246036

#98228

Ed Albetski
Participant

There are two issues here:

1. The agency sets up an official identity at social media outlets to spread information and get feedback from the public. This is "Open Government".

2. The agency allows it's employees access to their personal social media accounts via their government systems.

The first item is fine as this can be done in a security "sandbox", a "dirty" server isolated from the network.

The second, from a security standpoint, is insane. Before we prevented access to these sites one of our folks took their kid to the office during the Christmas holiday and let them use their desktop to keep amused. I had to clean off over 500 spyware infections the next week. This took 2 days of my and another tech's time.

Access to GovLoop is one thing, Facebook and the like, are another. Too many gremlins sneak in and we have better things to do. The loss of productivity in re-imaging the PC's is too high right now. Frankly I don't see why giving employees access to these sites at the workplace is necessary. Most can use their phones to go there anyway. Do this stuff at home, folks.

An official presence on these sites should not be a problem to any competent security department.

@ Harlan -- I agree, an agency's security plan is "eyes only". I mean, gee, why not publish a map to your whole server farm?

@ Arvind -- Yes, all our data is posted online, but we still have to protect it from attack. Pranksters or more malicious folks will attempt to alter it or otherwise damage the site for any number of reasons. Come now, even if you give away candy, you don't want someone to spit in the bowl, do you?