Smart questions
Smart answers
Smart people
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login




Remember Me
Forgot Password?
Join Us!

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

Join Tek-Tips
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.
Jobs from Indeed

Link To This Forum!

Partner Button
Add Stickiness To Your Site By Linking To This Professionally Managed Technical Forum.
Just copy and paste the
code below into your site.

chriscboy (Programmer) (OP)
7 Sep 07 12:05
Hi,

The head of our dept has asked me whether we should allow our employees to have access to Facebook/YouTube/Myspace so that they can find out information about our customers / prospective customers.

I personally think this is a bad idea as I believe these apps are productivity killers and should only be used outside of work.

Do you have any policies/suggestions regarding the above? I would be interested to hear your thoughts!
lespaul (Programmer)
7 Sep 07 12:14
all blocked here....what kind of customers does your business work with that would have accounts on those sites?  What kinds of information do you expect to get from those sites?

I think FaceBook is targeted at the "older" generation, but MySpace seems to be more teen oriented and YouTube is videos....

Leslie
Cstorms (IS/IT--Management)
7 Sep 07 12:58
I agree, of course we would need to know what type of business you do but I can see NO reason to allow any of these sites and they are not only time consuming but in the case of MySpace may lead users to malicious content or links to software that you would be cursing yourself later if it ever got installed.

Keep your enviroment safe and productive and do yourself a favor and keep these out of reach.

Cory

lionelhill (TechnicalUser)
8 Sep 07 14:37
Besides which, if any of your staff let slip to any of your customers a piece of information that the customer realises they could have got from myspace/whatever, that will be the last you see of that customer.

If any firm I dealt with suddenly knew about my family birthday parties and that I like treacle sandwiches, frankly I'd find it scary/spooky/intrusive, and I wouldn't have anything to do with that company again. Ever.

Myspace is hardly private, but people have a misconception that it is, and some clients would definitely regard this sort of action as one step short of cyber-spying. Not good business.
chriscboy (Programmer) (OP)
10 Sep 07 4:18
Hi,

Thanks for your answers. You give some valid reasons to back me up when I go back to my manager and say no!

Regards

Chris



Helpful Member!(2)  kmcferrin (MIS)
10 Sep 07 14:31
Unless your job involves compiling clips for America's Funniest Videos, I can see how YouTube access really falls under the category of necessary for business.

Facebook and Myspace, however, have been used by HR departments from time to time to "check out" applicants and make sure that there are no obvious red flags (i.e., they brag about getting drunk and high every night, therefore they may not be a particularly productive employee).  But I find even that practice somewhat questionable, especially in the case of Facebook where you're supposed to be a student to get acccess to it.  At the very least you'd be gathering info on prospects under false pretenses.

grande (Programmer)
11 Sep 07 10:23
I'm going to go ahead and disagree with everyone.  Only block them if they're becoming a problem.  There is nothing wrong with employees checking these pages on their lunch or breaks.

I'd be hard-pressed to find a business purpose for accessing Facebook (beyond the already mentioned HR possibility), but if you treat your employees like criminals, they will leave.

-------------------------
Call me barely Impressive Captain.

kmcferrin (MIS)
11 Sep 07 11:51

Quote:

I'd be hard-pressed to find a business purpose for accessing Facebook (beyond the already mentioned HR possibility), but if you treat your employees like criminals, they will leave.

Well, there's a difference between treating your employees like criminals and maintaining the integrity of the systems that you support.  Granted, if you blocked access to these sites then no doubt some aggrieved web surfer will complain that you're treating them like a criminal.  However, there's been enough instances of malware propogating via Myspace and other social networking sites that blocking access to them falls under security best practices, not "making employees angry just because."  Besides, I find it hard to believe that anyone would ever quit a job because they weren't allowed to surf Myspace or Facebook at work (at least not anyone worth employing).
Cstorms (IS/IT--Management)
11 Sep 07 12:00
The way I see it, if you are on your companies machines and it is during the workday, without explicit permission to do so in no way should you conduct personal matters that will have no potential benefit to your organization, and in all reality could cause harmful results.

If you are on break, this is not considered free reign time for all the employees. As much as I agree that a workplace should not be a suffocating environment and be a place to be productive and still enjoy yourself, it must in all respects still maintain a level of operation that will not lend itself to illicit or damaging activities.

If this is the type of company operation you desire and you are not being fulfilled, it is not a fault of the company, but a fault in your expectations.

Cory

lionelhill (TechnicalUser)
11 Sep 07 12:55
As a user I'd far rather be physically blocked from looking at a site, than get in trouble for looking at something of which the management disapprove.

Some people will work well whatever distractions you make available.

Other people will find time-wasting activities no matter how hard you try to get them to work.

But there is a whole group in the middle who really wish someone would cut off our access to tek-tips because then we wouldn't be tempted to waste all this time offering advice on other corporations' use of FaceBook...
Cstorms (IS/IT--Management)
11 Sep 07 12:59
You know I was thinking about that while writing my response thats why I delicately added the "no potential benefit" part, as I know I have used these forums for work related issues and they have saved a decent amount of time.

It is pretty addicting here though... ;)

Cory

aarenot (Vendor)
12 Sep 07 0:53
Cory here is your quote with a little reverse application,

"The way I see it, if you are on your personal machine and it is not during the workday, without explicit permission to do so in no way should you conduct business matters that will have no potential benefit to you opersonally, and in all reality could cause harmful unpaid work results.

If you are on personal time, this is not considered free reign time for all the companies requests for you to read email, or use your own PC, or ISP for company business, including IM, EM, reading trade docs, tek-tips research, other reasearch, or simply checking your outlook.. As much as I agree that a home should not be a suffocating environment and be a place to be un-productive and enjoy yourself, it must in all respects still maintain a level of operation that will not lend itself to illicit or damaging activities, suc h as work related activities in any form..

If this is not the type of company operation you desire and you are not being fulfilled, it is not a fault of the company, but a fault in your expectations.
Cory"


My point is, this. I had my boss question me about looking up my ebay watch list on my lunch during my third day of work in the week after about 48  hours so far that week.   He asked me if I thought that was proper use of the company internet connection and desktop.   I told him this.   "Let's make a deal, I will never use the internet on my lunch, or break on company equipment( I did not use it for personal outside breaks/lunch), but instead go home after 8 hours to check my internet, and see you in the morning.   Also, since I agree I should not use the company internet on my break or lunch, I am sure you will agree that I will not be using my home PC or internet for any company business either.   DEAL?"   Oh, by the way, my two weeks vacation I will be out of cell phone range, and since the company doesn't supply the internet in the resort, I will not be checking email for two weeks either.

I did go in and apologize about the way I said it, but not the substance of what I said.   He agreed that when employees use personal assets for company business, the company has no business acting like a little tyrant about someone using the net on their break to go to major companies web sites that pose little threat.   

johncurtis (TechnicalUser)
12 Sep 07 10:13
To add to a point made by kmcferrin, we've had a PC infected by a trojan from an IM app on MySpace. Sites like this are now blocked.

John

I've got a stepladder. It's nice, but I wish I knew my real ladder.

SQLSister (Programmer)
12 Sep 07 11:00
And even the HR reason of investigating people is pretty lame. How can you be positive the site is the real John Smith or even the same John Smith you are looking for?

For instance, I know someone named Susan Smith. Should she be rendered unemployable becasue someone with the same name murdered her children even though she isn't that person or related to that person in any way except having the same name? I think all would agree that no of course not.

Basing someone's employability on investigating such sites which can be set up by anyone pretending to be anyone seems to me to be a very bad practice.

"NOTHING is more important in a database than integrity." ESquared

RCorrigan (MIS)
12 Sep 07 12:08
News Article re Facebook

Quote:

Employees who spend on average two hours day communicating through and pruning their Facebook page are costing employers on average £130m sterling a day, not to mention additional costs incurred by workers surreptitiously downloading videos and browsing blogs.

<Do I need A Signature or will an X do?>

harebrain (MIS)
12 Sep 07 14:18

Quote (Same article):

“The figures we have calculated are minimums and it’s a problem that I foresee will escalate,” explained Huss. “Some companies are happy to let their workers use the internet for personal use, assuming that goals and targets are achieved.
Contradicts the conclusion implied above, doesn't it?

On top of that, from The figures we have calculated are minimums and it’s a problem that I foresee will escalate, one must question the methodology involved.  My take: a self-serving, WAG.
kmcferrin (MIS)
13 Sep 07 10:06
Well, most studies of that nature are usually paid for by a company that sells filtering software, so I wouldn't give their "findings" too much weight.
Helpful Member!(3)  Dollie (MIS)
13 Sep 07 10:59
My users can complain all they want about the sites I have blocked.  If ANY, repeat ANY, of them whinge about being treated like a criminal I'd simply ask them why they were treating their WORK COMPUTER like it was their own.

I've gotten the HR perspective, and I don't agree with them.  We should call places on resumes for references, but we shouldn't be digging around through personal pages (assuming we can FIND it) on potential candidates.

They've signed usage policies.  I have no problem reminding them of that fact, and reminding them that they're being paid to do things other than watch viral videos on youtube.

OTOH, I have no problem with them going onto the machine I have set up in our lunchroom specifically for personal use during lunch. It bypasses our network and goes straight to the internet, and has no blocks on it at all.  
lionelhill (TechnicalUser)
13 Sep 07 11:06
RCorrigan's quote was someone spending an average of 2hrs per day on FaceBook and the like.

So if some people only use it 10 minutes per day, and many don't use it at all, what are the rest doing to reach that average?

Could it be that this survey is a totally random survey of completely average extremely heavy FaceBook users?
aarenot (Vendor)
25 Sep 07 9:03
Guys, and Gals,
     Realize that your employees often put in long hours, and often have to end up working from, or taking work home.   In that case they often have to use personal PC, ISP resopurces for work, so it is not that big a deal to expect a little turn around at work.   
     To prove my point, how many of you in the last week have used any hardware, ISP, software, cell phone, wireless internet connection/account, personal credit card, personal vehicle, etc. for company business?   In all reality with a strict usage policy it is not then reasonable to expect an employee to check their email, recieve, or send an IM/phone call, or research on the net for any company business from any personal access or device.   
     Be real, if your company expects to use personal resources, then shut the hell up about employees using company resources, or provide everyone a lappy, and an wireless(cellular) isp, and an extra barttery so they do not have to use home electricity to run their lappy.  

     Get real, and stop your whining, do your jobs, and deal with it.

kmcferrin (MIS)
25 Sep 07 10:48

Quote:

Realize that your employees often put in long hours, and often have to end up working from, or taking work home.   In that case they often have to use personal PC, ISP resopurces for work, so it is not that big a deal to expect a little turn around at work.  

That's not always the case.  In many professional jobs this is true, but there are also a lot of positions where it isn't possible for employees to work from home.

For example, I used to work at a hospital.  The people who usually ended up working from home were the IT department, executive team, department managers, and people in the finance department.

People who couldn't work from home because their job required resources that couldn't be provided remotely were receptionists, patient registration department, patient accounting/billing, and the entire clinical staff (which amounts to about 90% of the staff).  I suspect that there are other companies where they have call centers, data processing centers, etc, where working from home is not an option.

Don't get me wrong, I agree that in many cases it's reasonable to assume that if you're expected to occasionally work from home that you might sometimes do personal business at work.  But that's a far cry from assuming that because you sometimes use personal resources for work that you should be allowed to do whatever you want with work resources to compensate for it.

The IT department does have a responsibility to secure and maintain their environment.  The company does have a responsibility to maintain a professional, harassment-free work environment.  To meet both requirements, they can and should limit access to inappropriate or dangerous sites.  You can still use the company computer to check your bank balance, pay online bills, book your vacation, etc.  You can still use the company phone to check in with the babysitting/daycare facility, call and make personal appointments, etc.

Quote:

Get real, and stop your whining, do your jobs, and deal with it.

The reality of it is that you're not legally entitled to do anything with work resources that your employer has forbidden you from doing.  The reality is that you're at work to do YOUR job, not fart around on the Internet.  Most reasonable people will understand if you take care of some personal business at work, but that doesn't give you free reign to do whatever you want.  Finally, by restricting access to certain sites, we ARE doing our jobs.  You may not like it, but it's not YOUR job to dictate to the IT department what THEIR jobs are.
harebrain (MIS)
25 Sep 07 13:03

Quote:

The people who usually ended up working from home were the IT department, executive team, department managers, and people in the finance department.

People who couldn't work from home because their job required resources that couldn't be provided remotely were receptionists, patient registration department, patient accounting/billing, and the entire clinical staff (which amounts to about 90% of the staff).
Which demonstrates that a "one size fits all" policy is rubbish.  Developers often need greater permissions and access that isn't generally available to the rest of the workforce.  IT regularly grants itself permissions that others don't have; it shouldn't be that difficult for IT to recognize when others have similar needs.  To echo your last remark, it's not up to IT to tell me how to dumb-down my job or present impediments to getting the job done.

Deal with the problems rather than assuming everyone is a problem.  Stringent policies are usually the result of a gutless management that won't deal with problems, i.e., fire the miscreant who disrupts the workplace.

Most of us don't need a mommy or Big Brother to tell us how to behave anymore.  Anyone who does need that doesn't belong in a professional workplace.
kmcferrin (MIS)
25 Sep 07 14:17

Quote:

To echo your last remark, it's not up to IT to tell me how to dumb-down my job or present impediments to getting the job done.

I'm not sure how your job requires access to Myspace or Facebook.  I'm not saying that it doesn't, just pointing out that for the overwhelming majority of the workforce it would be unnecessary.

Also, while I appreciate that you understood the comments about maintaining a harassment-free and professional workplace, you clearly missed the part where I mentioned security.

In general, it is the company's responsibility to provide you with the resources to do the job assigned to you.  If that requires access to specific web sites, then so be it.  But the IT department also has a responsibility to protect the systems and network.  And to be honest, the average user has a great deal of trouble telling the difference between a safe web site and a malicious web site.  If someone sent your workforce an email that says "click here to see the dancing pig video" then a significant portion of your workforce will do so, and possibly install any "software" or (more likely) malware that comes with it.

Even when I'm surfing the web on my home PC, I regularly get warnings from my antivirus/antimalware software indicating that I am accessing a "dangerous" site.  Usually it's because of third-party ads that are being displayed on the site.  But if a very savvy and security-minded user like myself is inadvertantly hitting dangerous sites while browsing, how much more likely are non security-savvy users to be to hit more and worse sites?

It's absolutely reasonable and expected for a company's IT department to block access to dangerous or potentially dangerous sites.

Quote:

Developers often need greater permissions and access that isn't generally available to the rest of the workforce.  IT regularly grants itself permissions that others don't have; it shouldn't be that difficult for IT to recognize when others have similar needs.

This is irrelevant here.  We're not talking about restricting someone's security permissions in a way that impedes their ability to do their job.  We're talking about blocking access to web sites that are either dangerous, very clearly not business related, or a potential liability.

That's right, I said liability.  I don't know where you live, but here in the states people file lawsuits at the drop of a hat.

Quote:

Deal with the problems rather than assuming everyone is a problem.  Stringent policies are usually the result of a gutless management that won't deal with problems, i.e., fire the miscreant who disrupts the workplace.

I agree that it's not reasonable to assume that everyone is a problem, but it is reasonable to look at everyone is a potential problem.  When companies restrict access to certain classes of web sites they aren't doing it because they think that everyone is a problem.  They're doing it to protect themselves from "that one person."  It could be "that one person" who manages to get their PC infected with malware that multiplies and takes down the network, costing the business time a money.

It could be "that one person" who surfs porn half the day and makes female co-workers feel creeped out.  If a company allows a user to create a "hostile work environment", they could be found just as culpable in a sexual harassment suit as the individual doing the harassing.  Even if the company manages to clear it's name in a lawsuit, it still has to spend money to defend itself.

No, it's far easier and much more sensible to just use reasonable filters.  You're already filtering for malware.  Most web filters also include additional categories like "porn," "gambling," "terrorism/extremist," "illegal drugs," "hacking/cracking," "social networking," and so on.  For most lines of work there's no need to access those sorts of web sites, so why not filter them?  At the very least you're saving a little bandwidth/productivity.  At most you're saving a lawsuit.  I just don't see a downside to it.
harebrain (MIS)
25 Sep 07 15:12
No one who proposes or enforces the restriction of someone else's liberties ever sees the downside.

Here's the downside for you:  users are adopting newer, personal technologies faster than IT departments can get a handle on them.  Circumventing the IT department makes it irrelevant.  And whatever is irrelevant doesn't last.
Dollie (MIS)
25 Sep 07 15:38
In a private company, any liberties you may have at home or outside company premises do not apply.  Neither does free speech.  Constitutional liberties are guaranteed by the government, and enforced against the government.  They do not apply to private industry or individuals. (And yes, that's a topic for another thread on another day.)

Most people in IT realize that the ones who worry about security are a step behind those working to get around the security.  It's a constant battle, and it's called 'job security'.

Simply interpreted: my network, my rules.  If my users really and truly want to spend their day watching youtube videos and working on tweaking their facebook/myspace pages, I'll happily direct them to the HR department where they can turn in their resignations as they won't be able to access the sites after I block them at the firewall.  We have more than liberal policies about internet usage, but we'd still like to see people actually working while they're here at the office.
harebrain (MIS)
25 Sep 07 17:08
Anyone who believes that goofing-off is a product of the Web simply hasn't been around very long.  Lock it all up, shut it all down, those with the inclination will still do something other than work.

And anyone who thinks that all "goofing-off" is bad is wrong:  those are the activities that break mental blocks and stimulate creativity.

Quote:

In a private company, any liberties you may have at home or outside company premises do not apply.
Really?  Any?  It might be a topic for another time and place, but you are quite simply wrong.
Welshbird (IS/IT--Management)
26 Sep 07 6:57
For those in Europe, article 8 of the human rights act might be slightly relevant

Quote (CIPD):

Article 8 provides that everyone has 'the right to respect for his private and family life, his home and his correspondence'. There is a clear risk that monitoring an employee's private telephone calls or emails in the workplace could be a breach of this right. Similarly, the imposition of unreasonable mandatory dress codes or drug testing at work and the use of CCTV data may be an infringment.
Admittedly this doesn't cover Facebook (and as such is slightly off topic) but it does cover personal emails, telephone calls etc.

Fee

The question should be Is it worth trying to do? not Can it be done?

kmcferrin (MIS)
26 Sep 07 10:39

Quote:

No one who proposes or enforces the restriction of someone else's liberties ever sees the downside.

Here's the downside for you:  users are adopting newer, personal technologies faster than IT departments can get a handle on them.  Circumventing the IT department makes it irrelevant.  And whatever is irrelevant doesn't last.

I'm not sure how it is that you think that you can make the jump from restricting non-work related sites from users at work to being a violations of liberties.  That's a ridiculous jump there.

Regarding the latter, circumventing the IT department doesn't make it irrelevant, it just sets you up for trouble.  Technology does tend to advance rather quickly, which is why  companies have IT departments to begin with.  Someone needs to analyze the new technology, determine how it could affect the business direction, determine whether it can help the business be more effective, and how best to integrate the technology into their existing infrastructure and then support it afterwards.  Most end users don't think about those sorts of issues, so they tend to see IT as being "behind the times" or "getting in the way of progress."  But what they don't recognize is that improperly implemented technology also has a cost to it, and not just in the form of failure to achieve the intended results.

A good example here is in mobile messaging.  Right now the two prevalent standards are Blackberry and Outlook Mobile Access.  When the issue of mobile messaging came up at my employer we had to decide which was the best way to go about it.  We ended up choosing OMA over Blackberry because we already had all of the resources that we needed.  It's fully integrated into Exchange 2003 and Outlook Web Access, so no extra licenses were required and configuration was easy.  Also, most carriers in the US sell OMA-capable smartphones/PocketPCs.  On the other hand, Blackberry requires a separate server application which usually runs on it's own server.  Also, the number of carriers providing Blackberry capable devices is more limited.

Of course, after we selected, announced, and implemented OMA there were still people in the organization who went out and bought Blackberry devices, then got angry with us when we wouldn't support them.  Mainly they were upset because the sales rep who had sold them the phone told them that it worked with Exchange.  Of course, what they didn't tell them was that it required Blackberry Enterprise Server or a client to be installed on the PC that ran all the time with Outlook open that forwards mail over the Internet in order to get it to work with Exchange.  Which meant that even if the end users DID circumvent IT by installing the client on their PC, the "road warrior" types with laptops still never got their mail forwarded because their laptops where in their bags.

The problem is, most end users take the same sort of attitude that you do, i.e., IT is screwed up, we'd be better off without them, they don't do anything to add value.  But that's because most end users don't have the slightest idea what it is that IT departments do (and of course, there are undoubtedly a few bad IT departments).  There have been increasing regulations applied to businesses and government entities regarding data security, especially in the area of protection of private data.  When end-users try to circumvent the IT department, they compromise security.

A computer security breach at a company that results in loss of customer data, (names, addresses, SSNs and credit card numbers) could result in a huge PR issue, not to mention fines, fees for credit monitoring for their customers and legal costs.  Not to mention the legal penalties that could be imposed for failing to comply with SOX or HIPAA.

And I don't think that anyone reasonable expects that by blocking some sites they will be able to eliminate all "goofing off" at work, or all web-based security risks for that matter.  There is no such thing as a 100% effective solution for most needs, but there are some good solutions that greatly mitigate the risks and make it much harder for people to goof off/compromise the network.  Mostly it's about raising the bar.  If you can deter casual goofers, then the only people who will be goofing off will be people willing to make a concerted effort to circumvent IT policies and systems, and those are definitely the sort that you don't want around.  If you can prevent the most common (and simple) malware infection vectors, you can eliminate a huge security risk.

A great example: at that hospital where I worked our helpdesk staff was constantly having to deal with computers that were malfunctioning due to spyware/malware infections.  Users had wide-open Internet access and were downloading software (even though that was a violation of the AUP), as well as inadvertantly getting systems infected.  The Helpdesk techs were each spending a 2-3 hours a day to rebuild and redeploy systems that had been compromised, or otherwise cleaning up infected machines.  After we implemented web filtering we were able to almost totally eliminate these infections.  Afterwards they very rarely had to deal with a spyware infection or rebuilding PCs that were bricked from malware.  The total time savings for that department was nearly 40 hours per week.  That's one FTE that could be freed up to work on other, more important projects.

Why is it that you keep ignoring the security implications in your responses?  Is it because you know that you don't have an argument against it?  Because the security issue on it's own warrants use of web filtering.  You could completely throw out the argument about people goofing off, creating a hostile work environment, etc, and best security practices would still dictate that you filter web access.
Dollie (MIS)
26 Sep 07 10:51

Quote (harebrain):

Really?  Any?  It might be a topic for another time and place, but you are quite simply wrong.

This is a topic that typically comes up during election years, because there is always at least one employer somewhere that will ban a party's bumper stickers, not permit speech about specific political candidates, or something along those lines.  It also comes up quite a bit in USENET (aka Google Groups to those under 30) as well in moderated forums ("You deleted my post! You're violating my freedom of speech!").  

In a public arena, you can generally say anything you want (like a student asking questions of a senator at a major university) (Don't tase me bro!).  If an employer does not want someone espousing the pros and cons of Neo-demopublicans, a policy can be created.  This isn't a violation of the 1st amendment.  If an employer does not want loaded firearms on company property, this is not a violation of the 2nd amendment.  Just as the right to privacy isn't covered in the constitution and the Bill of Rights, the right to goof off at work and thumb your nose at your employer aren't covered either, but they are assumed rights.

Basic liberties are different from laws protecting employees from employers and vice versa.  We have laws mandating safe workplaces, threat-free workplaces, as well as sexual and racial neutrality.

Overall, it basically is the same thing as an admin saying "my network, my rules."  The business owner (or whoever runs it) can say "my company, my rules," and my grandad can say "get off my lawn you durned kids!".

I hope I didn't rub anyone the wrong way, and I certainly didn't mean to start a flame war.  I just wanted to explain my POV as far as basic liberties of an individual versus the basic liberties of a business owner.  I'm just not sure if I accomplished that, or if I went overboard with my explanation.  My apologies if i did/didn't!

And I still don't see the need for youtube, myspace, and facebook at work during working hours.  Finding other ways to goof off should be a department.  smile
harebrain (MIS)
26 Sep 07 12:47

Quote (kmcferrin):

Why is it that you keep ignoring the security implications in your responses?  Is it because you know that you don't have an argument against it?
Not ignored in the least:  you quoted it and still missed it.

When users circumvent IT by using personal technologies, you've lost the game.  Company data exists in managed servers on external services (gmail, Blackberry, etc.) and the company has NO way to protect or defend that data from malicious use or legal attacks.  Google gets subpoenaed to produce your company's data?  Will Google defend you?  What standing do your company's lawyers have?  And do you know that the French government has prohibited its employees from using Blackberries, and why?

And speaking of a "ridiculous jump:"

Quote:

The problem is, most end users take the same sort of attitude that you do, i.e., IT is screwed up, we'd be better off without them, they don't do anything to add value.
Read carefully and don't put words in my mouth.  This is not my attitude, I've simply reported what is happening.  But I do know that ham-handed management and sloppily implemented policies create problems for users and customers.  Did I say that IT is bad?  No.  But it has to get better and get over the notion that IT is in control.  It isn't.  Adopt a service mentality, rather than the common, adversarial mentality.

My last two employers had vastly different styles with respect to IT:  one was relaxed, the other was knee-jerk, lock-it-all-down stiff.  Yet the former was more secure, and the latter made it difficult to do your work.  You do the math.
aarenot (Vendor)
26 Sep 07 15:29
If it is not porn, and is a major companies site, low risk, it should be allowed.   If not, dont call me on my personal cell phone, expect me to access email from home, or the web from home, plug a lappy into my home power, or use any personal device for company business including charging the company cell phone in my power port in my car.   After all, my network, my rules, including my cellular network, and power distribution network in my home or car.

kmcferrin (MIS)
26 Sep 07 16:17
Harebrain:

Quote:

When users circumvent IT by using personal technologies, you've lost the game.  Company data exists in managed servers on external services (gmail, Blackberry, etc.) and the company has NO way to protect or defend that data from malicious use or legal attacks.

I think that this is a completely different issue than blocking access to non-work related sites.  If you lock down the work environment to secure data, that's one thing.  But it's not the same thing as not providing employees with the tools to do their jobs, which is what you seem to be saying is what will cause users to circumvent IT.  It's also not the same thing as not keeping up with technology, which seems to be the other thing that you claim will cause users to circumvent IT.  Not that you don't have a valid point there, but I don't see a connection to blocking Myspace and Facebook from work systems.

aarenot:

Quote:

If it is not porn, and is a major companies site, low risk, it should be allowed.

That depends on what you mean by "major company".  Most of the online casinos are major corporations.  Ebay is rarely work related, but it's a major company.  Same with Myspace, Youtube, and Facebook.  For that matter, World of Warcraft and other MMOG sites are owned by major companies, but I'd prefer that my employees work most of the time.  Don't get me wrong, as I've said it's beneficial in most cases for employers to look the other way when it comes to a certain amount of personal business done on company resources, but that's still not a blank check.

Quote:

If not, dont call me on my personal cell phone, expect me to access email from home, or the web from home, plug a lappy into my home power, or use any personal device for company business including charging the company cell phone in my power port in my car.   After all, my network, my rules, including my cellular network, and power distribution network in my home or car.

You can take that attitude, but I think that most professionals understand that there's a certain amount of flexibility involved in their professions, especially IT.  People who are unwilling to be flexible when needed undoubtedly find it more difficult to attain gainful employment.  It's easy to be militant about something online, but when push comes to shove and it comes down to keeping their job, most people opt to be flexible.

Don't forget that in many cases being able to work from home is a benefit to you.  If you don't want us to call you on your personal cell phone, we'll issue you one and you'll have to carry two phones.  If you don't want to use the company laptop on your home power or ISP, that's fine.  But if a server has issues in the middle of the night you will be expected to drive into the office and fix it rather than connecting via VPN.

So it does work both ways.
harebrain (MIS)
26 Sep 07 18:49

Quote (kmcferrin):

It's also not the same thing as not keeping up with technology, which seems to be the other thing that you claim will cause users to circumvent IT.
If you got that from anything I've written, you're reading way too much into it.  As I've admonished before, don't put words in my mouth.  This is obviously a hot-button issue, and people are bringing a lot of baggage with them.  (I admit it: so am I.)
Dollie (MIS)
27 Sep 07 9:29
So basically this ends up being the OP's, and individual administrators, decision as to whether Facebook, YouTube, and MySpace are allowed or blocked.  

Hopefully chriscboy is still with us and has been able to make the best decision for his specific company and will be able to decide the merits of the arguments of liberties, conduct, and whether or not goofing off should be an acceptable form of work.

noevil

Cheers!
harebrain (MIS)
27 Sep 07 13:02

Quote:

Hopefully chriscboy is still with us and has been able to make the best decision for his specific company and will be able to decide the merits of the arguments of liberties, conduct, and whether or not goofing off should be an acceptable form of work.
Arrgh!  And whether the future of IT at YOUR organization includes YOU and IT as YOU know it.

(Note to self:  get 2x4, whack mules.)
Helpful Member!  GLComputing (IS/IT--Management)
28 Sep 07 22:45
We were forced to look at this after a staff member at a friend's business started a Sexual Harassment action because of videos another staff member was downloading and playing... the matter did get resolved without to much pain, but it made us look at the risks.

There is also the issue of someone from your network posting something that might be illegal, questionable or even something that is a corporate secret.

As well, the increased threat of malware from some of these sites creates an additional risk and increased work for you.

We now block all "social" Web 2.0 sites and IM producs (and web sites that allow you to IM without the product) ... we can then grant access to any user who has a specific and legitimate requirement

As an additional benefit, it's surprised us how much bandwidth was being used on these videos, etc that is now available for work.

Not one of the staff has expressed a problem with this as we explained the reasons to them once the decision had been made

I believe in the princple of BOFH

Regards,
Mike Lazarus
ACT! Evangelist
GL Computing, Aust
www.GLComputing.com.au

IRLASCHU (IS/IT--Management)
30 Dec 07 7:44
All blocked here forever and any new sites that will come online in the furture I intent to block with no exceptions.

GLComputing (IS/IT--Management)
30 Dec 07 8:00
Interestingly, I read recently that quite a few businesses are having to allow Facebook, etc in order to attract/keep staff (especially the younger ones).

This is further shown as being relevant be virtue of RIM adding a free Facebook applet for Blackberry smartphones which are primarily business devices.

Many younger people now prefer WEB2.0 and IM over email or SMS for communicating and this is likely to be a continuing trend

Times change and those in IT need to really work to make the access secure... both from incomming attacks and users posting internal information in social.

Not sure how long IT can dictate these decisions once LOB managers decide to either use them for business or offer them as a benefit.

From a security perspective, burying our heads in the sand means we won't be prepared when (not if) these become standard practice for business users.

Even this site has WEB 2.0 facets in that the content is produced by we users... there is a risk that even here a user could post something they shouldn't or spend to much time readin threads with marginal relevance.

Regards,
Mike Lazarus
ACT! Evangelist
GL Computing, Aust
www.GLComputing.com.au

aarenot (Vendor)
30 Dec 07 12:18
KMC,
     I think you turned my message around somewhat.    There are policies, and they are able to be made flexible for people who have to sit round at night waiting in an empty office in the server room.
      My statement also had all inclusive conditions which included low risk as one item in a list, and you singled out "major company" forgetting "low risk" as one of the qualifiers.   

     Oh, and let us be real.   Working from home is a benefit to the employer after hours because it allows the company to not have 24/7/365 on site staff to handle issues that would otherwise stop business.   Without remote access the IT department would have to fund on site staffing, security, and supervision.   Otherwise, if the employee would have to be contacted, go home to pick up any needed items, then commute to the office( 1.5 hours drive?), maybe three hours to arrive at the office they would just have to add some staff in IT on the clock in shifts 24/7/365 at least in an IT control center role.   So do not give the BS of saying it is a benefit to the employee to be allowed the honor of working from home at 3 AM.   In that situation a laptop with wireless ISP from a cell company at the companies expense is not out of line in any way.   It is flexible enough to even bring the stupid lappy with you to Christmas dinner at grandmas dude.  

     If you are trying to sell being allowed the honor to remote access from home at 3 AM is something I should be grateful for, NO SALE!   It is a staff reduction tool, not a convenience for me, and without it the now laid off overnight IT guy would just have to handle it.

GLComputing (IS/IT--Management)
30 Dec 07 12:32
On the note of remote tele-commuters, I remember when ACT! 2.0 for DOS first allowed sync nearly 20 years ago, one of the early clients (AT&T) purchased about 100 licenses and laptops for a number of sales teams and closed those offices. The reps worked entirely on the road... appearently, they save a fortune in rent and it was a significan success.

The tools to do this have imporved greatly since then... they can do essentially the same with a Blackberry (instead of a notebook) - but you still need to report on the work done and ensure the users are still doing the same work.

Obviously, with IT staff, the late night shift can provide nearly the same performance unless the internet goes down.

How this would work for others depends on the type of work, the responsibility of the users and the corporate culture.

Regards,
Mike Lazarus
ACT! Evangelist
GL Computing, Aust
www.GLComputing.com.au

IRLASCHU (IS/IT--Management)
30 Dec 07 13:44
Hi all,

I think there are two distinctions here?

1) Whether the IT Department block content from the web should be viewed in only the IT perspective.  Does it protect the network?  What threats are being stopped and does it bring down even bandwidth usage etc... Are these Technology needed for the business?  Maybe a Director needs to review this?

2)  If emplyee are unhappy about content they cannot view and then refuse to work from the home-office that is a company operations problem and not the IT Department.

As long as the IT Department have good justified reasons in the interest of the company why content is being block then maybe the operations manager (managing Director) needs to review all the facts and maybe restructure how the company is run and not point the finger at IT.

IT is there to help and not play cop and wait to catch people.

Alex
aarenot (Vendor)
30 Dec 07 21:16
Whether or not someone is working, or playing on the internet is not IT's concern, but the employees supervisor, or manager.   So get over this argument, it is not an IT concern, some managers permit more than others, and it is their call.
Whether or not the employees have access to the internet, or any portion of is not IT's concern other than to carry out the orders of the upper management.  SO get over this being an IT issue, rather than a policy issue decided by management which may or may not be within the veto powwer of the IT director.

Is it IT's job to communicate the concerns, costs, needed equipment, software, staff, etc. to implement managements instructions, YES.   

The only limiting factor within IT is whether or not it is possible with existing technology, not how hard it is to deal with.   

IT is customer service, the customer is everyone else in the company not the other way around.   Customer service advises, serves, takes instructions, and passes on the cost to the customer.   They do not refuse to do things because it will not be convenient, if it was not an inconvenience we would not get paid.    



kmcferrin (MIS)
31 Dec 07 10:46

Quote:

So get over this argument, it is not an IT concern, some managers permit more than others, and it is their call.

This may be the case at your company, but it is not the case at all companies.  At many companies the upper management or HR department sets the rules rather than the department manager, and with good reason.  You can't have every department manager independently deciding what is and is not appropriate.  Not only is it unfair to hold people in different departments to a different standards of "professional conduct," it's a legal timebomb.  All it takes is one person to be disciplined or dismissed for something that was let slide in another department, and there's a lawsuit.  God forbid if the dismissed person was a minority.

In ten years of consulting I have never worked for or with a company that did not have an IT policy that stated that IT resources were for business purposes only.  That policy may have been more strictly enforced at some places than at others, but they all had it.

And while I do agree that usually it is a policy that is determined by upper management, usually IT is consulted (or should be consulted) in the creation of the policy because there are certainly implications for the IT department.  I've brought it up several times before, but there is a IT security component to web filtering.  It's part of using industry standard best practices to protect the assets of the company.  You want to eliminate as many unnecessary compromise vectors as possible, and filtering web content is a good way to do this.

Quote:

IT is customer service, the customer is everyone else in the company not the other way around.   Customer service advises, serves, takes instructions, and passes on the cost to the customer.   They do not refuse to do things because it will not be convenient, if it was not an inconvenience we would not get paid.

I disagree with that too.  IT is not customer service, it's IT.  If you're on the helpdesk or an outside vendor then there is certainly a customer service component, but your hands are tied by the technological and policy environment.  If you work in the IT department for a company the "customer" is not always right because the needs of the "customer" (aka, end user or department) have to be balanced with the needs and goals of the company.

I really don't understand why you're so vehemently opposed to companies deciding to limit Internet access for their users.  It offers an additional layer of technological security, it offers a degree of legal protection against unnecessary lawsuits, and it also removes one more unnecessary distraction from the work environment.  It just makes good business and policy sense, and the only argument that I've heard against it is the semi-hysterical "if you treat people like criminals then they'll leave" argument.  I don't think that really holds water though since a) it's not treating someone like a criminal to filter their web content at work and b) most people aren't going to quit a job just because they can't surf Myspace at work (or at least not the sort of people that you would want to keep anyway).
CajunCenturion (Programmer)
31 Dec 07 11:06
==> If you work in the IT department for a company the "customer" is not always right because the needs of the "customer"
I think the point that aarenot was trying to make is that from the perspective of IT, the customer IS the company.  IT's role is one of support -- to support the company through the use of technology.  IT supports the HR department, the sales department, the inventory department, and management as well.  IT supports virtually every department within the company.  I think aarenot is also making what I consider a valid point that it is not IT's responsibility to MAKE or dictate policy, but rather, to enforce policy.  I do not believe that IT should be deciding what is or is not permissable.  And I think, to a large degree, we're all in agreement.

Quote:

At many companies the upper management or HR department sets the rules rather than the department manager, and with good reason.
As it should be.  Upper management sets the policies, and with respect to technology, IT implements them.  IT's concern is not with making the policy, but enforcing it.

That does lead to the question in cases where there is no company wide policy for internet access.  Does IT have the authority to impose an internet policy over the entire company when senior managmenet has not declared that such a policy exists?  I think not, because that is not IT's job.  Further, it may be intentional that upper managment has not established a policy.  However, it is very much a part of IT's job to advise upper management why there should nor should not be a policy, and the benefits and dangers of either approach.  But in the final analysis, IT is not a policy making department, nor should it be.

--------------
Good Luck
To get the most from your Tek-Tips experience, please read
FAQ181-2886: How can I maximize my chances of getting an answer?
As a circle of light increases so does the circumference of darkness around it. - Albert Einstein

GLComputing (IS/IT--Management)
31 Dec 07 14:34

Quote (CajunCenturion):

IT's concern is not with making the policy, but enforcing it.

IT should also be up to IT to be pro-active in advising those who make the policies about the security and costs involved in various options before they become an issue

Regards,
Mike Lazarus
ACT! Evangelist
GL Computing, Aust
www.GLComputing.com.au

aarenot (Vendor)
31 Dec 07 14:49
KMC,
    First of all if the supervisor, or manager is directing employees in opposition to upper management set policies, that is a management issue which needs to be dealt with.   The issue in that case is not with the employee, but with the supervisor or manager intructing employees in violation of company policies.   So that is not an IT issue.   I am not saying it is not an issue, and although your knowledge of the pitfalls of setting company policies may be considerable it is possible that company counsel may be better suited to determine policy in regard to these areas.   For all you know the upper management may be trying to establish a pattern of disregard for company policy in order to justify a termination, and therefore letting it slide for documentation purposes to be presented at a later date.

     Just like any other department, employee, entity in a company, IT is there to do as they are told.   Follow procedures, and give feedback in a responsive, and sometimes pro-active  way about company concerns, and policies within their area of subject matter expertise.

     Setting company policies is within the upper management area of responsibility including within IT related functions.   While good upper management will listen to their IT staff in regard to areas they are qualified to determine, the final decisions are with upper management, not IT in most cases.  

     Cajum Centurion seems to have the spirit of what I am saying in regard to IT's role.   The idea of everyone who uses, the product of your efforts as being the customer is not so new to other than IT mindsets, but it seems to be within IT.   The janitors customer is the IT guy taking a crap, and IT's customer is the janitor who orders the arse wipe over the network so the janitor can keep his customers hands clean.   The customer may not always be right, but it is the person whom we serve whether an internal, or external customer.   

     You may disagree, but if XYZ porn incorporated sets a policy to allow viewing porn over the web, it might just be so they can do quality control on their own web site dude, and may have a valid business objective.   LOL

kmcferrin (MIS)
31 Dec 07 14:56

Quote:

I do not believe that IT should be deciding what is or is not permissable.  And I think, to a large degree, we're all in agreement.

If you don't think that IT has a role in determining what is or is not permissable then we are not in agreement.  The policies at a company are usually set by upper management with input from numerous departments.  Legal gets to weigh in on issues where liability could come up.  HR gets to weigh in on matters where their expertise is relevant.  IT also should weigh in on areas involving technology.  Because IT has become so prevalent these days, I think you'll find that our interests cross the boundries from simple security into legal and HR protection as well.  Also, because we are experts in the IT field we will undoubtedly have legitimate concerns that should be addressed through policy, and because other people who help set policy are not technical experts these concerns usually are not addressed until/unless IT brings them up.

Now there is a particular subset of people who are of the mindset that IT is customer service, that their purpose is to support the company, and that they could be treated like facilities or a utility service.  In other words, they feel like they should tell IT what they want and IT should implement it.  But when you think about it the problem with this mindset quickly becomes obvious.  While everyone may know what sort of office/cuble layout works for them, or where they need power outlets, or how many bathroom stalls there should be, the average employee or manager really has very little grasp of the subtleties of IT.  If we were to let various managers and departments choose their own path then IT support would be a nightmare with different hardware, software and training standards.

That's why IT has to bring their expertise to bear and steer the technological ship.  Department managers don't dictate to HR what benefits their employees should get, neither should they dictate to IT what services the company should provide and support.

Now we're not the only people who are talking about this.  In the past 5-7 years there has been a big push in the industry to get CIOs a seat at the big table.  Even though they have a C-level title, for the longest time they were considered below the CEO, CFO, etc.  But what companies are beginning to discover is that IT isn't a simple utility like facilities or water, but a key asset and a potential competitive advantage.  If a company allows IT to take a leadership role in areas where they have expertise, they can work with the rest of the company to define a long-term technology plan that becomes a competitive advantage.  These companies tend to meet with much more success that companies who look at IT as subservient to other departments.  Companies that do not embrace IT and the capabilities that they can provide typically find themselves unable to compete with companies that do.  And when I say embrace IT, I don't mean "make sure everyone has a computer with network access on their desk."  It's the difference between looking at IT as a partner or as a servant.

I'm firmly in the "IT as a partner" camp, because I have worked for and with companies on both sides of the coin.  I've seen companies that embrace and partner with IT flourish, and I've seen companies that were run into the ground because they didn't.
kmcferrin (MIS)
31 Dec 07 15:03

Quote:

Setting company policies is within the upper management area of responsibility including within IT related functions.   While good upper management will listen to their IT staff in regard to areas they are qualified to determine, the final decisions are with upper management, not IT in most cases.

Looks like we were posting at the same time, but it's interesting that you would say that.  Your saying that it's not IT's responsibility and that it is upper management's responsibility is exactly the mindset when I was referring to when I mentioned the CIO not getting a seat at the big table.  The CIO is (or should be) upper management.

Quote:

Just like any other department, employee, entity in a company, IT is there to do as they are told.   Follow procedures, and give feedback in a responsive, and sometimes pro-active  way about company concerns, and policies within their area of subject matter expertise.

And that statement just underlines the "IT as servant" mentality rather than "IT as partner".
CajunCenturion (Programmer)
31 Dec 07 16:17
==> If you don't think that IT has a role in determining what is or is not permissable then we are not in agreement.
Please, let's not take things out of context.  In my post of 31 Dec 07 11:06 I said, "I do not believe that IT should be deciding what is or is not permissable.".  In that same post I think I was pretty clear in saying "However, it is very much a part of IT's job to advise upper management why there should nor should not be a policy, and the benefits and dangers of either approach.".  There is a big difference between deciding the policy and advising those who make policy.

Whether or not the CIO is part of the upper management team is a matter of corporate culture and has no bearing on my position.  It's not IT's job to set policy.  It is IT's job, just like every other department, to offer advise to those who set policy, and then to carry out the decisions.

--------------
Good Luck
To get the most from your Tek-Tips experience, please read
FAQ181-2886: How can I maximize my chances of getting an answer?
As a circle of light increases so does the circumference of darkness around it. - Albert Einstein

aarenot (Vendor)
31 Dec 07 16:27
KMC,
     It is my opinion that only servants contribute in any elevated levels to any organization.    

     The biggest servant happens to be in no uncertain terms the biggest leader in any organization.

     Therefore the mindset of IT being a servant elevates them rather than lowers their value.

     Only by serving others within an organization can one contribute beyond their own finite ability to add value.

aarenot (Vendor)
31 Dec 07 17:09
KMC,
     I may have a different idea of things than some do.   I also have a differing set of experiences than most.   15 years of management experience, leading groups in business, as well as volunteer organizations, thousands of hours facilitating meetings, and teams at various levels including ones involving multiple C-Level members of the teams, groups, and meetings.   I was not at, or near a C-level position, but they did see that I was able to serve the interests of the group, and the organization.   

     Most of the C-Level members knew they were there to serve the needs of others to acomplish the goals of the group.   Sometimes that is done by influence, other times by the other less effective ways.
     My facilitating meetings changed my perspective on what a leader is.   As a facilitator I did not contribute ideas, labor, statistics, hard products to the meetings or the group in any major way in a traditional sense.   What I did do was more along the lines of Synergy.   Trying to draw out from all areas the unique perspectives, abilities, and ideas to serve the group as a whole in tackling their problem.   
    My problem was not the problem they were dealing with, my problem was to get them to work toggther using all of their resources without regard for anything except working together.   
     Serving is just a mature way of contributing beyond the simple inside the box mentality.

     So if you can see where I come from, the participation of all those with subject matter expertise including business goals, IT concerns, knowledge of the area which the technol;ogy will be used within, and thus impact is all desired by the proccess.   

     I would agree that a CIO sitting at the big table can SERVE a company well, as long as that CIO knows his place there exists because of his ability, and willingness to serve the group.

    

Dollie (MIS)
2 Jan 08 10:39
One thing I've done in recent months is customize my blocked site message displayed by the firewall when someone is trying to access a site that I've blocked with management's blessing.

The user now sees "This site has been blocked at the request of management.  If you feel that this is preventing you from doing your job, please contact your manager and have them submit a request to IT for access."

I haven't gotten a single request.  Not one.  Could it be because Facebook, MySpace, and YouTube are non-productive?

surprise
kmcferrin (MIS)
2 Jan 08 10:55
I have always used a similar custom message when blocking sites.  Very rarely did I ever get a request to unblock a site, and they were always very clearly work related when I did get them.

But back to the argument, I was thinking about this yesterday afternoon and came to the conclusion that I believe that we're having a misunderstanding due to semantics.  For example:

I work for ACME Company.  I tell the CEO that we need an IT or Internet access policy, and that the policy should say X, Y, and Z.  The CEO and legal department both say "OK."  Who has set the policy, IT or upper management?  I would submit that IT is the de facto policy setter here, whereas the CEO/Legal are the de jure policy setters.  I suspect that is probably the root of our contention.
Dollie (MIS)
2 Jan 08 12:04
kcm,

I think this will depend on how the company is set up.  In smaller companies, IT may very well write its own policies. In larger companies (those with more than 1 level of management), usually IT will write up the suggested policy, then management doctors it, IT re-writes it, and if it exists, the legal department will put its stamp of approval on it and get it over to the HR department.

There's nothing global on how this should be done, which makes all of our jobs more interesting sometimes.

In my small and growing company, I am usually the one keeping on top of current issues and making policy suggestions.  Our website blockages didn't constitute a new policy as the "business only" statement is in the computer use policy.  Because of the recently graduated nit-pickers (who's teaching this stuff?), we will probably have to take a broadly worded policy and start giving them lists of what they can and can't do, to the letter.

Sigh....

aarenot (Vendor)
2 Jan 08 17:18
I have the company IP's blocked on my home network for security, and IT policy compliance purposes.   Since I may not be able to afford the proper IT professionals to keep my systems safe, secure, updated, and within company policies for such I would not want to access the company network from home, LOL.

Just kidding.   I use my lappy so I dont have to bother with the IT policies on my own PC's.   Since I run Windows Me at home, I dont need AV cuz they dont write viri for them anymore.  

GLComputing (IS/IT--Management)
2 Jan 08 17:44
Windows ME was a virus...

Regards,
Mike Lazarus
ACT! Evangelist
GL Computing, Aust
www.GLComputing.com.au

aarenot (Vendor)
2 Jan 08 18:44
Like MS writes an OS that is not a trojan anymore.   I was kidding about Me, I sent my last Me machine to XP a few years ago.   


Dollie (MIS)
7 Jan 08 14:00
Speaking of trojans, virii, and other creepy crawlies...

Here's another good reason to not allow facebook near your network:  http://www.news.com/8301-13577_3-9843175-36.html

I have also found some great whitepapers on the risks of social networking sites, and how we have a new generation of workers that "demand" access to these sites while working.  I'm dreading meeting these people.

This brings up another question or two (I guess this is keeping with the original thread)... what are non-IT related reasons to keep these sites out of the workplace?  Are there truly any good reasons to let work-users utilize these sites during work hours (unless you work at one of them, of course)?
kmcferrin (MIS)
7 Jan 08 16:35
That's hardly the first case, and definitely won't be the last.  You should see some of the malware that's floating around on MySpace.
GLComputing (IS/IT--Management)
7 Jan 08 16:47
But that's not limited to Facebook and similar sites... the security software vendor CA's web site was hacked and directing users to a malware site http://www.arnnet.com.au/index.php?id=1200866811&;eid=-4152

Regards,
Mike Lazarus
ACT! Evangelist
GL Computing, Aust
www.GLComputing.com.au

aarenot (Vendor)
8 Jan 08 9:35
CAN it be done is a question in which IT is really nearly the sole, and primary authority.   This is in terms of technology capabilities.

SHOULD it be done is really not a question in which IT is really the sole authority, but a valued resource in making that decision.      

Is tek-tips a social networking site?

kmcferrin (MIS)
8 Jan 08 10:00
Yeah, I saw that report on the SQL Injection exploit that hit about 70,000 sites last week.  IIRC, there was a second wave this weekend.

But those sorts of things are a little more difficult to pull off as they require an exploit.  With a lot of social networking sites you are allowed (even encouraged) to publish your own code, which makes publishing malicious code almost trivial.

Still, either sort indicates a clear case where some sort of web filtering needs to be implemented, even if it is just anti-threat rather than content filtering.
aarenot (Vendor)
8 Jan 08 13:22
I am positive that this thread has contributed to the bottom line of every company which the posters, and readers work for, LOL.   All the individuals that have read, or posted on this thread are obviously not working on what it is they are supposed to be doing for the bottom line right now.

You can offer the lame response that it adds to your general IT knowledge, or overall big picture perception, LOL.  

You might actually admit that this thread has been no more productive toward the bottom line, other than as a temp distraction to help you focus better afterward, than did some employees quick break on facebook, or ebay.   

Sorry dudes, but it does seem a bit hypocritical to be discussing this on company time on this social networking site, or any site assuming we are supposed to be actually working.    Spare me the "this is work" argument.

Let me exclude those who have been assigned to research what tek-tips members think about this subject.

kmcferrin (MIS)
8 Jan 08 13:42
aarenot, I have often wondered what kind of company you work for because you seem to have some very odd ideas of what constitutes appropriate use.

For the record, my company does encourage professional development through training, certification and networking with other professionals.  We run several SIGs for various technologies and knowledge areas, and our company encourages and reimburses us for membership in job-related professional organizations.  Discussing technology-related questions here during work hours (for those times that I do post while at work) is clearly networking with other professionals.

Granted, you claim that this is a "lame response" because you don't like it, but it by no means invalidates it.

Quote:

You might actually admit that this thread has been no more productive toward the bottom line, other than as a temp distraction to help you focus better afterward, than did some employees quick break on facebook, or ebay.   

Even if the above were true (and I'm not sure it is), Tek-Tips is still far more relevant to what we do professionally than Facebook or eBay.
Dollie (MIS)
8 Jan 08 14:21
Considering this thread has been running since 9/7/07, I'd say that it has been beneficial to me, and quite possibly others.

I've been able to show my co-workers what other professionals (?) in similar fields think about the usage.  I've been able to bring up some pretty good arguments for, and against, blocking social networking sites.

It's been an opportunity to discuss issues that no one here at work used to be interested in.

Oh, and Tek-Tips is more than allowed on my office network.  This site has saved my kiester (sp?) in more ways than one, and has proven to be one of the better sites to find true professionals who know something beyond their certifications. But then, it is a professional networking site and not a social networking site (ie, no pouty pictures of a bunch of guido-wannabees, no "i'm sad because my stuffed bunny died" blogs, and very few flames, etc.)
aarenot (Vendor)
8 Jan 08 14:39
kmc,
     Third party providor of consulting, and services, varying sectors including some fortune 500's.   Having worked for organizations from the porn, gambling, politics end of the world to the non-profit charitable org end, I guess I have seen some greatly varying philosophies on what is appropriate use.
     I let management decide what is appropriate use since that is their job duty, not mine, or anyone elses.   At some of my customers did that include surfing porn sites, yes?   If they deem that appropriate, guess what, then it is company policy, and not my decision.   Advertising compnies with their creative depts, I have seen them be on a seperate network because management decided they wanted no limits on their web surfing.   Again their call, not mine.
     Owners who want to surf live chats with live video of the pay per minute ilk, their call again, not my business.

     So, yes my idea is somewhat flexible to say the least.  

You may be right about tek-tips relevance in general.   Some employers may even consider some of the topics appropriate for some of the employees they employ.   Some people may also only go on TT in those topics that would be deemed appropriate.   Some may only spend the amount of time in a topic which their employer would deem appropriate as well.   Some may have even sought the aproval of their employer for their TT activities.   Some may never waste any company time while here in TT's.   Some employers might have no problem with an employee seeking help in TT , but not to spend time offering help back in TT.

I am not making a statement KMC that is meant to be specific to you, but rather to the group in general, and I think some would admit they are not really being productive in this topic any longer, or in many of the topics they participate in.   Not in a way that would be heralded as great use of paid time anyway.

There are exceptions to that I am sure, but many are just wasting company time.



     

vpneloh (TechnicalUser)
9 Jan 08 11:43
What kind of oppressive places do you guys work at?  Are these sweat-houses in Cambodia or Prison Camps in Eastern Europe?  Adults should be able to check their personal emails and surf the net every now and then.  Breaks?  Break rooms with a computer for personal use?  Are these Customer Care Centers or Walgreens employees?  In my experience, you have access to the internet when you get a real job where you are respected as an adult and you get your work done...even with the horrid availability of distractions!  Jeeez.
Dollie (MIS)
9 Jan 08 12:56
Wow.  I actually work at a place that pays me to do things for them.  I use that time to ensure that other people we pay to do things for us use their time to do those things, instead of worrying about how many people have rated them hot or not.  I had no idea that putting something as dastardly as a laptop outside our network in the break room would have our office resembling a sweat shop/prison camp. I'll be sure to remove it and place a padlock on the break room door to keep the cretins out!

cannonpc2
aarenot (Vendor)
9 Jan 08 14:04
LOL,

     Just to make sure my poetic license is clear from previous posts.   

     I do not feel that an employee has the right to demand the use of company resources for personal use any more than the company has the right to demand personal resources for company use.

     That also does not mean that I feel an employee should be using company time to accomplish personal activities, any more than I think that that the company should be using employees personal time to accomplish company activities.

     It does go both ways.   Thing is when the company is stealing from the employee it is called the employee being flexible, and when the employee does the same thing, they are called a thief.   There are not two standards here, and the ones that think there are two standards are co-conspiritors, sometimes after the fact.
     

SQLSister (Programmer)
9 Jan 08 14:28
this is not totally true
"Thing is when the company is stealing from the employee it is called the employee being flexible"
what it really is
"Thing is when the company is stealing from the employee it is called good management"

"NOTHING is more important in a database than integrity." ESquared

aarenot (Vendor)
9 Jan 08 15:15
SQLSister,
     You are so steadily a quite practical poster with a secure business management sense.  I say this from the point of view of the recipient of the purchase price of my own business more than once, and that of a current small business owner.   I therefore find it quite perplexing that you would only find a variance from the standard of truth simply in that I did not call a good manager a thief.


     You seem just a bit radical in your views. LOL   Your tag line is also quite humorous as it apparently does not apply to what in common opinion is important in a manager.   Ethics is such a fun twisted flag in the wind.  

SQLSister (Programmer)
9 Jan 08 15:54
Perhaps I've been subjected to too many "good managers" through the years.

Thank you for the nice compliment. I think it comes from almost ten years of performing efficiency studies. It gives you an insight into how organizations actually  work, how they are supposed to work (or how senior managers think they do work) and why they don't work.

"NOTHING is more important in a database than integrity." ESquared

Opieo (Programmer)
9 Jan 08 15:59
   I am still young in the workforce compared to the number of years I will spend here, but I work hard.
   I get everything done that I am supposed to.
That is what I figured they pay me for.
   I don't really view it that they just pay me for 40 hours of my time a week (excluding travel time to get here and back).
   I work really hard for a while and then take a little time to unwind. Not quite a long as a smoke break equivalent, but still it is some time when I am not really doing anything productive for the company.
   I honestly feel that if I did not take these tiny unwinders that my productivity would decrease throughout the day. I have experienced that a few times when the work was heavy enough that I got no such tiny breaks and had to stay a couple hours over. Getting my mini breaks and the company treating me nicely as well as showing appreciation make me willing to stay over on the rare occasion it is needed.
   In return rather than having me use a full day off when I have to go to the dentist (just an example, its only twice a year) I can just leave an hour early and it is all good.
   I have picked this philosophy up partly because it is how I feel, and it has been reinforced by my current boss, since that is how he views it.
   I am sure not all managers would view it this way.
For the place I am at now, that is how it is, and I must say I am quite happy. =)

   I do understand the other side of the argument, I just do not fully agree with it. But if the employees are failing to get their job done on time because of these distractions, then I would agree with the other side and say sure, clamp it down.

(For reference pretty much half the internet is blocked from where I work right now, but that is okay with me, I have a window I can look out when trying to relax a little.) =)

~
Chuck Norris is the reason Waldo is hiding.

aarenot (Vendor)
9 Jan 08 18:01
Happy feet dance

jsteph (TechnicalUser)
20 Mar 08 16:19
We are looking at an add-on to our ISA server which will give--on a per-user basis--a configurable daily quota of internet time.

It could be full-open internet, or, say 30 min. of any of a selected group of sites, such as Hotmail, Yahoo, and those mentioned above.  When the user is done with their quota, then the sites are inaccessible to that user.  We currenly provide several kiosks in our lunch/break room, where users log on and have internet access.  This add-on will just give us more control while still allowing what are really becoming basic needs.

In this day and age, it's way too confining to restrict something that is such a natural part of most peoples lives.  In the past, I recall people were always able to make personal calls at lunch time on breaks, so I don't see much of a difference with allowing personal email breaks.

--Jim
StuTheNetTech (IS/IT--Management)
27 Mar 08 16:30
I have been in the IT fieled for 6 years professionally and I have seen the way that company's and governments are going. In the military sites like facebook are banned. and if you ban facebook for being a productivity killer you have to ban every casino site, ebay site, local classifieds, etc etc...the company i work with now left all these sites open and does not restrict access to anyone. I find that administrating this network is a lot easier now because your day is not filled with firewall requests. all in all facebook and myspace, not productivity killers but merely time users, not to mention the valuable marketing and sales potential of a site like facebook or myspace. that's all i have to say about that. Have a great day.
wahnula (TechnicalUser)
30 Mar 08 20:10
Interesting survey released last month on this topic:

http://press.amanet.org/press-releases/177/2007-electronic-monitoring-surveillance-survey/

Quote (AMA survey):

E-Mail and Internet-Related Terminations:
The 28% of employers who have fired workers for e-mail misuse did so for the following reasons: violation of any company policy (64%); inappropriate or offensive language (62%); excessive personal use (26%); breach of confidentiality rules (22%); other (12%).

The 30% of bosses who have fired workers for Internet misuse cite the following reasons: viewing, downloading, or uploading inappropriate/offensive content (84%); violation of any company policy (48%); excessive personal use (34%); other (9%)

Another good snippet:

Quote (AMA survey):


Computer monitoring takes many forms, with 45% of employers tracking content, keystrokes, and time spent at the keyboard. Another 43% store and review computer files. In addition, 12% monitor the blogosphere to see what is being written about the company, and another 10% monitor social networking sites.

Of the 43% of companies that monitor e-mail, 73% use technology tools to automatically monitor e-mail and 40% assign an individual to manually read and review e-mail.

This business of keylogging is a surprise and a bit of a shock to me.  I guess it's the path of the future, ethical or not.  Companies want to see how their workers behave on company time and on company equipment.

Tony

Users helping Users...

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close