HR’s Role in Helping Your Organization Safely “Friend” Web 2.0 at Work

Websense vice president of Human Resources, Susan Brown, discusses HR professionals' role in helping their companies adopt safe and productive Web 2.0 usage policies.

By now you’ve probably heard a lot of talk about Web 2.0 and social networking sites in the workplace. You may even be using LinkedIn and perhaps Facebook for recruiting. Everybody from Oprah to Time magazine is talking about the growth of Twitter and Facebook – but there is much more to Web 2.0 than just social networking, and many areas within your organization may be pushing for more access to Web 2.0 sites and applications on the Internet. Businesses taking advantage of the latest Web 2.0 tools are seeing tangible benefits – from increased revenue to improved collaboration and streamlined processes. As more and more businesses are embracing employee use of Web 2.0 and social networking sites, we, as HR professionals must ask ourselves what role we should play in helping enable safe Web 2.0 access in the workplace. 

What is Web 2.0 and why should you care?

Web 2.0 is a term used to describe Web sites that allow user-generated content. In the past, Web sites were typically owned by a business or individual who created and took responsibility for all the content on that site. Today, the most popular sites on the Web – and the sites that many of us visit regularly for work -- rely heavily on dynamic content posted by site visitors, and they often link to content from a variety of other sites and sources. Unfortunately, the most popular sites on the Web are also popular with cybercriminals, who use them to distribute spam, spyware, viruses and other types of malicious code to a large number of people. According to research from Websense Security Labs, 70 percent of the top 100 most popular sites on the Internet have hosted malicious code or redirected unsuspecting visitors to other infected sites. 

Examples of Web 2.0 include:

• Social networking sites, such as Facebook and LinkedIn
• Blogs
• Microblogs, such as Twitter
• Mashups, such as iGoogle
• Wikis, such as Wikipedia
• Social bookmarking tools, such as Delicious
• Video and photo uploading sites, such as YouTube and Flickr
• Cloud computing sites, such as Google Docs
• Webmail services, such as gmail, Hotmail and Yahoo

What’s Driving the Demand for Web 2.0 in the Workplace?

With increasing numbers of the “millennial” generation now in the workforce, employees not only expect access to Web 2.0, but for many it is their preferred method of communication. And it’s not just the youngest generation of workers using the social Web: Facebook reported a 276 percent growth of users in the 35 – 54 year old age segment during the second half of 2008 alone. A recent Websense survey of 1300 organizations around the world showed that 86 percent of IT managers report feeling pressure to allow more employee access to Web 2.0 sites. The pressure often comes from departments like sales and marketing, that want to use social networking sites to communicate with customers and stakeholders. But, perhaps surprisingly, 30 percent of IT managers said they receive pressure from C-level and director level executive staff. Clearly, Web 2.0 has moved to the “mainstream” and has worked its way into all levels and areas of the business.

Are There Real Benefits to Web 2.0 at Work?

The excitement around Web 2.0 is not all hype. Web 2.0 allows companies to improve collaboration and information exchange, streamline communication and processes, gather detailed customer and market research, interact with key stakeholders, and drive revenue. There are many interesting examples of organizations that have used Web 2.0 in very compelling ways:

• Recruitment – Social networking sites such as LinkedIn and Facebook have become standard tools used by recruiting professionals for identifying and contacting potential candidates.
• Revenue generation - Dell reports that Twitter has produced $2 million in revenue through product sale alerts.
• Market research - Kimberly-Clark Corporation created an online community for users of its Scott personal care products. The company analyzes data and customer profile information to identify its most loyal customers and market its products to specific segments (1). 
• Fundraising – The nonprofit Case Foundation launched two highly publicized initiatives aimed at increasing charitable giving through the use of Web-based social networking sites such as Facebook. The initiatives raised more than $1.7 million from over 80,000 donors (2).

The potential benefits of Web 2.0 for businesses make it impossible to ignore. In the past, to keep employees safe from inappropriate content and to protect organizations from compliance risks and the malware that permeates the Web, HR professionals often recommended blocking access to social networking and blogging sites. However, today businesses are realizing that not allowing access to Web 2.0 sites works against the company’s own interests.

Risks Associated with Web 2.0 in the Workplace

Yet, with potential benefits come potential risks. While many organizations have put Web 2.0 to good use, concerns still exist around employees viewing inappropriate content while at work, accidentally exposing the organization’s computer network to viruses and other malware, or posting intellectual property or other valuable corporate data on blogs and Web 2.0 sites.

Because Web 2.0 sites allow anyone to post content, they are easy channels for cyber criminals to use to spread inappropriate content, spyware, viruses and other forms of malware that can infect a company’s computer networks. Cyber criminals rely on the popularity of Web 2.0 sites to reach a large number of victims with their attacks. They also take advantage of peoples’ trusting nature and inclination to click on links shared by online “friends” by posting malicious links in blog comments and on forums and online communities.

In addition to the security risks from outside attacks, Web 2.0 brings increased risk for security breaches from the inside. Disgruntled employees can, with the click of a mouse, post confidential corporate information or intellectual property to a blog or other Web 2.0 site. Even good employees with no malicious intent may accidentally cause a data security breach by collaborating on confidential corporate data on an unsecure third-party site like Google Docs or by emailing records to their personal Web-based email address so they can work at home. One must only take a quick scan of the news headlines to see several examples of data breaches which have exposed private employee records, including health records, salary data and social security numbers.

How to take advantage of Web 2.0 safely

Organizations around the world today are struggling to find the right balance between allowing employee access to Web 2.0 and managing the attendant risks. As an HR professional, you can help guide your organization through this challenge.

HR, Legal and IT should meet with other areas of the business to understand their reasons for wanting Web 2.0 access and determine the legitimate business use cases. Talk to marketing, sales and other departments to learn the specific ways they want to use social networking sites, blogs and other Web 2.0 applications in their jobs.

It’s also important to talk with your IT department about their network security concerns and work with them to develop employee Internet usage policies (especially in regards to using social media sites) and a plan for educating employees on the policies. Also ask IT about the types of technology solutions available to help ensure compliance with relevant regulations and protect important company information in addition to the corporate network.

When it comes to technology, many organizations rely on traditional security solutions like firewalls and antivirus products, but these alone cannot protect from the ever-changing Web 2.0 threats. Information security in a Web 2.0 world requires data loss prevention technology to keep confidential company information from leaking outside the organization (whether intentional or accidental). The data loss prevention technology needs to be combined with a Web security gateway that analyzes the content on a Web page in real-time, as employees visit Web 2.0 sites, and blocks only the inappropriate content and security risks. In other words, employees can still visit a social networking site, but the security technology blocks just the portion of the page that is inappropriate for the workplace – like a gambling application or a link to spyware.

The next step is to set the right Internet usage policies for your organization and educate your employees. The technology solution that your company chooses should allow for granular, flexible policies so that based upon an employee’s role, the company can control how much access that person has to Web 2.0 sites, how much time they can spend on those sites, what level of access they have to sensitive corporate information and even what they can do with that information. For example, an employee in HR may have access to all sorts of confidential data about other employees, and they may be allowed access to Web 2.0 sites like LinkedIn and blogs for work purposes – but they should not be able to post that confidential data to public blogs or networks. Good data loss prevention technology takes into account the context of the situation – who is accessing what type of data, where they are trying to send it and by what methods – in order to apply the right policies. 

In setting Internet usage policies, HR, often in conjunction with the company’s legal team, needs to define business use and personal use of the Internet, including how to manage use of social networking sites where relationships may blur the line between professional and personal. Create social media guidelines and educate employees not only on the policies but also the reasons the policies are necessary, including maintaining a safe work environment, protecting the employees and company from network security risks, loss of intellectual property or personal data, corporate brand reputation and others.

By working with IT and facilitating the conversation with other areas of the business who have legitimate work-related reasons for using Web 2.0 and social media, HR can help guide the company to safely embrace the latest Web 2.0–enabled business tools.

Biography

Susan Brown is Vice President of Human Resources at Websense, Inc. Brown is responsible for all human resources functions at Websense including compensation, benefits, employee relations, recruiting, and leadership development for the company's employees worldwide. She also oversees many of the company’s administrative functions including corporate training and development, and facilities management. Prior to joining Websense, Brown served as the director of human resources at Stac Software Inc., operations manager at software consulting firm IG Systems Inc., and manager of internal systems for Logicon/Fourth Generation Technology Inc. Brown is a member of the Society of Human Resources (SHRM), the San Diego AEA Human Resources Roundtable, the National Association of Stock Plan Professionals (NASPP), and WorldatWork. She is certified as a Senior Professional in Human Resources (SPHR) and received a B.A. in psychology from the University of Virginia at Charlottesville.

(1) ComputerWorld “Companies turn to new tools to measure Web 2.0,” November 20, 2008.
(2) “Come on In. The Water’s Fine. An Exploration of Web 2.0 Technology and Its Emerging Impact on Foundation Communications” by David Brotherton and Cynthia Scheiderer September 2008.