Social Networking: First Do No Harm!

March 16, 2010
Robert H. Spencer, PhD

It has been estimated that more than 76 million “millennials” (Americans born between 1978 and 2000) are ready to enter the workforce throughout the next decade. At the same time significant numbers of the “Baby Boomer” generation will be retiring. There is a good chance that you fall into one of these groups or a sub-gender thereof.


It seems that as younger workers are graduating and entering the work force, we are undergoing a significant sea change in how workers view and respect sensitive information in the daily course of business. By that I mean that this group seems to view information in the workplace differently. If fact, they may have always looked at data differently, but the advent of Social Media tools such as Facebook and Twitter has changed our ability to rapidly access and disseminate information. This makes it more important than ever to be sensitive to our responsibilities to guard our clients' information.

The good, bad and ugly of Social Networking


The good of Social Networking is that is a powerful sharing and collaboration tool. Used properly it facilitates and accelerates our ability to communicate, quickly replacing e-Mail as the tool of choice. Whereas e-mail is a one-to-one communication platform and can be managed via encryption and other tools, social media tools are one-to-many, immediate, and there are few if any tools available to restrict or manage their use.  Just as we needed to develop Internal Control Procedures to train and convey to employees what were permissible uses of e-Mail, so too must we develop Internal Control Procedures to establish guidelines and limitations on what is allowable uses of Social Networking in our workplace and, what information is restricted and may not be conveyed outside the office as well.


Also, not everything about social networking is bad; there are good benefits to creating a Facebook site, or Twitter account for your firm to convey positive information to clients and potential clients. This may even be done by employees who are passing positive information on to others. However, the natural approach of management today is to simply put a stop to it.


The bad side of Social Networking is that you cannot stop it. Blocking firewalls and routers from accessing certain sites is, for the most part, a useless endeavor with easy work around.  Such measures do not affect users who use such tools at home or on the road.  It is extremely important therefore to educate everyone in the office to use social networking tools appropriately.


The ugly side is that once you develop good Internal Control Procedures you must enforce them. If an employee, after training, violates the rules appropriate actions must be taken.

Creating Internal Control Procedures

You might consider the following steps to establish policies on social networking published by SHRM Online:

Get fully informed about the various social networking venues, their thrust and theme, successes and foibles.

Identify the kinds of social networking conduct by employees that your company wants to regulate.

Decide the level at which some sites will be filtered or blocked by your company’s computer network.

Determine the job categories that have inherent, appropriate workplace uses for social networking and grant access to social networks to workers in those groups only.

Craft a clear, concise policy that can withstand legal scrutiny.

Ensure that employees read and sign the policy.

Update the policy annually, based upon policy reviews conducted jointly by HR and other corporate managers, employment lawyers and other experts.

Make sure managers buy into the policy, and communicate it through multiple channels.


There are a number of web-sites that offer advice on creating your policy.  The federal government recently published Guidelines for Secure Use of Social Media by Federal Departments and Agencies.


This document can be found at


IBM has published their guidelines for blogging, wikis, social networks, virtual worlds and so forth at


If you want to educate yourself, or your staff on the subject of Social Network Etiquette, read this article


There is also a sample short Internal Control Procedure at

First, Do No Harm


For those of you who are new to the workforce, what information is proper to share over the Internet and what isn’t, is really not that difficult to understand.  Most of the time good common sense can be your guide. Don’t tweet or post a comment about anyone that you would not say to their face!  If the information is client related, or is information that belongs to the firm – DON’T POST IT!  If your office has rules about what may be written down in the firm, notes, comments and so forth, to include in client files - all these rules apply to cyberspace as well.


Keep your personal Facebook or Twitter accounts personal and do not include work. It really is as simple as that. But since every once in a while someone just does a dumb post by accident, exposing sensitive information, it is more likely to occur because you are mad, or upset, or bored.  Stop and take a deep breath before you do it. It may be better to go home, play XBOX, take a run, or just yell out loud in the woods than post something you will live to regret.


I might also suggest if you are looking for a long and profitable career, pay attention to what you post on your personal posts as well.  Not that web based search engines are included social networking posts your comments cannot be taken back, and they may exist across the Internet for many years to come! If you have pictures on your sites that you would not want your minister or your mom to see – perhaps there are good reasons to take them down.


Dr. Bob Spencer is an internationally recognized author, lecturer, and consultant who has written more than a dozen books on technology in business and can be reached at Dr. Bob is associated with and presents Continuing Professional Education seminars for K2 Enterprises,