Managing a workforce is already a challenging job; now Facebook and other social networks raise a host of sticky new situations.
Security threats still apply
Part of the appeal of Facebook is that it offers an alternative to regular email and its spam, scam and phishing issues. If you get a message on Facebook, theoretically it's from someone you know, or at least a friend of someone you know. But that's changing, as scammers and malware distributors figure out how to adapt Facebook for their own ends.
One growing problem is with people pretending to be someone they're not. The Silicon Alley Insider documented the efforts of a Nigerian scammer who tried to convince a Facebook user to send money to him by posing as one of the victim's friends, whose Facebook account the scammer had managed to gain access to.
Similar approaches can be made without having to actually take over someone's account. A scammer could join a network or a group, for example, and start sending messages to everyone in the group. Since users are less suspicious of messages they receive on Facebook than they might be of an email - especially if the person on Facebook is part of their network - they may be less guarded with their information.
Research by Sophos discovered that 41 percent of Facebook users "will divulge personal information - such as email address, date of birth and phone number - to a complete stranger".
Even if such slips don't directly reveal information about a company, they can be useful in constructing a social engineering attack. The more bits and pieces of personal data about you and your staff a malefactor can acquire, the easier it would be for him to worm valuable company information out of them as well.
There have even been instances of Facebook being used as a way of distributing malware, says Argast. Emails sent to Facebook groups or networks from apparent acquaintances have contained links to malware sites.
Sophos even posted a warning about a message being left on Facebook users' walls urging them to watch a particular video. Clicking on the link took users to an outside web page that urged them to download an executable to watch the movie. The executable turned out to be the Troj/Dloadr-BPL Trojan horse.
Should you ban Facebook from the office?
Many managers, faced with possible situations like these, might just throw up their hands and issue an edict: 'No Facebook!' At least not in the office.
But the solution, Selvas says, isn't for employers to simply forbid employees from participating in social media; rather, they should educate workers not only as to what the dangers are, but on how to use the tools available on Facebook to control the propagation of information as much as possible.
He compares the situation with Facebook to the early days of email. Remember when people would hit Reply All and then make a sarcastic comment about the boss's message? It took a while for people to develop proper email etiquette, and similarly it will take a while for people to learn to navigate the perils on Facebook, Selvas says. Education can go a long way toward making that happen.
Bottom line? Facebook doesn't call for new principles, Selvas says, just smart application of the old ones. And the constant reminder that you and your employees are in public when you're on Facebook. As Selvas sums up, "Don't do anything on Facebook you wouldn't do in an airport."
See also: Famous Facebook flip-flops