After Eric and my talk on the Young & Free Alberta program at the CU Tech Spring Forum on Wednesday in New York, an interested attendee stopped me to comment, "That's a great program, but we could never do something like that. Since we don't allow Facebook, YouTube or any other social networking sites at our credit union, we certainly wouldn't want to promote their use."

The woman next to him added, "Yeah, it's a real problem. I manage 16 frontline staffers and to curb time wasting, we block all social networking sites. Plus our IT department says these sites present too much of a security risk."

This quick exchange defines the internal struggles facing credit unions as they contemplate the social web (social networking sites and blogs). There are two intertwined questions that need to be considered.

1. Should we allow our credit union employees to participate on the social web while at work?
2. Should our credit union have a presence on the social web?

I am going to break this subject into two posts. First up, the reasons to block employees from accessing the social web while at work.

Reason 1: Security

Here is a general overview of the dangers of the Internet in a corporate environment. This is from a report from the SANS Institute:

Users who are allowed by their employers to browse the Internet have become a source of major security risk for their organizations. A few years back securing servers and services was seen as the primary task for securing an organization. Today it is equally important, perhaps even more important, to prevent users having their computers compromised via malicious web pages or other client-targeting attacks.

And this is what the Network Security Journal has to say about social networking sites:

Since most people access social networking sites from the comfort and privacy of their home or office, they can be lulled into a false sense of anonymity. Additionally, the lack of physical contact on social networking sites can lower users' natural defenses, leading individuals into disclosing information they would never think of revealing to a person they just met on a street—or at a cocktail party.

The Government Technology Magazine adds:

Social networking sites such as Facebook, YouTube, Craigslist and Wikipedia, as well as Web services such as eBay and Gmail, enable self-publishing and high interaction between users through blogs, RSS feeds, podcasts and other technologies. These sites attract huge numbers of visitors, making them extremely attractive to hackers.

Moreover, the same technologies that invite user participation also make them easier to corrupt with malware such as worms that can shut down corporate networks, or spyware and keystroke loggers that can steal company data. Further, with the ability to post photos, video and audio recordings to sites, employees can inadvertently "leak" confidential company information.

Organizations are realizing how allowing access to these types of sites can compromise information security. Some companies are taking a hard line by prohibiting employees from visiting these sites and are enforcing the policy by blocking access using simple URL filters. Other companies block access and then go to the expense of setting up standalone kiosks that allow employees to visit Web 2.0 sites without exposing the network to malware attacks.

Reason 2: Time wasting

This is a hard one for me to comment on, because I actively encourage my staff to "waste time" on social networking sites. It is important to me for my staff to be well versed on emerging social media trends and to understand how all of this stuff works. The reality for a teller-line manager is very different. Again, I will turn to what the experts have to say.

In an article from the BBC, Facebook costs businesses dear:

Workers who spend time on sites such as Facebook could be costing firms over £130m a day, a study has calculated.

According to employment law firm Peninsula, 233 million hours are lost every month as a result of employees "wasting time" on social networking.

The study, based on a survey of 3,500 UK companies, concluded that businesses need to take firm action on the use of social networks at work. Some firms have already banned employees from accessing Facebook.

And this from an Inc.com article:

In 2005, American workers spent the equivalent of 2.3 million years’ worth of 40-hour workweeks reading non-work-related blogs while at work, according to a study by Advertising Age magazine. And that’s just blogs. Millions more work years were spent shopping online, checking eBay listings, cruising social networks, looking for vacation deals, Googling old flames, and, of course, ogling porn. A 2005 survey by America Online and Salary.com concluded that employers spend nearly $760 billion a year paying employees to goof off on the Web.

Yikes, these snippets present a strong argument to block the use of social networking sites at your credit union. If we listen to the IT and productivity experts, the downsides of allowing access to the social web are enormous. But before you decide to batten down the Internet hatches, read part 2 in this series where I explore the potential upside for your credit union to embrace the social web.

Tim