Dynamic Business Logo
Home Button
Bookmark Button

Managing implications of the new ‘Ciggy Break’

It’s no doubt social networking is a popular innovation that is here to stay, with the advent of Google Plus just the latest iteration of a social media crazed world.

While it’s not hard to see why social media is so popular, with the ability to connect with friends, family and colleagues and interact online like never before, the impact on small business is not so clear with implications on productivity and the security of critical business information.

Recent high profile cyber-attacks to organisations of all sizes demonstrate that no business is immune to cyber-criminals. A recent survey by Symantec for instance, showed 40 percent of small businesses have fallen victim to a cybercrime of one type or another.

These attacks can lead to the loss of crucial data such as client and personal information, documents, logins, and details of financial transactions such as credit card and billing information. The impact of losing a customer’s information for an SMB can be severe, leading to customer loss as well as reputational and financial impact of up to AUD$2 million per incident[1].

In an attempt to limit these threats, many small businesses have banned the use of social networking sites in the workplace. Today, half (48 percent) of Australian businesses have either made a policy banning the use of social networking sites or have blocked the sites altogether[2]. Some employers compromise by allowing employees to use social networking sites during their lunch breaks or downtime, much like the cigarette break of old (reference) but they reason that social networking, like cigarettes, is harmful to the health of a business.

What complicates the situation is how deeply penetrated social media is in society. In Australia, 62 percent of internet users visit a social networking site every day[3], some before they even get out of bed. It has become closely intertwined with our lives, especially since we can now access these sites through mobile devices anytime and anywhere. Recent research by Telstra for example, shows a growing percentage of Australians (36 percent) own a smartphone and 89 percent of those owners use it to access social networking sites.

The result is that while employers may have control over social networking usage on desktop computers, bans are ineffective against smartphones and tablets. Even if we cast mobile devices aside, employees will find creative ways to access social networking sites through loopholes in IT security or policy. The Excel book “Be stupid at work V3.0” application for example, allows people to login into their social networking site as an Excel spreadsheet to make it look as though they are working. The application sets up messages and statuses under headings such as ‘products’ and ‘clients’ in a spreadsheet format to avoid the curious eye of the boss.

The proliferation of mobile devices and circumvention of IT policy demonstrates a different approach required in managing the ingrained nature of social media. Banning social networking is often a blunt approach, where there are a number of ways small businesses can avoid security breaches while still managing the opportunities available to them. The primary tool is educating employees on how to use social networking sites safely.

Some tips include:

  • Beware of suspicious links. Check a website’s address and security certificate before entering to make sure it is a legitimate site. Always look to see if HTTPS is in the address. If it sounds too good to be true, it probably is.
  • Be wary of posting personal information. Avoid entering in sensitive and personal information such as your birth date. Even be cautious when giving out arbitrary details such as pet names or former streets you have lived. Cyber attackers can use any information to set up attacks against you.
  • Check privacy settings regularly. Constantly check that your account and information is secure as it can be to avoid potential attacks.
  • Don’t save passwords to a computer. Either commit to memory a strong password or store it in a reliable password management program.
  • Don’t accept requests from strangers.
  • Don’t click on links in messages. Instead type in the web address and search to ensure safety. Even if the link has come from a friend be wary of clicking the link. A popular and effective tactic of cyber attackers is to pose as a friend you may know and send you viruses.
  • Always report any suspicious activity. If you come across something that can be a potential threat, flag it to the site’s administrators and your IT team.

Ironically, while many small businesses are predisposed to banning social media, more and more of them are seeing success in using it as a business tool (97 percent of Australian businesses with a social media presence expect to see an increase in sales as a result[4]). Through effective governance and education, businesses can take advantage of social media as well as manage the potential security risks. The steps above present an initial starting point to help achieve this goal.


[1] Ponemon Institute, LLC. “2010 Annual Study: Australian Cost of a Data Breach”. Symantec. May 2011 http://www.symantec.com/content/en/us/about/media/pdfs/AU_Ponemon_CODB_May2011.pdf

[2] AAP. “Facebook on the job”. Daily Advertiser. 13 Dec 2010

[3] “What Australian People and Businesses are doing with Social Media”. Sensis Media Report. Sensis and AIMIA. 25 May 2011 http://www.aimia.com.au/enews/Membership/Members_Only/SENSIS_SOCIAL_MEDIA_REPORT_May2011.pdf

4 “What Australian People and Businesses are doing with Social Media”. Sensis Media Report. Sensis and AIMIA. 25 May 2011 http://www.aimia.com.au/enews/Membership/Members_Only/SENSIS_SOCIAL_MEDIA_REPORT_May2011.pdf

What do you think?

    Be the first to comment

Add a new comment

Sean Kopelke

Sean Kopelke

Sean Kopelke is an experienced security specialist, focusing on compliance, IT risk management and data loss prevention solutions. Currently serving as director of Symantec’s Specialist Solutions group for the Pacific region, Sean focuses on assisting both corporate and government customers implement best practice solutions to discover, protect, secure and manage critical information.

View all posts