Keep a Blog, Get Fired

Here’s an interesting statistic, in the light of Scoble’s departure from Microsoft (no direct connection, I promise, but it does raise issues about whether corporates really like blogging): 7.1% of companies have fired an employee for violating blog or message board policies.

According to email security company Proofpoint, whose survey you can download from here, decision-makers at large U.S. companies show growing concern over sensitive information leaving the enterprise through electronic channels such as email, blog pages and message boards: “In fact, 55.4% of these large companies (with 20,000 or more employees) have expressed their uneasiness that regulations guarding the firm’s privacy will be violated by members of the “e-communication” community.  In an effort to reduce risk of exposure, 44% of larger companies employ staff to monitor outbound email, and nearly 1 in 5 companies (17.3%) has disciplined an employee for disobeying blog or message board policies.”

Proofpoint’s survey suggests they may be right: “more than a third (34.7%) of companies report their business was affected by the disclosure of sensitive material in the past year. Furthermore, more than 1 in 3 investigated a suspected email leak of confidential or proprietary information and 36.4% investigated a suspected violation of privacy or data protection regulations in the past year.” While a lot of this is email, “companies fear that financial data, healthcare information, or other private materials may be posted in blogs, sent through instant messaging, or transmitted by other means.”

Some other titbits:

  • Nearly 1 in 3 companies (31.6%) has terminated an employee for violating email policies in the past 12 months. More than half (52.4%) of companies have disciplined an employee for violating email policies in the past year.
  • More than 1 in 5 (21.1%) companies were hit by improper exposure or theft of customer information (whatever that means), while 15% were impacted by improper exposure or theft of intellectual property. (I think this means customer information or other sensitive data were stolen.)
  • Companies estimate that more than 1 in 5 outgoing emails (22.8%) contains content that poses a legal, financial or regulatory risk. The most common form of non-compliant content is messages that contain confidential or proprietary business information.
  • Here’s a funky one: 38% of companies with 1,000 or more employees hire staff to read or analyze outbound email. 44% of larger companies (those with more than 20,000 employees) employ staff for this purpose. I bet you didn’t know your company was hiring people to read your outgoing email.
  • Nearly 1 in 5 companies (17.3%) has disciplined an employee for violating blog or message board policies in the last year. 7.1% of companies fired an employee for such infractions. Ouch. 10% of public companies investigated the exposure of material financial information via a blog or message board posting in the past year.

Of course, Proofpoint have a point to prove (thank you) here, but probably this information is sound. There’s definitely a sense out there that blogging is something that needs to be controlled, for better or for worse. Of course, the bigger point is that information is no longer something that can be kept within organisations. Once it became digital, and once employees could move that digital data out of the company easily (remember when company email was not Internet-based, and there was no gateway out of the company email system? I do) then the walls were already tumbling down. The question now for companies is: do we try to ring-fence as much as we can, or do we put more trust and faith in the hands of employees so they don’t feel the urge to vent outside the company gates?

13. June 2006 by jeremy
Categories: Blogs, Media, Security | Tags: , , , , , , , , , , | 5 comments

Comments (5)

  1. Pingback: larry borsato

  2. Pingback: larry borsato

  3. Have you seen the Harris Interactive survey on executive opinions about blogging? eMarketer produced a good synopsis – here’s the link http://www.emarketer.com/Article.aspx?1003981

    Proofpoint and other survey’s appear to indicate that executives are most concerned with negative comments on the web. I think the Alaska airlines decompression/pictures story illustrates why companies should think about blogging policies and training. If you recall some negative comments were posted on the blogger who had taken photos in the Alaska plane, and the origin of the comments was an Alaska airlines IP address. (I don’t think that was verified however.)

    It does demonstrate the importance of training your employees on your communications policies even when people think they are helping a company the employee might be causing more damage.

  4. Surveys like the Proofpoint survey tend to sensationalize what should be a basic business issue. Companies have an obligation to e concerned about confidential information leaking out and new public information being presented in an incorrect context by a company employee. Blogs are simply the latest way this information gets published so they become the target de jour.

    For that matter, the headline of the post seems a bit alarmist as well (but, of course, it did grab my attention).

  5. I just saw an article on the dangers of treating email too casually as an executive here: http://www.executivewarfare.com

    Apparently, this was “blogged” by the former CEO of Hancock Financial. Funny, too.