Security Over ROI: No One Gets Fired For Banning Instant Messaging
from the why-not-ban-the-phone dept
Network World has a great opinion piece about the fact that no one gets fired for banning instant messaging at work, noting how security policies often over-protect at the risk of harming potential efficiencies. This has been true for years. When telephones first became common, some companies banned anyone from having a telephone on their desk. In later years, it was true of desktop computers, internet connections, certain applications and specific websites. Lately, there's been an effort to ban social networks. In each case, the reasoning is pretty clear. Security professionals want to lock things down, and the easiest way to do that is to simply ban stuff. It's not their job to see if the applications are actually useful or could provide real ROI to a company. So the real question is how can companies avoid being overly aggressive in banning applications or websites, while still avoiding opening themselves up to too much risk?
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
I did.
The company was experiencing bandwidth exhaustion during business hours, and we determined a huge chunk of the traffic was social networking sites. With no budget to upgrade the Internet link to fractional Gigabit, and with the approval of management, we took steps to de-prioritize this traffic, freeing up bandwidth for "business" applications.
With the employee backlash against the sudden slowdown in their social networking access, a scapegoat had to be found!
[ link to this | view in chronology ]
ban the social networking!
Can't believe the company would Downsize for lookig after the greater good. Idiots won again.
[ link to this | view in chronology ]
Re: ban the social networking!
People used to say the same thing about the telephone.
These days, communication is quite important. Blocking the way people communicate is simply bad business -- and many people communicate via social networking sites.
Yes, our companies does work via the internet, but we recently signed a deal because I saw someone mention something in their facebook status. Why block out that opportunity?
Not even related to security is simply production.
So, measure productivity. If someone is not being productive, then deal with that. Don't ban completely.
That's right I gladly block them completely not just lower the priority. I even have the routers display a message that the site has been blocked and logged by the IT department.
I'm glad I don't work for your company, and I think in 10 years or so you'll regret bragging about blocking useful tools from your employees, just as companies used to ban email.
[ link to this | view in chronology ]
Even non-profits affected
Teachers have had the most frustrating time networking with teachers in other schools. Even the state association of teachers has had difficulty. Couple this with blocking ning.com (NCTE is using for the this year's conference - ncte2008.ning.com), video sites (consultant has no access to her own videos while working here), and outside email (said consultant cannot check their email while here) and you get the result of a lot of wasted time.
In fairness, the current staff inherited a badly managed network. AD is not setup correctly, so we have only one policy for students *and* staff. When that is fixed soon, it will be better. In the meantime, though, it's frustrating work around here...
[ link to this | view in chronology ]
Silly.
[ link to this | view in chronology ]
Re: Silly.
[ link to this | view in chronology ]
Our company requires IM, and is promoting social networking
[ link to this | view in chronology ]
What users are worried about
[ link to this | view in chronology ]
Wow... That's crazy...
[ link to this | view in chronology ]
IM: yes. Social sites: no
Social sites, e.g. Facebook, Myspace, etc., have limited value at work, unless a MySpace or other page is part of your company's web presence. But hanging out on their to share photos and crap w/ your friends shouldn't be done at work.
However, I realize that some people are more productive by taking a little stress-reducing time at work. You simply can't expect people to be productive all the time; if they aren't surfing the web they will chat w/ coworkers, talk on the phone, or simply doodle on paper while staring at the wall.
A better solution is to simply monitor productivity and Internet usage. If the work productivity drops and 'net usage is up, then you can take action. But if the work quality isn't suffering, then obviously having unfettered Internet access isn't a problem.
If bandwidth is an issue, just modify the QoS protocols and throttle the culprits.
[ link to this | view in chronology ]
Can see both sides
Now my peer uses the internet to watch TV programming and movies daily. Yes, I said daily.
Being an internet company, many web sites are used for marketing and strategic analysis...so it would be tough to selectively block sites.
It all comes down to professionalism!
[ link to this | view in chronology ]
same story, different tune
[ link to this | view in chronology ]
Employee: Why, is that a Banana on your desk?
BOFH: DONT TOUCH IT! IT MAY BE A BOMB!
[ link to this | view in chronology ]
But unless you're promoting a product or service on say Facebook there is no need to have access to it at work.
[ link to this | view in chronology ]
unbillable
Yet another written policy for the books.
[ link to this | view in chronology ]
Reasons why companies want to block social/community sites
Many companies have a "corporate outside of work social time
co-ordinator". Very often the employees who's social life is tied to the company social life, advance the corporate ladder faster, because their life is then tied to the company.
Consequently Social Networks remind employees that there is life "away from the people at the office."
[ link to this | view in chronology ]
Just make the tools worthless and people won't bother to use them
ITS globally disabled the ability to save or print conversations from the IM application itself... So give your employees a communication tool, then once they start using it, neuter its functionality so it's rather worthless for documentation. Someone IM's asking a user to take care of a specific issue, and they include all the relevant details in the IM, the receiving party either has to process the request while looking at the IM window, or they have to manually copy and paste the conversation into Word or another text editor to print out a copy to attach with the resolved issue.
I'm guessing that someone higher up said something they shouldn't have over IM and someone printed it out and distributed it, thus embarrassing the individual, who then pushed our IT department to limit the functionality of the tool, since it was obviously a problem with the communication tool and not the sender, right?
Gotta luv gubbernment workers.... (Government Worker, isnt' that an Oxymoron?)
[ link to this | view in chronology ]