This article originally appeared in the Jan. 2011 issue of InfoTECH SPOTLIGHT

Without a doubt, the use of social media in the workplace is a bit of a double-edged sword.

Social media has had a profound impact on businesses not only in terms of corporate reputation and branding, but perhaps more important, security and the rise in social media usage in the workplace. With Web 2.0 collaborative tools on the rise, a key part of employee collaborative tools is social media, which has necessitated company policies and best practices.

While a majority of businesses offer detailed guidelines on appropriate telephone and Internet usage, many companies are struggling with adopting procedures as they relate to the use of social media outlets during business hours and while on the corporate network.

In April 2010, it was reported that an astounding 110 billion minutes were spent on blogs and social networking sites, according to The Nielson Company.

IT market leader Cisco (News - Alert) recently announced its latest results involving how new media such as video, consumer devices and social media are changing the ways of IT policies in the workplace.

Chris Kozup, director of mobility solutions for Cisco explained recently to TMC (News - Alert) that Cisco’s latest findings reveal how real-life consumer trends like social media, video, and increasing numbers of devices in the workplace are causing many employees to question the relevance of corporate IT policies and even break them with more regularity.

The study surveyed 2,600 workers and IT professionals in 13 countries and revealed that while 82 percent of companies have IT policies, 24 percent of employees are unaware that they even exist. Twenty percent of employees worldwide surveyed said they break IT policy because they believe their company or IT team will not enforce it.

There is no doubt, the use of social media in the workplace is a bit of a double-edged sword. Depending on the business, many argue that the use of social media platforms if used professionally can actually benefit the business.

Companies “deeply engaged” in social media grew revenues by 18 percent over last year, according to Charlene Li, founder of the Altimeter Group; and companies that were least engaged dropped 6 percent on average.

Given the magnitude of social media on many levels in the workplace, in an interview with Cisco’s Christopher Burgess, senior security advisor, he explains the importance for companies to more closely evaluate social media in terms of IT policies.

“Social media is evolving – it’s in a dynamic state right now,” Burgess says, pointing to Cisco’s own social media handbook, which is frequently updated and available on the Internet for others to review and use as a model.

“We built this guide on the foundation of our code of business conduct as well as our information security policies and to introduce our employees to the different aspects of social media that they are experiencing externally and what our expectations are for internal use,” he says.

In his own informal survey, Burgess says that in the past couple of years, a minority of companies had a social media handbook, “and now I would say more and more are taking this route.”

Social media is also assisting companies spread their marketing messages, both those in business-to-business and those in the business-to-consumer end of the equation.

“We recently did a product launch using social media – it saved us a tremendous amount of operational expenses,” says Burgess. “We ended up with more positive metrics after the launch than we did previous to social media.”

In fact, the company frequently points to Cisco’s ASR1000 product launch as a case study in leveraging social media for this purpose.

“One aspect that is very much a pro for the business is the internal collaboration realm – the same tools we see outside that allows companies to interact externally, can now interact internally as well,” Burgess explains.

However, the wild card that every company is dealt is how to best handle employee usage of those tools and getting ahead of the curve.

“Social media here to stay…I view a company that is not yet engaged may find themselves left behind. We have a generation that has embraced social media and that is their preferred method of communication,” Burgess says. “We are living in a more responsive, more socialized world – especially in the retail arena. It is easy to go on to Twitter and say that a service was less than par. This is giving companies a chance to fix the solution privately, but also publicly as well. One where you hear from consumers in a manner they may not be expecting – it could be a failure, or conversely, a huge success.”

Burgess says he views location-based services as a double-edged sword, calling some uses reasonable and others “worrisome.” For example, a navigation system that automatically calls out to get assistance during an accident is what he calls a “very positive use.” But Burgess says constant location check-ins via Twitter, Facebook (News - Alert) and other social media sites can create a hazardous situation of oversharing.

“A more worrisome use is a check-in service where you sign up and every time you go into a place your smartphone triggers where you are and posts where you are located,” he says. “I wouldn’t want my executives known where they are all the time. I don’t think consumers or companies know yet how this can be aggregated. That to me if you’re using location as well as commentary you might be oversharing or you have the potential to overshare. So if you’re using it, have a strategy mind.”

He points to the hotly debated net neutrality issue and forthcoming policies out of Washington, D.C., that will be enforced b y the Federal Trade Commission. For example, Burgess says, Cisco employees must identify themselves when they are blogging about Cisco or talking about Cisco.

The House Energy Commerce committee recently introduced its “Do Not Track” legislation – the idea is making sure consumers can opt-out of providing information that could be shared with a third party. Microsoft (News - Alert) announced that the next edition of Internet Explorer (Version 9) will offer consumers a new opt-in mechanism called Tracking Protection to identify and block many forms of undesired tracking. According to an ABC News report, David Vladeck of the FTC testified that the current opt-out choices offered by the private sector are confusing; consumers think they are opting out of third-party tracking, for example, when they are in fact just opting out of receiving targeted ads.

But sharing personal information at will via social media networks leaves users vulnerable and subject to potential privacy breaches – which in and of itself is another security challenge for companies. Andrew Walls, research director of security, risk and privacy at Gartner (News - Alert), says that public social media sites have each taken various approaches to securing personal data.

“I hesitate to say ‘private’ data as it is not clear what constitutes private information when the ostensible owner has chosen to place this information in a public service that is not under their control,” says Walls. “Facebook has made regular changes to the type and number of controls available to users. Despite this, they still attract numerous complaints regarding the exposure of personal information.”

Yes, unfortunately, providing the user with more control capabilities does not consistently produce better security, Walls adds.

“Users are not always sufficiently competent or informed to be able to leverage control capabilities to best effect. The core problem here is that human social networks are founded on the sharing of personal information,” he says. “This is how humans ‘bond’ to each other. By providing strong support for sharing, social network providers simultaneously set the stage for apparent privacy breaches.”

When it comes to social media policies for businesses, Walls agrees that social media is an awesome tool for communication. To make his point, the same goes for e-mail, a website, a mobile phone and cave paintings, he says.

“To gain advantage from tool use, you must be aware of the tool’s capabilities, skilled in its use and capable of modifying your business processes to apply the tool. Many businesses are gaining huge competitive advantage through use of social media,” he says. “Other businesses are either consciously ignorant or in flagrant denial of the societal impact of social media. Participation in social media is inevitable. To a certain extent, social media is replacing many functions performed by traditional web sites and email. Businesses that ignore or deny the impact of social media will not wither away and die, but they will miss opportunities that will be snatched away by their more agile competitors.”

Internally, Walls says, many companies are nervous about allowing employees to use social media and are placing restrictions on their networks to block or filter access.

“I am all for monitoring social media use, but blocking access is a waste of time and counter-productive. Employees that are blocked from FB simply access it on their smartphones or from home,” he says. “By blocking access at work, employers are forcing employees to participate in social media through networks that the employer cannot monitor. The company is turning a blind eye to staff activity in social media. This may provide for effective legal cover or bureaucratic self-defense, but it is short sighted and ultimately futile. Enable social media access at work and then monitor what is being discussed.”

Burgess emphasizes the criticality of having an employee policy for social media usage, and to not only look at what may be needed for today, but to constantly update those policies as the phenomenon of social media continues to evolve.

“If you do not have a handbook, you have a lot of issues you need to address. If you already have one, you need to look at what is not covered and what you do have – are they reasonable policies?” Burgess advises. “Minimally, I suggest you thoroughly understand the level of data you are sharing with any of the location based services within the context of who, what, where and when that data will be shared and who the data is being shared with.”

According to Walls, there is also an increasing disconnect between legal concepts of privacy and societal expectations and formulations of privacy.

“Most privacy laws attempt to identify the kind of information that is private and then legislate controls and penalties associated with failure to control. These laws are marginally effective, but they do not focus on how people manage privacy. Information is not, in and of itself, private. For example, is your social security number ‘private’ data? Of course not. It was issued by the government and thousands of people and companies have access to the information (banks, schools, medical practitioners, spouse, children, parents, etc.). the same goes for your birth date, mother’s maiden name, etc.

“The privacy of the information is not the issue. Social concepts of privacy are associated with 1) knowledge of actions (“I know what you did last summer”) and 2) inappropriate use of personal information. The former falls into the realm of illicit surveillance, voyeurism and the like and there are numerous laws restricting these actions. At the same time, we are seeing a massive increase in the level of government sponsored surveillance of public spaces,” Wall says.

There is an apparent conflict between the passage of privacy laws by a government that is simultaneously removing all vestiges of privacy in public spaces, he adds.

“Social concepts of privacy generally focus on the inappropriate use of information rather than simple possession of the information. You can have my social security number, but if you use that data to get a credit card in my name, I will be very upset,” says Walls. “For an individual, the best practice is to limit their personal distribution of information that could be abused. The social media sites, particularly social networks, provide controls to assist with this, but people using social media must also limit the information they share in alignment with their personal concerns about privacy. Strong security controls in Facebook will not compensate for indiscriminate uploading of sensitive information.”