Over six million people in the UK work in public sector organisations. Recent research suggests that around one million of these do not receive any guidance on how to deal with social media in a professional capacity, or what security implications commenting on work on a personal level could have.
When you consider the highly sensitive nature of data routinely handled every day by public sector workers (from patient records and school reports to asylum applications), this has the potential to be a very big problem.
Social media has fundamentally changed the way that many people communicate. Information, no matter how trivial or profound, is being sent and received almost constantly on public networks. I frequently hear social media cheerleaders promoting the benefits of having a social media dialogue with customers or service users and they are no doubt right. However, for management and IT a line must be drawn to establish what can and cannot be shared.
According to Socitm, the IT management forum, 67 per cent of IT managers in the public sector completely block employee access to social media sites. On the face of it this might seem like an effective solution in itself, but with the prevalence of smartphones and the fact that employees can use social networking in the evening means that it is absolutely vital to have clear policies and guidelines in place.
A member of staff might not be able to tweet about sensitive information from their work computer, but the same information could be shared over a 3G network or from their homes in the evening to exactly the same audience.
Banning social networking would likely be met with resistance from staff and would be all but unenforceable in practice (with smartphones and so on), and cannot be used in place of having a social media policy. A rigid approach of controlling access would never stem the tide of data completely so a social media policy must always be developed, no matter what access control policy is implemented.
IT managers have a tricky balancing act; human behaviour is widely recognised as one of the biggest threats to information security in any organisation but at the same time staff must be permitted to work effectively and make best use of new tools. How do you empower employees to use new technologies, while simultaneously ensuring that data security is maintained?
An effective approach to the use of social media has to be policy driven. The data risks that it poses are constantly evolving as new channels for communication and sharing are devised, which makes it essential to have a uniform policy in place that explicitly covers all platforms. An official policy on what kinds of data must not be communicated on public channels is not only an enforceable measure, but can also enable staff to use social media in a positive and rewarding way for both them and their employer.