potential for oversharing employees to overshare corporate content. While much of this might be accidental, an employee with a predispostion toward oversharing personally is likely to do so with corporate information, as well.

It’s important to note that by oversharing, I’m not talking about sending things like trade secrets, confidential financial reports, or other really sensitive information through social media or other channels. While that can and does happen, quite often the oversharing can be more subtle. For example, an employee of a consumer products company who continually posts about business travel to Minneapolis or Atlanta or Issaquah might be giving clues about an upcoming retail deal with Target or Home Depot or Costco—information that could be valuable to competitors, but that was shared with no intention of revealing confidential information.

What should businesses do? First and foremost, establish policies focused on how devices and applications should be used—lots of organizations don’t have these policies, and they should. Second, implement a data leak prevention solution that will monitor all of the channels over which employees communicate, including email, social media, instant messaging, etc. The goal of the DLP solution should be to monitor communications and take appropriate action, which might include encrypting some content, blocking some messages, reminding senders about corporate policies before the send actually occurs, or routing some messages to a supervisor or compliance officer for further review.

Entering a new age of communication and collaboration with employees who might be less concerned about privacy means that decision makers need to be proactive in order to mitigate risk to the extent they can.