Social networking is having an increasing impact on the human resources function, and businesses will need to be proactive not reactive if they want to retain some semblance of control, says, Lesley Meall, FSN contributing editor.
When a couple of employees at a Domino’s Pizza franchise decided to post a ‘food preparation’ prank video on YouTube little did they know what this would lead to. Within a few days they had gained more than a million viewers, but they had lost their jobs and faced criminal charges – and things were looking quite bleak for their unfortunate employer too. Domino’s USA became the centre of a worldwide media storm.
The democratisation of the internet has put powerful, creative and collaborative (Web 2.0) communications technologies (potentially) at the disposal of everyone and anyone – and people are not afraid to use them. This has been an incredibly empowering and liberating experience for many individuals (on very many levels), and it’s not been all bad news for businesses either. Despite high profile debacles such as the Domino’s incident, social networking tools have a lot that is good to offer, particularly in the arena of human resources.
HR departments are using social networking sites, such as Ecademy and LinkedIn, to source candidates and better research prospective employees; some are using massively multiplayer online role-playing games (such as Second Life) as the venue for online training sessions and staff appraisals; some are creating their own information pages on sites such as MySpace to communicate with prospective and current employees and posting corporate ‘showreels’ to sites such as Facebook and YouTube.
But while positive developments such as these have yet to become mainstream, many of negative manifestations of social networking are significantly more widespread – and the Domino’s debacle is just the tip of a looming iceberg. As well as the potential for corporate reputation damage, social networking can threaten the safety and security of information systems and the sensitive corporate and personal data they contain, and create a host of HR challenges in areas ranging from cyber-bullying to productivity – or rather, the lack of it.
Risky business?
According to recent research by Morse (the IT services and technology company), the use of social networks by employees at work is costing UK businesses £1.38bn each year, just in lost in lost productivity. “The popularity of social networking sites such as Twitter and Facebook has grown considerably over the past couple of years. However, with it has come the temptation to visit such sites during office hours,” says Philip Wicks, a consultant at Morse, “and when it comes to an office environment, the use of these sites is clearly becoming a productivity black hole.”
When the researchers commissioned by Morse surveyed 1,460 office workers, over half (57%) said that they used social networking sites during the working day for personal use. By their own estimates, these people were spending around 40 minutes on these sites each week, but when asked to estimate the use of colleagues the figure leapt to around an hour each day. So the amount of time wasted each year by each employee could be one week, or it could be considerably more: either way, clearly the time has come for employers to take action – and not just because of the implications for productivity.
Morse comes at the problem from the information security angle. “After years of preaching the security dangers of clicking on unknown emails and websites, employees can unintentionally be letting their guard down when it comes to clicking on links from social networking sites,” warns Wicks, identifying Twitter as a nascent problem. The practice of URL shortening obscures the original address for websites, which increases the risk of phishing scams, malware and computer viruses, and 81% of the workers surveyed admitted to worrying about clicking on a link to an ‘unsecure’ website.
But this is not the only social networking security issue that demands attention. Posting sensitive personal information on social networking sites can create myriad problems; because of the inventiveness of hackers and social engineers, online privacy is a misnomer. To get an idea of the latest risks take a look at the recent blog post from Choon Hong at F-secure (and see how Instant Messaging is being used to break into MySpace pages), watch the vox pop at Sophos (and see how easy it is get personal details from people), or download the Sophos white paper (and learn how to balance the need for employee privacy and business security).
If the Morse survey results are anything to go by, employees are unperturbed. A third admitted seeing sensitive information on social networks, but 84% felt that it should still be up to them what they post online. So those responsible for HR need to include social networking technologies in corporate communications policies and staff guidelines on internet use (and misuse), to redefine the boundaries of acceptable and unacceptable behaviour, and make sure that employees (at all levels) are aware of the potential implications of their actions.
Horses for courses?
For some organisations this must feel like too much effort for too little reward. When the specialist recruiter Robert Half Technology recently surveyed chief information officers (at US organisations big enough to boast one) it found that 54% had completely banned workplace visits to social networking sites such as Facebook and Twitter, 19% permitted business use only, 16% permitted limited personal use, 10% permitted any type of use, and a (reassuringly) tiny 1% had no idea what the corporate policy was.
“It’s understandable that some companies limit access,” comments Dave Willmer, executive director at Robert Half Technology, while noting that the one in five companies that allow use for work-related purposes seem to believe that they can “leverage these sites as effective business tools.” Clearly, every single organisation will need to decide which approach is most appropriate for their particular business, but all organisations would do well to ensure that every single member of staff knows exactly what is and is not acceptable (or expected) behaviour.
Exisiting internet use and misuse policies and guidelines need to be kept up to date and where none have been put in place, they need to be introduced. You will find a free sample internet use and misuse policy at Business Link, but it’s quite limited; the social computing guidelines that IBM has put together for its employees are more extensive and detailed, and even if they are not entirely appropriate for your particular organisation, anybody who is responsible for HR would do well to read them from end-to-end, if only because of how enlightened and enlightening they are.
If you are interested in getting a broader perspective on the approaches that other organisations have taken to managing their employees’ use of social media you will find a list of click though links to the social media guidelines of 40 different organisations on the website of Australian social media strategist Laurel Papworth. Also, the website of the Chartered Institute of Personnel and Development includes a very balanced and non-technical explanation of the reasons why businesses need internet use and misuse policies, and although it is aimed at employers, many employees would benefit from reading it to.
Heads up?
However, it is important to be aware that policies on employee use of social media seem destined to be something of a moving feast. This is a fast-changing area, and those responsible for HR will need to keep a watching brief if they want their guidance for staff to reflect the latest developments - and minimise the potential impact of the associated risks. Getting ahead of the curve will be beyond the capabilities of most organisations, most of the time, but the researcher Gartner recently issued a warning, and guidelines, on a looming threat: avatars.
“As the use of virtual environments for business purposes grows, enterprises need to understand how employees are using avatars in ways that might affect the enterprise or the enterprise’s reputation,” suggests James Lundy, managing vice president at Gartner. One of the reasons that virtual worlds and role playing games are so popular is that they enable visiting ‘players’ to be whoever they like and do whatever they like, whether they are visiting with their personal or their professional hats on, and employers and employees will need to be cognisant of the potential implications.
According to Gartner the increasing use of three-dimensional avatars will create challenges in terms of policy, dress code, behavior, and computing platform requirements, and the research giant is predicting that by the end of 2013, 70 percent of enterprises will have established behavior guidelines and dress codes for all employees who have avatars associated with the enterprise inside a virtual environment. “We advise establishing codes of behavior that apply in any circumstance where an employee is acting as a company representative,” says Lundy, whether this is in the real world or a virtual environment.
Gartner has identified six tactical guidelines that organisations can follow to make the best use of avatars in the business environment. If your employees (and their avatars) are already visiting virtual worlds in a professional capacity it is important to ensure that employees are educated on the risks and responsibilities of reputational damage. The Domino’s Pizza debacle has shown what can be achieved with a camera, an internet link and a bad idea; who knows what havoc wayward avatars could wreak? Time will tell.
