jim.shamlin.com

4: Managing the Use of Social Tools

Some of your employees are likely using social media, so your initial step should be to gauge the extent to which they are already familiar and fluent with social media. To do this, the author suggests asking employees some basic questions about their use of social media.

• Which social sites do you use regularly?
• How many friends, followers, connections, or contacts do you have?
• How often do you post information online?
• Do you post content to sites such as YouTube, Flickr, SlideShare, or others?
• Can you describe a situation where you leveraged your online connections to find a solution to a problem?
• Have you ever started or moderated an online community?
• How do you find out about new sites, services, and features to use?

Rather than asking, you could run a few searches using Google as well as sites that track people in the social media - you will look a bit foolish if you ask without trying on your own - but because of the popularity of social media, chances are that there may be several people, or several dozen people, with the same name as your employee, and you will have to ask.

What Are the Boundaries of Privacy?

There are still some individuals who feel that checking up on others via the internet is a bit creepy - but given that the point of participating in social media is to be visible to others, this sentiment seems outdated. Strictly speaking, there is no expectation of privacy for any information a person publishes about themselves online - and unless you obtain the information in a crooked manner (hacking past privacy barriers, setting up a fake account to "friend" them and raid their profile, asking another person who is their friend to disclose information that is not available to the general public), you are merely seeing what they put out there to be seen.

Even so, people who are otherwise very casual suddenly feel awkward when they learn their employer is checking up on them online - and especially where something that they posted as a "private" person is used against them in the workplace, whether this is ethical or appropriate becomes more questionable.

For example, it's well known that employers will search online to gather information about candidates - but because much information is exposed about a person online, such employers run the risk of discrimination. Going by the resume alone, there is generally little to no evidence of a person's race, age, religion, sexual preference, political beliefs, and the like - and a company can claim ignorance - but if the same firm gathers this information from the Internet, it may find it harder to defend the objectivity of a decision to exclude a candidate.

Another danger is that, when mining social data, you can't be sure that the person you find online is the same as the employee or candidate you wish to investigate. Even if a person has an odd name, there may be a several other people with the exact same name in social media - or if it's a common name, several dozen. So unless you are positive of the source of information, it's best not to over-react.

Social Tech and Personality Types

Social media has stronger appeal to certain personality types than others. It's only natural that an introverted person would make less use of social media than an extravert. An aggressive "Type A" personality might not see social media as a productive use of their time, whereas a person who is a social butterfly in real life would be extremely active in the social media, or they may have a rich offline social life and feel no need to interact with people via computer.

(EN: The author goes on to list a number of other personality and lifestyle factors that can impact a person's adoption and use of social media - but to take it even further, there's been some study into the "online persona" of a person, which suggests that a person's "online self" is not a perfect reflection of their offline selves, and in some instances can be very different. As such, placing too much faith in the notion that the behavior you see online is a reliable method of assessing personality is a serious mistake.)

Appropriate Use of Social Tools

The author returns again to the notion of the "appropriate use" of social tools at work, which is more complicated than it seems.

Prior to computers, people maintained their business contacts on paper - a rolodex file or stacks of business cards. This collection was considered critical to their success because it represented the contacts they had made over years of business transactions and social events, whom they could draw upon to provide needed expertise or refer them to others. An effective professional had a significant network of contacts. (EN: the maxim that "it's not what you know, but whom you know" underscores the importance of a network.) When electronic communications came along, we were able to maintain our address books electronically.

In both instances, it was a manual process to gather, compile, and maintain a list of contacts, and the drawback is that a person lost their connections when they left a firm (unless the remembered to photocopy their rolodex or download their address book).

With the advent of social media, our contacts can be saved in online systems and services that have greater longevity: when we add key colleagues and contacts to LinkedIn, we still have them on file when we change jobs. The employee also feels that they "own" their networks - the employer could react against the employee who made off with the rolodex (stealing company property) or their e-mail address book (violating information security policies).

It's suggested that some employers are fighting to retain control over an employee's network of contacts, requiring them to enter all business contacts into a company-owned system and forbidding them to use LinkedIn and other services to connect with people outside the workplace. The first policy is difficult to enforce, and the second is entirely untenable.

There are a few obvious lines that can be drawn regarding the use of social media at work: they should not be used for non-business purposes during business hours. If a person is chatting with friends about topics that have nothing to do with their job, or viewing video content that is not related to their profession on YouTube, or blogging about their hobbies and leisure interests during working hours, it would be difficult to assert that this was at all appropriate. If their leisure use of social media prevents them from meeting their responsibilities, it's a serious problem.

Even so, there is no clear line between professional and leisure in some instances. When an employee seems to be chatting leisurely, talking to a client, colleague, or vendor about last weekend's football game, it appears to be goofing off, but much relationship-building in the professional world involves "small talk" before business matters are discussed, and even in some instances when there is no immediate business to discuss. This is applicable whether it's chatter over the water cooler, light banter on the telephone, or an online exchange on a social media site.

Especially with younger generations coming into the workforce, collaborative effort is the norm - discussing topics and sharing information is the way they work. To expect them to perform as individuals, cut off from contact with others, is to take away from them the only tools they have ever learned to use.

(EN: I rankle at that. There has been a shift, even in the educational system, to favor of group projects, team papers, and other collaborative efforts. My sense, and experience, is that this is often one or two strong individuals carrying a handful of weaker ones, and that it's done considerable damage that business should not accommodate. While I would agree that the ability to leverage connections can be helpful and productive, if an employee cannot function at all without a support group, chances are he's one of the weaker ones who will always be a parasite and contribute no value on his own.)

The author suggests that being an effective manager will require you to monitor the ways in which subordinates use social media so that you can be sure they are using it appropriately. (EN: I disagree. There never was a suggestion that employers should constantly monitor telephones in the office to ensure people weren't goofing off on the phone instead of using it for business purposes - granted, there are a few who will be on the phone having casual conversations so often it interferes with their ability to get work done, but clamping down on the majority who know how to act appropriately because a few individuals might seems draconian.)

The author suggests a two-part solution: first, use software that monitors the employees' use of technology - your gateway router can detect every site the employee visits, how much time they spend there, and often the content they post, and report this automatically. A person who seems to be spending a lot of the time on social sites, or any time at all on the "wrong" sites, is likely a potential problem.

The second part of the solution is likely already in place: setting performance standards for workers. In this scenario, an employee who is using social tools to support their work will produce just as much, or more, than their peers whereas a person who is goofing off will fall behind in the amount of work they do or the time it takes them to do it. This is, perhaps, the most accurate and reasonable standard, which gives employees latitude to choose their own behavior, but the responsibility for the consequences of their choices. Raises, promotions, and bonuses will flow to employees who make good use of their time, and contribute the most to the company.

Each new technology makes management more difficult. For example, when e-mail became available in most offices, employees didn't understand it and were in some cases prone to abuse it - so some training was necessary to remind them that it was a business tool, and some uses were inappropriate. The same is true of social media, and will likely be true of each new tool or gadget that is invented. The important thing for the employer is to inform in advance, rather than punish in arrears.

The prospect of the virtual office will further complicate matters. While it has been true, for many years, that employees no longer need to be warehoused in cubicles in the company's office building, few companies have had much success in vitalizing teams and offices. Much of this has been because there remains the perception that business is done only in certain places, and only during certain hours. Management has been unwilling to trust that employees can work outside the office, unsupervised and on their own schedule, and still get work done.

However, as social technology progresses, the notion of the virtual office has resurfaced. Employees can communicate, share files, participate in meetings, and other functions that once required them to be co-located in space and time - and except in positions such as manufacturing where there must be hands-on contact with materials, there is less and less logic to the notion that an office and business hours are necessary for most workers.

The only things that haven't been overcome are fear and mistrust. It may take a generation or two before these obstacles are overcome, and the transition will be an uncomfortable one.

Best Practices for Managing the Posting of Online Information

The author has a low opinion of the intelligence and common sense of employees, asserting that "people don't understand the repercussions of what they post online," and feels that management must control and dictate to them what is appropriate. He provides a list of some of the errors individuals have made:

• A "young person" mentions on Facebook that he is busy at work because his company is getting a lot of product returns, and this comment is found and reported in the financial press, harming the stock price.
• A salesman posts a comment to a blog that contains incorrect information about his company's product, which is used by competitors to suggest the firm doesn't know its business.
• Another salesman criticizes a competitor on a well-read blog, using a personal account that does not disclose his own company. This is exposed, with the implication his company encouraged him to sabotage competitors.
• A flight attendant posts sexually provocative pictures of herself to a dating site in which her uniform is visible in the background, and the company is named by a commenter, bringing it to her employer's attention.
• An engineer posts information about the work he did on a project to his personal blog, but it is riddled with grammatical errors, and others suggest the quality of his blog is likely an indication of the quality of his work on the product.
• An employee posts a video of a company party where an executive is goofing off in front of the staff, and this damages the executive's professional credibility.
• A waitress tweets about dealing with an obnoxious customer, disclosing enough information that the customer realizes that they are the one being criticized, and it becomes a public debacle.
• An employee posts an unflattering picture of a coworker to his Flickr account to share with friends online, but the photo is associated to that person's name by search engines, such that when people search for that person, the photo shows up in search results.

Each of these incidents are situations in which a person is using a private account, posting information they likely believe that they have every right to post, but which turned out to be damaging to themselves, their colleagues, and/or their firm. Moreover, the list contains only a handful of examples - and there are many. Every few months, the press picks up on some fresh and innovative way in which a careless employee has damaged the reputation of their firm - and the fact that it is reported in the media compounds the damage.

Naturally, management of a firm should consider what can be done to avoid embarrassing postings, and the first line of defense is training: every employee in the firm, even those who do not have a computer at work, should be warned about the way in which their online conduct on or off the job can be a potential danger to their firm.

Another defense is to establish a policy that requires anything posted on behalf of the company, or even anything that an employee might post on their own time, using a private account, but which mentions the company name (or provides other information that would make the company identifiable) to be reviewed and approved before posting. While it is not practical, or even possible, to do so, the fear of punitive action will discourage employees from posting about their firm, or mentioning it at all, or even letting it be known to others where they work.

When negative information does appear online, the company's response is important. In some instances, reaction may call further attention to the problem - the fact that the company responded gives people the sense there's something to it, and the firm wants to cover up. The best approach would seem to be to react against the employee so that they remove or retract their own post, being sure to mention that they will receive further punishment if they mention that you threatened them into removing or retracting it.

Alternately, the incident can be used as an example of misconduct within the firm, which serves the dual purpose of humiliating the employee in front of his peers and using them as an example to threaten others employees, making it clear that if they do the same thing, they will suffer the same fate.

Building Acceptable and Effective Online Profiles

Most social media tools enable a user to create a profile, providing basic information about themselves so that other users get a sense of who they are. A general observation is that people either neglect the profile, or fill in every field of information the profile requests. The latter behavior can be problematic.

The information in a profile is associated to every piece of information posted using that profile. If a person mentions their current employer in their Facebook profile, then anything they post, whether it is work-related or not, is known (or can be discovered) to be originated by an employee of a given firm.

Naming an employer also makes the personal profile "searchable" by the company name. People can search various social sites to find a list of the names of the people who work there. And because a general search on Google can retrieve both the LinkedIn and Facebook accounts, it becomes known/discoverable that a comment made on Facebook is from an employee of a given firm, even if the firm is not named on their Facebook profile.

For an individual, that means that anything you post online can be found - an image or comments you have made on a dating site can be easily discovered by someone who is looking up your information for professional reasons - because you are a business contact or a job candidate.

A person who is mining social media with the intent of targeting you can likely sift through the various sources of information to assemble a fairly detailed profile: your image, the names of family and friends, where you work, where you hang out in your leisure time, your hobbies and interests, your political and religious beliefs, your taste in food and entertainment, even your home address and phone number.

All of this is ostensibly collected to make you more appealing to other users of social media - but there's often an ulterior motive when social sites encourage you to provide personal details: they use it to enable advertisers to target people for specific promotional messages. And while most will provide to advertisers only in aggregate, or not provide it at all but match it against advertiser profile requirements, it remains true that anyone who wishes to see your individual information can do so.

From a business perspective, this means that the employee's personal information is available to every other employee, every customer, every vendor, and every competitor, who may use it to compromise the employee and use them in ways that are damaging to their firm.

The author suggests that there is a happy middle ground between providing "too little" information to make effective use of social media, and "too much" such that it becomes a liability - but does not provide much guidance as to exactly what he feels is wise to share. It's simple enough to point to past incidents to indicate what went "wrong," but another matter to predict what might cause harm in future.

Social Tech and Security Issues

Aside of public relations, social technology brings a host of problems to IT departments, because the technologies involved expose the organization to hackers and malware. While social media that is accessed via a Web browser is subjected to the same safeguards as any other Web page, many social sites request the user to download third-party software, which is as dangerous as any software downloaded from the Internet.

The dangers these applications cause have been known for years, though there's still evidence that some employees still attempt to install or run software downloaded from the Internet or sent as e-mail attachments. Even for those who know better, "social" is something new and they need to be reminded about basic security concerns - because hackers are aware that people are inexperienced and vulnerable.

The advent of social also gives power to a little-used trick of "social engineering," in which a hacker poses as a person someone knows, or feels they should know, in order to gain information. The technique is as old as espionage itself (dressing up in an enemy uniform to move within their camp), but social media enables people to do this remotely.

(EN: Something the author overlooks is the way in which profile data makes it easier to masquerade and guess passwords. People should not use the names of their pets or children as passwords, and a firm should not assume that mother's maiden name is proof of identity, because all of this data is available on social media profiles.)

Handling security "events" is also important -a single event can lead to a panicked over-reaction that shuts down access to social tech for all employees, or it may be swept under the rug - but a rational response and measured reaction is generally between the two extremes.