Keeping Web 2.0 Platforms Private and Secure

By Michelle V. Rafter

Blogs and social networks can help companies improve relationships with employees and customers. But they can also leave a business open to privacy and security problems. It’s critical to have strong policies and software.

Blogs and social networks are changing how small and mid-sized companies interact with employees and customers. But using Web 2.0 technologies can make companies vulnerable to security and privacy breaches. Think of what could happen if an employee inadvertently posted company trade secrets on their personal blog, or spammers clogged the comments box on a company-run blog with solicitations for X-rated DVDs.

To avoid that kind of exposure, companies need privacy policies spelling out what employees can and can’t do on company-sponsored social media. They also need to use available technology to safeguard their internal and external networks and blogs, according to social-media industry analysts and other experts.

Put privacy policies into practice

When it comes to protecting your company, the best defense is creating privacy policies and making sure employees know about them. Don’t wait until a blog or social network is up and running. Policies should go into effect as soon as a network or blog is live, says Lee Huang, head of the New York City chapter of theInternet Strategy Forum. “Employees are going to have a lot more power and control over community, and you have to have a policy about that,” Huang says.

Other suggestions:

• Don’t reinvent the wheel. If you have an existing privacy policy, expand it to spell out how employees can use corporate social media, and what they can and can’t mention in personal blogs. One example of this is Yahoo’s guidelines for employees’ personal blogs. The guidelines remind employees that they are legally responsible for their personal blogs, barred from releasing any confidential or proprietary company information, and need to get their facts straight, among other provisions.
• Pick an individual or group to be the company’s privacy point person, Huang says. A corporate blogging policy white paper, from Six Apart, the maker of Movable Type and TypePad blogging software, also suggests creating a hot line -- an e-mail address or phone number -- that employees can use to send a monitor questions about the appropriateness of specific blog posts or comments.

Larger businesses can take a page from Fortune 500 companies and create a network of privacy stewards, select individuals within workgroups, departments, or locations who act as the go-to people for privacy matters, according to Jay Cline, founder of Minnesota Privacy Consultants in Minneapolis, an independent privacy consultant.

Batten the hatches with security software

The popularity of blogs has given rise to blog spam, also known as comment spam, where spammers automatically and relentlessly post commercial messages or random messages to a blog’s comment or track back area. One example: in a recent post on the subject, a blogger at Tech Crunch, the Internet daily news site, said the site gets 15,000 spam comments a day.

Thankfully, blog software vendors have come up with filter software that blocks it. One popular utility is Akismet, from Automattic, the company that makes WordPress blog software and runs WordPress.com, the free blog website. Akismet is built into WordPress.com and can be downloaded for WordPress blogs hosted on a company’s in-house servers. Independent Akismet developers have built plug-ins that enable the software to work with other blog software, including Movable Type, b2evolution and Joomla.

Other security measures that companies can take:

• Use online resources -- Wikipedia maintains a blog spam tutorial that includes a list of possible solutions, including keyword blocks, redirects and turning off a blog’s “Comments” feature.
• Go in-house -- If you’re worried about security, host an internal social network on in-house servers, says Paul Gillin a new media consultant and author of The New Influencers. “If people are posting proprietary stuff there and you don’t want outsiders to get in, it’s important that whatever you’re doing be completely firewalled from the external Internet,” he says. “They shouldn’t be on the same physical server.” The same goes for in-house blogs. Putting public blogs and internal blogs on the same server “is asking for trouble,” he says.
• Stop spammers -- Report network abuse and abusive users to the Network Abuse Clearinghouse, also known as Abuse.net.