Is your company watching what you do on social media? According to the responses from ZDNet Australia's CIO jury, the answer is most likely yes.
Gartner recently published a report saying that 60 per cent of corporations will be monitoring social media channels by 2015. Security was pinpointed as the main reason for the surveillance.
"Given that employees with legitimate access to enterprise information assets are involved in most security violations, security monitoring must focus on employee actions and behaviour, wherever the employees pursue business-related interactions on digital systems. In other words, the development of effective security intelligence and control depends on the ability to capture and analyse user actions that take place inside and outside of the enterprise IT environment," Gartner research vice president Andrew Walls said.
At the moment, according to the research firm, only 10 per cent are monitoring these channels, although this is a much lower percentage than what was seen when ZDNet Australia's CIO Jury was polled on the issue.
We asked the question:
Do you monitor social media use in your organisation?
Of the first 12 CIO Jury members to respond, eight said that they did, and four said that they did not.
The CIOs's reasons for monitoring were broad, although they seemed to come less under the heading of ensuring that their staff stay focused on work, and more about maintaining the strength of their companies' brands and the integrity of their security systems.
Vividwireless CIO Claude Brown said that his company was considering the implementation of security measures to control the threat of malware.
"[Our monitoring is] very targeted, and is not about preventing use due to productivity issues," he said. "We prefer to let local line-managers assess productivity."
Brendan McHugh, who has recently taken on the role of managing the IT of a retail and wholesaling firm, said that monitoring was done manually. If management came across any problematic posts, the employee could be asked to delete it "without consequence".
Bupa Aged Care CIO Paul Berryman was quick to say that, although social media was monitored, the surveillance wasn't meant to be a deterrent. "Social media is monitored, but we strongly encourage its use. Our people, guided by our policies, are very good at knowing appropriate behaviour," he said.
David O'Hagan, chief information officer in the corporate service division of Queensland's Department of Education, Training and Employment, said that social media monitoring has been put in place to protect students and staff.
"To exercise duty of care for students and staff, the Department has established a Cybersafety and Reputation Management section to proactively manage and respond to social media issues," he said.
There were also those who checked social media usage for productivity reasons.
Bill Robertson, De Bortoli CIO, described how his department looked at overall social media access, rather than specific content.
"These reports deliberately only highlight the sites with the top internet usage (ie, only heavy access to social media sites would have a user's usage highlighted)," he said.
David Beveridge, who acts as a contract CIO for small companies, said that he logged internet web browsing as Robertson does, but only ran reports if there was reason to believe that a worker was being unproductive, which he did not count as monitoring social media use.
Whatever their reasons, it seems that most organisations are either conducting some form of social media surveillance or are thinking about it. (Those who answered that they were not monitoring their staff's social media use did not say why.)
"Surveillance of individuals ... can both mitigate and create risk.... [It] must be managed carefully to comply with ethical and legal standards," Gartner's Walls said, at the release of his firm's report.
If you have any comments or observations on social media monitoring, please add them to our Talkback section below.
Thank you to all of our ZDNet Australia jury participants. The CIO jury comprised:
Paul Berryman — CIO, BUPA Aged Care
David Beveridge — acting CIO of multiple SMBs
Claude Brown — CIO, Vividwireless
Craig Columbus — CIO, Russell McVeagh
Xavier Desdoigts — director of technical operations, Animal Logic
Fiona Floyd — CIO, Suncorp Life
Daniel Johnson — head of information systems, Sydney Opera House
Royce Michael Lee — IT director, BVN Architecture
Brendan McHugh — IT manager
David O'Hagan — CIO, Queensland Department of Education and Training corporate services division
Bill Robertson — CIO, De Bortoli