Trust Economics

A recent BBC article discusses the ‘Network Citizens’ report (published by the Demos thinktank) about the value of allowing social networking applications to operate within a business environment.

It is argued that by allowing employees to use social networking tools within the workplace, they are essentially able to forge and utilise interpersonal connections that have potential business value. Furthermore, social networking tools negate the restrictions that a person’s physical location would otherwise place upon their ability to meet and communicate with potential collaborators both within and outside of their work environment.

It is important to identify the potential for social networking to further the ambitions of business, and as such one of the report’s authors, Peter Bradwell, states that the use of social networking tools “must be tied to a business goal”. The authors go on to say that guidelines must be put in place that define ‘appropriate use’ of social networking tools.

With regards to information security management, Mr. Bradwell comments that:

“In today’s difficult business environment, the instinctive reaction can be to batten down the hatches and return to the traditional command-and-control techniques that enable managers to closely monitor and measure productivity.

“Allowing workers to have more freedom and flexibility might seem counter-intuitive, but it appears to create businesses more capable of maintaining stability.”

If an organisation were to adopt the aforementioned change in approach, it would be necessary to educate staff regarding their information security obligations, and determine exactly what information they have access to.

Staff should be educated to ensure that they are aware of the information that they have access to within the organisation, why that information is important to the organisation, and what the consequences would be (both for the individual and the organisation) should they disclose the information using social networking tools.

The difficulty here would be in finding a balance between:

• the potential benefits to the business of allowing staff to communicate information to other parties in a context where connections can be rapidly (and perhaps tenuously) established (e.g. new business alliances, greater cohesion amongst staff, instigation of new and different projects), and;
• the potential losses (e.g. disclosure of sensitive data, time lost to unproductive or otherwise ‘pointless’ networking connections).

Just as risk assessment has become an integral part of information security management, it may be that ‘benefit assessment’ becomes just as important to those businesses that allow their workforce greater operating freedoms.