Social networking and the Corporate World

Manjari Juneja takes a look at how companies can take advantage of social networking

Social networking is emerging as a powerful tool these days. Events which happen around the world appear first on Web sites such as Twitter and Facebook before appearing on electronic or Web news publications. Indians spend most of their time on Facebook and Orkut where they can collaborate with their friends instantly. These Web sites are also easily accessible on mobile phones making it easy to stay connected while people are on the go.

Enterprises can effectively use social networking as a beneficial tool to target their audience, build customer and employee relationships and enhance their business. Social media helps these businesses make their presence felt on the Web and remain competitive amongst their peers. Not only is it an inexpensive way for enterprises to connect with their existing and potential customers but, perhaps more importantly, it adds a human element to the whole process. Social networking is specific to your needs in terms of reaching out to customers and potential business associates. It is cheap as it does not require any external hardware, software or server purchase.

Abhinav Karnwal, Product Marketing Manager, APEC, Trend Micro, said, “The key to building a successful enterprise is communication. Often, the corporate structure and hierarchies existing in all enterprises, create boundaries that preclude people from getting things done in the desired manner. Now companies have a chance to break down the walls of complex, ineffective hierarchies and to empower employees to get things done. These tools are simple, fun, engaging, and inspirational. Bringing fresh winds of change to the stale corporate mentality is a good thing and should be welcomed. Social networks are being used by businesses seeking new ways in which to communicate and engage with their customers.”

Surendra Singh, Regional Director, SAARC & India, Websense Inc, added, “When people hear the term Web 2.0, they think it’s only about social networking, sharing personal updates on Twitter, or watching funny videos on YouTube. The reality is that many businesses have already discovered valuable uses for Web 2.0. Businesses that are still trying to block employee access to Web 2.0 sites are missing opportunities. However, they need to have the right security policies and technologies in place in order to permit the safe use of Web 2.0 as this technology can help improve collaboration and information exchange among employees. It can streamline communication and processes, provide market insights, allow businesses to interact directly with customers and stakeholders, and can even be used to identify new ways to generate revenue.”

Leveraging Social Networks

A company can use social networking to establish a distinct online reputation in comparison to the whole industry. A mix of various tools such as Social Bookmarking, Wikis, Agile Project Management, Web Office, Blogging, Twitter and so on help an organization achieve great levels of improvement in terms of intercommunication and knowledge sharing among different hierarchies in the company. They also add great value when it comes to publicizing the latest developments in the company, hiring & recruitment, and creating an open work culture.

“Enterprises can use this as a promotional vehicle or launching pad for new products and services. Social networking through peers has a strong impact as concepts can be communicated to niche markets. Companies also use social networking to understand users’ experiences with a product. Social networks also create a public knowledgebase for a company’s products and users can help each other in sorting out problems. Products like video games, children’s development tools and toys, weight loss medicines, books, vastu products, fiction, non-fiction books etc. benefit through social networking,” said Ram Krishna G., Technical Head, SANVEI Overseas.

Bhavin Turakhia, Founder & CEO, Directi, added, “Social networking tools are extremely helpful in giving a personality to a company. This helps in building trust which greatly helps in improving customer relationships. As it is a means of rapid communication, it also helps quickly establish a brand name and provides real time knowledge sharing and gathering.”

As communication becomes easier and more immediate, the number of methods for communication via tools, technologies and interfaces grows exponentially. People are connecting and collaborating internally and externally using exciting new technologies that combine voice, video and text for a robust and intriguing experience.

Amit Sinha Roy, Vice President, Marketing, Cisco, India & SAARC, informed, “For example, Ciscopedia is Cisco's newest global collaborative space, where employees can share and find knowledge on useful informational topics. More than just an encyclopedic wiki like Wikipedia, this is integrated with the Directory to connect employees with people across the company that has information on their topic of interest. It has transformed the way employees work by bringing relevant people and information together in one place.”

Websense shared some examples of how businesses and government organizations have successfully used Web 2.0. These show the benefits of Web 2.0 and prove that businesses can no longer simply say ‘No’ to Web 2.0:

• Dell said that Twitter had helped it generate $1 million in revenue over the past year and a half through sale alerts. People who sign up to follow Dell on Twitter receive messages when discounted products are available on the company's Home Outlet Store. They can click over to purchase the product or forward the information to others.
• Kimberly-Clark Corp. has an online community for users and potential users of its Scott personal care products. In 2008, the consumer products company began taking steps to analyze the data compiled by the Web 2.0 application. Kimberly-Clark now links data compiled on its community site with customer profile information, helping identify its most loyal customers and to market products to specific segments (such as parents whose children are ready to move from Huggies diapers to Pull-Ups).
• The Open Society Institute in Baltimore started a blog where it lines up Baltimore citizens and ‘issue experts’ each week to post short blog entries with an idea for how to improve their city. The posting is then open for the public to comment on. This has generated 5,000 registrations and 500 loyal, repeat readers who are spending enough time on the OSI Web page to read and comment regularly on the entire postings.

Security a major concern

The most important security measure that a company should take in using social networking for business is to ensure that it has a competent and trustworthy team carrying out this task. Since these are the people representing the company to its customers on a constant basis, it is crucial that they are intelligent and in tune with the company’s culture. From an IT perspective, what needs the most protection is corporate data and not Web access. Sometimes a social networker shares too much of a company’s internal data. This should be checked through packet filtering techniques.

Vikas Desai, Lead Technology Consultant, India & SAARC, RSA, The Security Division of EMC, informed, “Enterprises can ensure that their employees are aware of the security threats posed by the use of social networking sites. While companies can disable access to such sites from within the organization, a more effective approach would be to ensure that the enterprise implements a holistic security solution, which encompasses all aspects of security. If the enterprise can govern the access of information only to the right employees, loss of data by the attackers getting into the network can be minimized.”

Social networking sites have become a hotbed for online criminals because of their global reach and the participation of hundreds of millions of active users from all walks of life. This makes these communities prime targets for exploitation by criminals who seek to steal personal information through socially engineered attacks. The sites themselves are vulnerable to phishing attacks. Once an attacker breaks into a victim’s account it becomes easy to leverage the social network of the victim and harvest information from other users. This information could be used for various nefarious purposes like breaking into a user’s bank account or enterprise account etc.

IT managers need the right policies and security solutions in order to safely say ‘Yes’ to social networking. Businesses need a secure Web gateway and Data Loss Prevention (DLP) technology. They need real-time analysis and categorization of specific Web content on a page so that they can block just the malicious or inappropriate content, not the entire page or site. They need the ability to detect dynamic threats on the fly because Web 2.0 sites change constantly and can be compromised at any given point of time. Finally, they also need DLP technology to prevent their intellectual property and confidential data from being accidentally or intentionally shared on a Web 2.0 site or used in ways that it should not be used.

Disadvantages

Since 2007 and the boom in social networking sites, experts have seen a sharp increase of online attacks specifically targeting Web 2.0 applications. According to recent research, up to 19% of all online incidents could be affecting Web 2.0 sites.

The growing use of wikis, blogs, mashups and other Web 2.0 tools that allow user-generated content in business has created ample opportunity for cybercriminals. Hackers are increasingly targeting legitimate Web sites with 71% of sites harboring malicious code being existing legitimate entities. There exists a dangerous security gap when it comes to Web 2.0 threats. IT managers need to understand the unique risks associated with Web 2.0 and how to protect their networks and essential information

Diptarup Chakraborti, Principal Research Analyst, Gartner, said, “Social Networking is going to be all pervasive, just like e-mail, in enterprises as well as on the consumer side. It is one of the first cases of the consumerization of IT. But there are certain challenges that pose a threat to its growth like internal data security. Enterprises need to balance the benefits of social networking with the security risks.”

The fact that there is so much transparency, means that if anything goes wrong, everyone will know about it. There are also the never ending confidentiality issues. In the corporate context, this means that there could be an unwelcomed exchange of information or ideas between employees of different companies. Then there is the viral nature of the Internet, which can be a drawback when it comes to anything negative about a company, leading to unnecessary rumors. Finally, if resources are not allocated adequately it could become difficult to connect with the target audience on a regular basis.

How to keep employees engaged at work

Social media has both positive and potentially negative aspects for enterprises. A survey conducted by The Social Development Foundation of the Associated Chambers of Commerce and Industry (Assocham) said that employees at the workplace spent an average of an hour a day on sites like Orkut, Facebook, Myspace and Linkedin, leading to a loss in productivity of nearly 12.5%.

Managers and CEOs should educate employees on how surfing and socializing on social networks is affecting their productivity and a regular check should be kept on employee work hours and workload. Employees should be made aware of how constant social networking eats into the company bandwidth and consequently adversely affects the speed of other Web applications. A fair opportunity should be given to employees as recreational activity but a strict tab should be kept on the number of hours that they spend on these sites. Also, if need be, as a standard rule, social networking sites should be made unavailable during peak business hours, in order to avoid any unpleasant confrontations between management and employees.

Bhaskar Bakthavatsalu, Regional Director, India & SAARC, Check Point Software Technologies Ltd., said, “At the corporate level, enterprises can rely on the same tools that they use to protect their networks, starting with a robust security architecture that incorporates a good firewall and powerful IPS to detect blended threats and shield against all sorts of security attacks. This should be complemented by a comprehensive end-point security solution that provides support against rapidly proliferating worms, Trojans, spyware, and other malicious code that can threaten business continuity, require time-consuming incident remediation, jeopardize user productivity, and introduce numerous risks due to altered or stolen data.”

Educating employees is an important best practice that an organization can follow. But education has its limitations. A much better approach would be to implement a security strategy that is information-centric and focuses on the risk aspect. Enterprises can ensure that their employees are aware of the security threats posed by the use of such sites. Companies could disable access to such sites from within the organization. However, the real challenge lies in protecting against such attacks without losing the potential benefits derived from accessing them. These benefits are quite real and putting a blanket ban on such sites may put companies at a competitive disadvantage particularly in some sectors.

A more effective approach would be to make sure that the enterprise implements a holistic security solution, which encompasses all aspects of security. If the enterprise can govern the access of information granting it only to the right employees, loss of data to attackers infiltrating the network could be minimized.

Productivity is only one of the issues affecting a company and yet this is often being allowed to overshadow other concerns such as having the right security. While it is important to have good productivity—blocking Web 2.0 is not the answer. Companies need to stay competitive and attract the best employees and allow them to use the right tools for the job. With the right security and policy settings you can not only keep your company and its essential information safe, but you can empower your employees to use Web 2.0 tools at the right times and for the right purposes. For example, the marketing department may need to use Facebook or Twitter to promote the company and so have full access, while another department could be granted access to Facebook for personal use during the lunch hour. This can all be managed easily with real-time security and a realistic Internet access policy. The result is that employees are happy and productive and, more importantly, the company is safe.

Challenges in adoption

The biggest challenge for companies, while adopting social networking platforms is establishing a solid return on investment. This comes from the fact that while social networking helps build a company’s personality and builds trust amongst customers, it does not directly lead to making sales.

From an internal standpoint, the biggest challenge would be to provide a secure environment in which employees can utilize social networking tools. They need to find a solution that provides robust Internet filtering and monitoring of Web-based threats, including spyware, IM and P2P. While many companies are still determining the best ways to leverage social networking tools one thing is for sure—social networking will continue to shape the ways in which businesses collaborate and communicate, inside and outside the enterprise.

Though many organizations already allow access to some types of Web 2.0, a dangerous security gap exists. Within their virtual circle, social networkers have established a fairly high level of trust. They share information, images, files and content of all sorts in good faith among their network counterparts, without requiring identification or any other sort of validation. Because they believe that they are in a close, intimate space, users are more likely to trust other senders and click on unknown links, upload new applications or videos or surrender personal information. Once introduced onto a user’s circle, one can imagine that a hacker wouldn’t have a difficult time propagating spam-like posts to all of the user’s connections.

Not only do these sites pose an increased threat to the network, but disastrous consequences loom, such as leakage of sensitive data or misuse of posted corporate information. The potential security risk is high enough to motivate a number of businesses to prohibit their employees from accessing social networking sites while on the job.

Given the nature of social networking, it poses several risks and an organization needs to balance this risk proposition cautiously while taking advantage of this tool.

manjari.juneja@expressindia.com