Like email and instant messaging before it, blogging is entering the enterprise through the backdoor, embraced by employees before IT has had time to formulate appropriate usage guidelines. Should CIOs be concerned? The numbers suggest yes.
Blog search engine Technorati sees nearly 75,000 new blogs created each day, which translates into a new blog every second. Technorati currently tracks nearly 50 million blogs, with the number of blogs doubling every six months.
On one hand, this is a good thing. Executives originally distrusted email, but it proved to be a boon to productivity. Blogging won’t replicate email’s corporate benefits, to be sure, but it does offer a new, efficient and personalized means for communicating with employees, partners, and customers.
In a way, it’s the embodiment of the Web 2.0 concept, with content being interactive and dynamic; much better for customer relations than stale, stuffy corporate websites.
Yet, blogs also pose risks. It’s one thing if your CEO is blogging about new strategies. It’s another if an unauthorized employee reveals sensitive corporate information.
The U.S. Commerce Department estimates that $250 billion is lost annually due to intellectual property (IP) theft. And, with IP being notoriously difficult to quantify, the numbers could be far worse.
Most bloggers aren’t seeking to do something illegal (although the disgruntled insider is always a concern) but a careless comment about an upcoming deal or soon-to-be-launched product line could damage the organization.
All of this begs the question: How should your organization handle blogs, ensuring that you protect your company without ignoring their potential value?
The first step is to have a policy in place. Mark Jen, a product manager at Plaxo, helped his company develop a blogging policy. Plaxo provides contact-management solutions, and the company actually encourages blogging.
“We believe that transparent communications with employees, customers, and even detractors is an inherently good thing,” Jen said. “For customers, they don’t like reading press releases or even news. They prefer raw information and direct communications. Blogs provide that.”
“Unfiltered information” is the term that Jen and others use to describe the value of blogs. Technorati CEO David Sifry notes that we’ve become trained to sniff out corporate jargon from a mile away and blogs are a refreshingly honest method of communicating corporate concerns and interests.
However, even blog boosters like Jen and Sifry agree that before telling employees to get out there and start blogging, organizations should come up with blogging policies. The question, though, is what to include in those policies.
“Much of this is basic stuff,” said Jen. “Don’t reveal trade secrets; don’t engage in personal attacks. After the basics, it really depends on type of company. Is the company secretive, needing to protect a lot of trade secrets? Is it a more open company? The type of company informs a lot of decisions.”
Add to that the matter of compliance. Many blog policies will be influenced by the industry sector and the accompanying need to abide by regulations.
The knee-jerk reaction when faced with compliance and security concerns is to ban blogging. Maybe it’s okay and productive to ban employee access to certain areas of the Internet, but is it practical to ban the act of blogging? Probably not.
“You almost have to allow blogging because employees who can’t blog at work can go home and do it there,” Jen said.
Besides, according to Mike Rothman, president and principal analyst of Security Incite, effective blogging policies already exist at most organizations; just under a different name. “If you look at any non-compete agreement, you’ll get a snapshot of what blogging policies should include.”
“Public companies have always had problems with inside information. For instance, they need to watch out for insiders trying to game the stock market,” Rothman said. “I don’t see blogging as anything but another communications channel to monitor.”
The difference with blogs, Rothman noted, is that they’re harder to track and monitor than, say, email. Whereas your IT security staff can drop an appliance onto your network to monitor email and Web traffic, blogs often exist beyond the corporate network, created by employees on their own time and posted on their own forums.
“Those best suited to monitor blogging activities probably aren’t your security staff, but rather those who track your brand,” Rothman added.
It’s likely that your PR or marketing staff already monitor the Web for mentions of your company, so adding blogs to the mix, especially with tools like Technorati available, isn’t that difficult. The trouble is that it’s a manual, time-intensive activity. Do you really want your employees reading every single blog post that mentions your company?
Sifry suggests that rather than searching through endless blogs, it’s better to set up a browser plug-in that monitors certain terms and alerts you to new activity. Additionally, instead of just searching for general terms, like the company name, it’s better to include sensitive terms that you don’t want out in the public sphere.
Really, it’s just search engine 101 stuff: the more specific your search, the better the results. But people tend to forget that when dealing with a new medium like blogging.
“Set up a granular watch list, subscribe to that search, and you’ll have a pretty good idea of what people are saying about your organization out on the blogosphere,” Sifry said.
Jen cautions against a too-restrictive blogging policy, or you defeat the purpose of blogging in the first place. If your competitors have popular, open blogs and you don’t, your competitors may well seem more user friendly than you, and that openness may win them customers.
“Blogging is a unique channel,” Jen said. “You end up creating a relationship with people. Someone reads your blog, they email you, you chat, and you create a social relationship. It’s different than calling customer support. You get more personalized and extended feedback.”