One of the touchiest subjects concerning the use of technology in any workplace has got to be the policies concerning social media use and private account use. With the rise in popularity of bring your own device initiatives, some managers and supervisors have wondered about the legality of blocking certain websites or issuing mandates against certain online behaviors in the workplace. But there are plenty of good reasons to have a cautious policy in place, and even better reasons to make sure that everyone is on board.

Part of the goal of National Cyber Security Awareness Month is to make sure that companies have sound antivirus and anti-malware software in place, but also that they’re protecting their networks through clear policies on workplace cyber safety.

The very first problem with internet policies in the workplace might be the way they’re presented. Instead of focusing on the need for protecting valuable equipment, keeping IT protocols secure, and protecting employee and customer data, too often these policies spread a different message: you’re a lazy employee who would play on Facebook all day if we weren’t watching you.

If there’s an employee in your company who would spend hours at a time engaging in personal use of social media while on the clock, you have a problem that an internet filter won’t solve. Block the social media sites, and it will be solitaire or Candy Crush instead. But creating an environment in the workplace that practically accuses the entire staff of being dishonest isn’t the approach you want to take, especially not when your technology and sensitive data are at stake.

Simply outlawing or blocking social media, YouTube, personal emails, and similar internet use obviously sends the wrong message throughout your company. It’s hurtful and a largely inaccurate description of your workforce. Unfortunately, that seems to be the tactic that too many bosses take with social media use, while ignoring the very real purposes that social media serves. Now that sites like Facebook are a significant part of our culture, schools and teachers send messages to their class groups through the site, companies send out one-day-only specials through their pages, even news outlets and law enforcement agencies send out important updates through messages posted to their walls. Simply stating that social media is forbidden on company time is not only degrading and disruptive, it can lead to “sneaking” behaviors.

Once someone discovers a way to go around an internet filter or uses his or her own device to access a site on the company’s network, then the real trouble can begin. That’s when antivirus software can be rendered ineffective, and when suspicious looking activity on work computers doesn’t get reported since the employee responsible would have to admit to violating the company policy.

Think this is a problem that only large companies face? Think again. The massive Target data breach that affected millions of the retailer’s customers last holiday season (and already has cost the corporation millions of dollars) has been linked back to a heating and air conditioning company that handled the HVAC repairs for a number of Target locations. An employee in that small business apparently opened a link in an email, therefore downloading malicious software to the HVAC company’s network. Once the connection between the HVAC and Target’s network was discovered, the software was then integrated into Target’s computers.

A far better company policy is one that understands the communication needs of employees, and acknowledges that the need to stay connected doesn’t stop just because an employee is on the clock. Explaining to your staff, “I understand social media is an important tool, so we ask that you limit your personal account use to breaks, during your lunch hour, or under extenuating circumstances,” will go a lot farther towards helping your staff feel valued and trusted; this can also carry over into the reporting of IT problems as they occur, instead of waiting for the servers to crash or a breach to happen, and the investigation into the causes. By educating your employees on the proper online behaviors and the allowable personal use times, you’ll foster a workplace that builds your staff up and lets them know they are valued team members, all while protecting your IT efforts and your data.


If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center’s Anyone3 fundraising campaign.  For more information or to donate please visit