How to Keep Track of Employees Social Media Usage

To say that confusion reigns over who is responsible for something said in social media is the understatement of the year. In a sad but comedic squabble over individual vs. corporate responsibility, a flurry of finger-pointing ensues only to end in a rash command to the rank and file to just “zip it already”.

But “people are going to use social tools for business whether the tools are provided by IT or not,” warned Wendy Steinle, marketing director for Novell Pulse. Yes, for business and for pleasure, the Twitter tweets and Facebook posts still fly from phones and computers all the day long, no matter what an employer has to say about the matter. Sure, a company can give an offending tweeter the boot but that’s a bit like locking the house after the burglar leaves with all your stuff. Sadder still if the offending post breaks compliance and the lawman locks you up for the burglary.

On the other hand, there are those companies that, when faced with a runaway staff of tweeters, let the reins fly and trust the team to arrive safely at the destination. These are typically the companies that hail social media for its marketing value. That approach, however, leads to even more confusion.

A recent global study conducted by the Ponemon Institute and Check Point found that while the majority of IT and IT security practitioners believe employees should be responsible for their social repertoire, the majority of employees “rarely or never” consider security in their everyday business communications … bit of a huge, gaping disconnect there, to say the least.

Further aggravating the situation is the lack of consensus over who in the corporate pyramid should be the Pharaoh of Prelection. In the aforementioned survey, more than half of respondents in the U.S., UK and Australia say the employee should be the most responsible party for his or her gaffes but the CISO, corporate IT CIO might have a teeny bit of responsibility too. In contrast, respondents in France believe HR, followed by information security, are most responsible for controlling employees’ social media forays. In Japan, legal followed by corporate IT are viewed as the most responsible parties.

In any case, nobody is in charge most of the time — fine fleck of leadership that is.

Reining it in

But there are a few companies that have successfully harnessed their runaway teams into a quasi-tamed pace. Typically they begin with a strong policy that spells out what can and can’t be discussed in public and the repercussions if any virtual lips slip. “Just make sure you have usage policies, security guidelines and access rules put in place before you send your employees off to socialize with the company’s data,” advises Steinle.

But be prepared to take action if the rules are not followed.

“If the policy is not clear and easily enforced, then the company’s efforts to address the risks associated with social networking will be in vain,” said Sam Kolbert-Hyle, vice president of Business Development and Strategic Initiatives at Smarsh, a company that provides hosted supervision and archiving solutions for electronic communications.

Enforcement is easier if you are aware that the offense has taken place. To do that, your company needs an arsenal of new tools. They come with a variety of purposes. Monitter, Twitterfall, TweetGrid, TweetDeck, Seesmic and HootSuite are tools that track conversations, keywords and hashtags on Twitter (some go beyond Twitter, too). CoTweet, built specifically for larger organizations, allows multiple people to respond to tweets at the same time.

Trackur and BrandWatch are tools that help companies find anything said by anybody about the company or its products. These tools are generally used for searching for specific message content rather than for specific users.

Companies such as Novell Pulse, Symantec, RSA, Check Point, Zecurion, Identitylogix, Smarsh, and SpectorSoft produce solutions that do everything from allow companies to review social media postings before employees post to tracking employee usage of social media inside company walls.

“Data loss prevention tools such as Symantec Vontu or RSA DLP can give you much more fine-grained control over what information users post to Facebook et al,” explained Rakkhi Samarasekera, CEO of, a security startup. “If employees upload company confidential documents or information, you can either block or investigate and take remedial action.”

Trendrr takes a slightly different approach by tracking location-based services such as Foursquare and Gowalla plus it aggregates Facebook “likes” and reputation scores via Klout. (Trendrr also has a built-in sentiment analysis feature for tracking customer attitudes about brands and products.)

There is also a new freebie tool to track employee usage of enterprise and Internet social media on the market. NodeXL is a free, open network discovery and exploration add-in for Excel 2007 and 2010. It extends the familiar and favorite spreadsheet to collect, analyze and graph activity on social networks including Twitter, Flickr, YouTube, Facebook, www hyperlinks, and your local company email.

NodeXL is a project from the Social Media Research Foundation and is supported by the Microsoft Research External Projects Group. The contributors are a list of notables from Microsoft Research, University of Porto, University of Maryland, Stanford University, Cornell, Oxford University, Australian National University, and the Illinois Institute of Technology, among others.

But there are ways to do some employee tracking yourself such as “via the proxy server which keeps a lot of usage [data] and, with a bit of light scripting, the connecting IP addresses can be mapped back via Active Directory to the individual user,” said Rakkhi.

From this you can collect stats, he says, such as usage, time spent on average, subsites visited (e.g. Facebook apps and games), and when used (e.g. during lunch and after-hours or during the work day).

“You can then combine with any productivity or other HR issues if you need evidence to put on a performance improvement plan or to terminate, said Rakkhi. “Also name and shame walls of Top 10 Facebook users are effective deterrents.”

Be careful not to go too Big Brother with your efforts, however, as such is counter-productive.

“The most successful enterprise social media deployments are those that strike the right balance between user control and free-flowing collaboration around data,” says Steinle. “Just because you want some level of management over social tools, doesn’t mean you have to box yourself into a corner.”

A prolific and versatile writer, Pam Baker’s published credits include numerous articles in leading publications including, but not limited to: Institutional Investor magazine,, NetworkWorld, ComputerWorld, IT World, Linux World, Internet News, E-Commerce Times, LinuxInsider, CIO Today Magazine, NPTech News (nonprofits), MedTech Journal, I Six Sigma magazine, Computer Sweden, NY Times, and Knight-Ridder/McClatchy newspapers. She has also authored several analytical studies on technology and eight books. Baker also wrote and produced an award-winning documentary on paper-making. She is a member of the National Press Club (NPC), Society of Professional Journalists (SPJ), and the Internet Press Guild (IPG).