Smart phones, social networking and the workplace

Personal smart phones, such as the iPhone, brought to work by employees, give them direct unmediated access to social media and social networking sites, such as Facebook, Twitter and YouTube - regardless of whether or not their employer blocks access to such services via its own systems.

Does this mean that it is utterly futile for an employer to seek to block or limit employee access to social media via its own IT systems, or to set policies covering social media use by employees? Actually, I don't think it does.

Thinking about this issue this morning, I have identified three separate areas of focus for employers (there may be more - please let me know in the comments):

(1) The need for an employer to protect its reputation and confidential information
The fact that employees bring smart phones to work and may use them to access social networking sites does not have any bearing on this point - save to make it even more important for employers to get this right.

From a legal point of view, if an employee is going to breach their employer's confidentiality or damage its reputation, it doesn't really matter if they do this by writing a letter to the editor of The Times or posting a status update on Facebook. The issue will generally be the same: what in the UK would be called a breach of the duty of mutual trust and confidence.

Nor of course does it matter if the means the employee uses to communicate the damaging content in question is a work computer, a home computer, a work phone or a personal smart phone. Nor does their location matter when they make the damaging communication - at home, at work, on holiday, it doesn't matter.

In which case, you could argue that an employer's existing policies (and plain common sense) covering the issue of reputation and confidentiality should suffice for social media as for other forms of communication. But here I come back to one of the points I was trying to make in my earlier post: social media are qualitatively different.

For one thing, social media make unintentional breaches of confidentiality and reputation much more likely and potentially make the consequences much more severe, because of the scale of the potential audience.

Put it this way: I'm not going to inadvertently write a letter to the editor of The Times (oops, there I go again, I've just written another letter to The Times) but I may very easily inadvertently post a series of status updates on Facebook or Twitter that embarrass or undermine my employer or unintentionally/recklessly transmit business confidential information to the whole world of six billion internet users.

To me, this unintentional, reckless or ignorant aspect (as opposed to deliberate or malicious wrongdoing) is hugely important and requires a real effort to educate the workforce in social media literacy. It's just so easy to take part in social media conversations and treat them like chats between a small group of acquaintances, forgetting that the whole world can potentially see the contents of your posts. It is not just idiots who can make such mistakes, it is more a case of "there, but for the grace of God...".

Looked at from this point of view, the growing numbers of personal smart phones in the workplace make it even more important that employers have adequate social media policies in place and that they educate their workforces about how an employee's duties and responsibilities to their employer (which haven't changed) impact on their use of social media, whether at work or at home, and whether on personal or work equipment.

(2) The need for an employer to protect the security of its IT systems and data and/or devote bandwidth to business-critical activities

Again, the fact that employees bring smart phones to work and may use them to access social networking sites does not have any bearing on this point.

One reason why some employers block access to social networking sites from work computers and phones is the need to protect the security of their IT systems and data. Social media sites can be a conduit for viruses, trojans and related nasties - but not if they are blocked.

Different types of employer require different levels of security and IT lockdown, depending on their business activities and the associated risks. I absolutely accept that some employers are unduly strict and could afford to open up more, but in other cases the precautionary principle and emphasis on security is justified and necessary.

Imagine if air traffic controllers, for example, could toggle their screens between radar view and Facebook, free to download image files with malicious, hidden binary code.

OK, that's an extreme and silly example. But there are many kinds of business activities in the public and private sectors, where a strict approach to IT security, including blocking access to social networking sites, may be justified. The fact that employees in these organisations can access social media over the mobile phone network from their own devices has no bearing on this.

Even where full security lockdown is not such a major issue, it may be that employers block access to social media and other rich media websites to reserve bandwidth on their systems for business activities.

The argument of such employers may be that we invest in our IT systems to enable and grow our business not to give our staff access to social networking and entertainment. Our business activities and customer service may be undermined when our limited bandwidth is hijacked by non-work-related activities by employees.

Now it may be that such employers are missing out on opportunities for developing their businesses that would come from allowing their staff access to social media via work equipment. It may also be that they are at risk of losing their talent to more permissive employers. But there is a genuine debate to be had here, and the point about work systems being provided to carry out work business is clearly a legitimate point.

(3) The need for an employer to ensure that its employees spend their time at work productively
This is the only one of the three points where I think the fact that employees bring smart phones to work and may use them to access social networking sites has a real bearing.

In my view probably the weakest reason that any employer can give for blocking access to social networking sites from work equipment is that it doesn't want its employees to waste their time on non-work-related activities. To me this approach could be described as a blunt-instrument technical solution to a management problem.

I don't want to sound glib, and I am aware of the scale of the management problems facing many organisations, but as a general rule I believe the way to ensure that all staff are using their time at work productively on work-related activities is through good enough leadership, management and supervision.

If an employee is able to spend hours every day on their personal Facebook, there is a serious management and supervision problem. Block Facebook and other social networking sites from work equipment without improving management and supervision and the employee will no doubt find some other way to waste time ... perhaps on their smart phone.

But frankly, when it comes to the implications of social media in the workplace, employee time-wasting is not the biggest issue. Much more important are reputation, confidentiality, security of systems and data and efficiency of IT networks. Employee participation in social media can impact all of these areas in a big way, so it is absolutely justified for employers to have concerns and tread carefully.