You have employees who are addicted to social media, updating their status, sharing everything from discovering a helpful business link to where they went for lunch. However, they also may be broadcasting information not intended for public consumption.

One of the most difficult tasks for an organization is conveying the importance of discretion for employees who use social media. Not only are organizations at risk from having their networks attacked, but they must protect their reputation and proprietary ideas. What makes these two areas difficult to protect is their mobile nature. Ideas are invisible and have a habit of popping into conversations – and not always with the people who should be hearing them. They can get lost or stolen without anyone knowing they’re even gone. Suddenly, you find your competitor releasing a great product to your market that you thought was yours alone.

If you want to decrease such liabilities, you have a few options. Initiate some guidelines for employees. Send friendly reminders from newsworthy “social-media-gone-bad” stories. The more employees know where an organization stands in regard to safe social media use, the more they can be smart about using it. Here are three basic rules to help them interact safely:

1. Don’t announce interviews, raises, new jobs, or new projects.
Talking about any of these sensitive topics on social networking sites can be damaging. If an employee suddenly announces to the world that they’re working on a new project with XYZ Company, there’s a good chance the news will be seen by a competitor. You may see them in the waiting room of your client on your next visit. One caveat: If you’re hiring, it’s a good thing. Your organization will be seen as successful and growing. However, those types of updates are usually best left to the HR department.

2. Don’t badmouth current or previous employers.
It’s good to remember what mom used to say, “If you don’t have anything positive to say, then say nothing at all.” The Internet never forgets. When an employee rants about either their past employer, or worse – their current one, it can poison a customer’s view of the organization. Nothing can kill the possibility of a new sale than hearing an employee broadcast sour grapes. If this is a common occurrence, it can give the image of a badly managed company. This isn’t the message to send to either customers or future employees.

3. Stay professional. Represent the organization’s values well.
Employees are often tempted to mix their personal and work information together when using social media. Although many times, such information can be benign, you don’t want to hear about an employee’s wild night at the local strip club. There are mixed opinions among experts whether an employee should establish a personal account, separate from their work life.

Emphasize your organization’s values and mission. Ask employees to TBP (Think Before Posting). Social media can be a good experience as long as its done responsibly.

I know that the IE infection is hard to kick. The most common argument I hear, many sites just don’t work with anything but Internet Explorer.

Is this a true issue, or merely an excuse for inaction? I know a few organizations that have installed alternative browsers (OK, Firefox, in all cases), and blocked all external access to IE users. They then take the help desk calls, check the sites that the users say won’t work with anything but IE, make sure they meet a business need, and then one by one add them into the proxy to be allowed out with IE.

Sure, this is a lot of work on the front end. Here’s the rub, though. 30 days out, the work drops like a hot stone in the hands of a yeti. Basically, the ongoing need to add sites become so infrequent as to be non-existant and handled with a one-off approval process. In terms of risk, the few who have taken this approach claim such a huge reduction in spyware cleanup, infections and basic break/fix calls that they say the longer term savings paid for the work of the 30 day period in less than 3 months. Thats a 90 day, 100% ROI for a 120 day project!!!! In business terms, this is a NO BRAINER.

Given the oddity of Aurora, the history of IE vulnerabilities and the ease at which new users of Firefox, Opera, Chrome, Safari, et all become proficient, the deck begins to stack in favor of replacing IE for Internet-bound traffic in all but a limited set of cases. Sure, use IE for that odd website, for those internal legacy apps where code-rewrite is not feasible. Heck, in this case, maybe even allow IE 6 to live on for internal use only (pray for no internal malware or xss attacks). We all know the real attack surface for IE is overwhelmingly the Internet.

Maybe this approach will work for you. Consider it. It works even better when combined with proper egress filtering, enclaving and role-based access controls.

Let me know what you think!