I was recently at a peer conference where an IT director from a financial institution had a pretty good policy for dealing with non-work social networking. They recognized that users want to use the internet for personal reasons. That those personal reasons were often acceptible in moderation.
For example, they didn't want to prohibit users from checking on their uncle in the hospital via a relative's reports on facebook, or prevent them from checking on their last minute Christmas order on Amazon. They did not, however want users spending the day shopping or chatting with their friends. The problem was that users PCs were very private. In the old days if you made personal calls, your cube neighbors could tell how much time you were spending on personal calls. With PCs, it is much more difficult to spot who is shirking. The solution: Public PCs throughout the building which are in a sort of DMZ. The PCs are re-imaged each day and a much more permissable web access is allowed. No non-work sites at the users desks. Many (not all...) non-work sites are available at the public PCs. I thought it was a very good solution to the balance of wanting to allow reasonable personal access to the internet without empowering the true slackers to slack unchecked. Everyone knows that it is okay to check your facebook on your break, but you cannot be circumspect about how much time you spend doing it. -Bill On Tue, May 4, 2010 at 9:38 AM, John Aldrich <jaldr...@blueridgecarpet.com>wrote: > What restrictions, if any, do your organizations place on things like IM > or social networking sites? I sent out a warning to the office personnel > this morning regarding the new “IM Virus” and got an email back from the CEO > basically stating “shouldn’t that be a violation of company policy anyway?” > and I had to tell him, I knew of no policies regarding that; and that in > fact, my former supervisor was fully aware of at least one person (who’s > child is overseas in the military) who used IM on a semi-regular basis. > > For this reason, I’m working on coming up with a company policy. I’ve > looked at the sample template from SANS as well as another one that someone > sent me off-list. I’m planning on incorporating the best of everything I > get, so if anyone has any suggested language regarding IM or social > networking, please let me have it. J > > > > [image: John-Aldrich][image: Tile-Tools] > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
<<image002.jpg>>
<<image001.jpg>>
