Ontario government debates future on Twitter, Facebook
The Government of Ontario is taking a guarded approach to its employees use of social networks, but like many Canadian organizations, it is constantly re-evaluating its policies.
Ontario has a very matter of fact policy when it comes to use of government IT resources, says Peter McCauley, Head of Corporate Security: “We’ve got a very strong acceptable use policy. In a nutshell, it says you can only use government equipment to do government business.”
But that doesn’t mean that Ontario isn’t prepared to move with the times, says McCauley. For example, when Facebook first appeared on the scene some years ago, the government blocked it from employee screens.
“We blocked it fairly early on. There were concerns about our network at the time — bandwidth utilization. We were not comfortable with the security of Facebook and there were an awful lot of privacy concerns. Now, if we had to do it today, it would be 50/50 whether or not we would block it,” he says.
Today, some employees are permitted access — approximately 3,500 out of the total workforce of 65,000 — provided that they have a legitimate reason to use it for government business. Most of those people work in communications departments, accessing Facebook so they can gauge the public’s perception of the Ontario government.
Employees that are permitted access to Facebook have to make an official request which must meet approval from several senior employees, including the CIO.
“When it comes to social networking, it’s a balance. Security needs to be more of an enabler than a prohibitor. We have to recognize that there are some very strong positives about social networking,” says McCauley.
The main concern for the government and social networks isn’t one shared by a great deal of other organizations — employees wasting company time — but network and personal security.
To date, the government has not blocked two other social networking giants, Twitter and LinkedIn, but there is a concern that employees could reveal details about themselves that could compromise their own personal security.
The government has not used social networking tools for its own communication purposes so far, says McCauley, but that could change.
“There are some parts of the government that have used it, but it’s very small. That’s not saying that in an election year, it could conceivably be a major platform. It is being looked at as a major communication forum in several areas, but it’s not widely used,” he says.
Attitudes towards social networking inevitably change as tools like Facebook and Twitter become more deeply ingrained into society, says Rafael Etges, a security research director at Telus Communications. When the Internet arrived on the scene about 15 years ago, a lot of organizations were hesitant to hook their networks into it, he says. Today, that’s almost inconceivable.
“Likewise, when you think about mobile devices and iPads and things like that, eventually it is going to happen. It’s a matter of time and how you manage the risks.”
Telus Security Labs recently released its third annual study on Canadian IT Security Practices. The study states that: “How an employee chooses to access social networks must be a consideration when stipulating ‘permitted use’ for employees. But more than likely, organizations do not make this distinction.”
Conclusions reached in the study suggest that organizations focus on education for employees to encourage safe and appropriate use of social networks in the workplace.