Personal Use of the Internet
Neville Hobson posted something interesting over the weekend, and Shel Holtz added some further thoughts to the discussion today, about the number of companies who have simply blocked access to Facebook and other social networking sites.
I think they cover some of the objections to this pretty clearly, but I want to focus on a couple of areas, specifically around the area of law firms, since that’s where I work. 🙂
I’m also going to broaden the discussion to sites beyond Facebook, to the general idea of employee personal use of the web.
I’ve run into these sorts of objections in regards to my own blog, and to various tech blogs, and forums that I visit regularly. For your web-savvy employees, the line between personal use and professional use is so blurred as to almost be non-existent. I spend a fair amount of time reading tech blogs, participating in tech discussions, answering questions in forums and mail lists. In many places, I’d be forbidden to do that during work hours. Since the blogs in question, or the interactions I’m having, are not directly related to a specific work task I’m trying to accomplish, according to policy, they are “personal”, and therefore a violation.
Never mind that I’m making professional contacts, sharing and learning from the greater community at large by being an active part of it, and that the employer gets the benefits of that work every day, it’s still not allowed.
For law firms, these sorts of rules are even more counter productive. Lawyers, practice development experts, and even staff, are all an important part of making connections with clients, getting the word out about the firm and the work we do, turning up new business from people we have contact with, sharing information with experts, etc.
There are more sites than I could possibly count that include communities built around the practice of law, a specific industry that our clients may be working in, marketing law firms, litigation support technology, general tech, human resources, web design, etc. Some of them are going to be located on sites like Facebook, or MySpace. Some of these connections are going to be made on LinkedIn, in message boards, on on our own blogs.
The Web gives your employees the opportunity to be plugged into these sorts of communities, and contacts, 24 hours a day, seven days a week, from anywhere. Many of the most web-savvy employees will be contributing to these communities during the work day, at night, and on weekends.
Given that, and given the benefit the firm sees from these activities, why would you block them, either with blocking technology or policy? And, given the time these folks spend away from the office as part of these communities, why do you begrudge them taking a few minutes to read ESPN, send a personal email, check the show times at the local movie theater, or even read the latest gossip?
When you go out of your way to block these things, or make an overly-stringent policy about personal Internet use, here’s the message you are sending to these folks, “We don’t trust you to get your work done”.
Maybe you don’t trust them. Just remember that the next time your secretary has to deal with your biggest client, or write up a letter for them. Remember that the next time you ask your IS team to handle electronic evidence from a large case, or the next time you have someone put together a PowerPoint presentation for you. You trust them to do an awful lot for the firm and your clients. You trust them to not break confidentiality every single day, which is a huge deal for a law firm. But you don’t trust them to use Facebook or other sites without it interfering with work. Doesn’t that seem a bit out of whack?
Unproductive employees are unproductive employees. The way to fix that is not to block websites. They’ll find another way to avoid getting work done. The real policy should be to find people you can trust, and trust them.
The times I’ve had to block access it is because interns (and new employees) have been using myspace instead of working. In the case of myspace, the risks of trojan and malicious scripts is just too high to justify the use of this website at work. If they want to use it then they should be doing it from home or if the company *really* needs access to the website then they should have a dmz’ed computer locked down very very tight (or a virtual one)
OK, interns and new employees maybe have to earn some level of trust, but a blanket block of social network sites doesn’t really make sense.
I am starting to wonder how many IT people use “trojans” as an excuse to block things they just don’t want to deal with. Technically, I could argue that any site that has scripted advertising is a risk(I’ve seen spyware installs from innocent sites with rogue advertising on work machines more often than anything else.), so we should block all of them, but we don’t. If there are legitimate reasons to view sites, there are legitimate ways to minimize those risks on the local machine so you don’t have to spend a lot of time worrying about MySpace scripts, or even web based email attachments, which is the other area I hear this argument a lot.
Again, to be specific to law firms, if you work in the music industry, don’t you want to be where your clients are? Or if you do trademark law don’t you pretty much need to be able to view MySpace, Youtube, etc.?
Anytime you work with clients, or network within an industry group to attract clients, or if you have people who work for you benefiting from peer networking, which is pretty much everyone in the legal industry, it makes no sense to block them from doing those same sorts of activities online just because you’re afraid they’ll waste time outside of that specific activity. Again, you either trust them or you don’t.