Many people don’t see a distinction between where they use the internet however for most companies it represents a large risk. A few years ago it was fairly unusual for a company to offer internet access to it’s employees however those times have changed now. Indeed many people rely on the internet as part of their job where applications are increasingly run online and from the cloud. So it becomes much more important to have policies and procedures to cover the use of the internet from the workplace.
Legal liabilities from defamatory postings by employees When a user registers with a site they typically have to indicate their acceptance of the site’s terms and conditions. These can be several pages long and contain difficult to read legal language. Such terms and conditions may give the site ‘ownership’ and ‘third party disclosure’ rights over content placed on the site, and could create possible liabilities for organisations that allow their employees to use them.
For example, where a user is registering on a site from a PC within the organisation, it may be assumed that the user is acting on behalf of the organisation and any libelous or derogatory comments may result in legal action. In addition, information being hosted by the website may be subject to other legal jurisdiction overseas and may be very difficult to correct or remove.
Reputational damage ill considered or unjustified comments left on sites may adversely affect public opinion toward an individual or organisation. This can lead to a change in social or business status with a danger of consequential impacts. o Malicious code targeting social networking users causing virus infections and consequential damage Sites may encourage or require the download and installation of additional code in order to maximise the site’s functionality and potential values. Where sites have weak or ineffective security controls it may be possible for code to be changed to contain malicious content such as Viruses and Trojans, or to trigger unintended actions such as Phishing.
Systems overload from heavy use of sites with implications of degraded services and non- productive activities. Sites can pose threats to an organisation’s information infrastructure. Many employees consider it fine to access entertainment sites especially when they’re on lunch breaks or after work. However allowing hundreds of people to watch UK TV sites from a company network can cause huge issues to a network. Particularly as the use of rich media (such as video and audio) becomes the norm in such sites, the bandwidth consumption generated by these sites can be significant and they have the potential to be the biggest bandwidth consumers within an organisation. Video streaming from popular sites like BBC iPlayer or Netflix like these, can use up huge amounts of bandwidth and cause latency in mission critical applications.
Intimidation of employees from inappropriate use of sites leading to investigations
How might the organisation respond to these risks? Whilst there are technical controls that could be applied the main defence against threats associated with blogging and social networking is awareness related. Actions that may be considered by NHS organisations include: 0 Deploying technical controls to block or control permitted website usage; 0 Revising and updating organisational policies to include acceptable use of blogging and social networking sites. Policies and standards should be clear about the acceptability of accessing sites during working hours and from the organisation’s internet connected devices eg. PCs, mobile phones etc. The consequences of non-compliance with organisational policy should also be clear;