Web 2.0 tools put data at risk
UK enterprises are not prepared for the potential risks associated with the use of social network and Web 2.0 technologies in the workplace, despite recognising the business benefits they can bring, according to new research from information risk management firm Recommind.
The survey quizzed 100 CIOs and IT directors at UK firms with over 1,000 employees about the use of Web 2.0 and social networking technologies in the workplace.
The research found that social networking sites such as LinkedIn, Twitter and Facebook are still primarily used internally at UK organisations, with 44% saying they use them for communicating and sharing information with colleagues around the world.
A quarter of respondents said they utilise the technologies for external uses, such as marketing and sales, business development and research via discussion forums. 23% said that they use them for external communications with partners. These two figures seem to contrast with the 59% of respondents that claimed better external communication with customers was one of the benefits of social networking and Web 2.0 tools.
The research also examined the concerns that companies may have about employees using these tools. Employees behaving irresponsibly or posting inappropriate material topped the list with 73%, followed by information leakage and data breaches.
“Businesses need to think very carefully about how best to address the increasingly mainstream usage of these tools by their staff. In a Web 2.0 world communication is instant, but information can get divulged, co-opted or misconstrued very easily, leaving organisations wide open to information risk,” said Craig Carpenter, VP and general counsel at Recommind.
Just under a quarter (24%) of respondents said that their method of reducing risk is to restrict all access to certain sites and tools, while 29% said that they use the same guidelines as they use for email. 8% said they have no policy in place to control what information is posted.
“Firms must ensure their employees are fully aware of the possible ramifications of using these tools in such a dynamic and evolving technological landscape. And while having a company policy in place is common sense, any such policy is only as effective as its enforcement,” said Carpenter. “Companies risk losing a competitive edge if they restrict access outright in the workplace, so control is the key to maintaining both the corporate advantage and also ensuring that the organisation has adequate procedures in place to protect against information risk.”
The vast majority of respondents (70%) said that responsibility for implementation and enforcement of social networking and Web 2.0 policy lies with the IT department, while just 17% said it was the responsibility of the legal department. Mike Davis, senior analyst at Ovum said that relying on the IT department is not the right way forward.
“It shouldn’t be the IT department’s responsibility just because it’s a technology issue. It needs to be a company-wide process-driven solution. It needs to be discussed and addressed at board level,” he said at a roundtable to mark the publication of the report.
Antony Corsi, a partner at Fulbright & Jaworski LLP in London, echoed these thoughts. “It needs to be a combination of three departments: IT, for the technology knowledge; legal, for the regulation and legislation knowledge; and the boardroom, because they have the power to do something.”