23.9.18

Blog 9 Thing 8 Facebook

In the workplace as an organisation and young persons tool

Although we didn't use Facebook as an organisation for self promotion or comment on policy or current issues for reasons high lighted in Blog 7, I set up a Facebook account for a new lived experience mentoring project to help explain the project and recruit volunteers with the right experience. Since it was about reaching a wide audience of potential recruits it was Public and designed to reach our target group who we recognized as potential Facebook users - young adult care leavers and those with more general life experience of disadvantage. I was instrumental in this on behalf of the charity and ensuring that posts were respectful to the group we were trying to help - this was given over by me to our information worker so mainly updates were about how the project was getting on but not sharing data about beneficiaries. We closed the account after approximately 9 months because it needed a fresh approach and it had become evident that recruitment through local networks and word of mouth was more successful in  the follow through. At the time I had the intention of setting up  a closed group for those engaged in the mentoring program. We did not get to that point with the mentors because I left but since then a group of service users are looking at setting up a mutual interest closed group using Facebook as they feel they can relate to that rather than the blog they are doing. The worker involved has spoken with me and is planning a course in preparation for this initiative and is interested in using some of the material in this Thing about Facebook groups and their features which I have shared.

My reason for progressing slowly with Facebook is because projects working with young people spend a great deal of time helping them exercise controls and / or engaging with social media in responsible ways - for example, the group mentioned above has potential for ideas generation and enhancing commitment but equally based on experience could generate group bullying when emotions are running high. My colleague and I have experience of this happening when the group members were using their own Facebook to make unpleasant comments. Those working with young people will relate to the sometimes reactive and emotional content of communication and the Facebook closed group is a way of learning to be more measured in dealings with one another. As happened in the past there is still a risk of group content being taken into individuals private account or disagreements being conducted elsewhere. However the worker involved is alert to these risks and comfortable that with good preparation the closed group model is a good way forward. She has studied the material contained in this Thing.

Further to blog 7...........not using Facebook

I did not use Facebook as an organisation initially (I was the CEO) for reasons of scale (growing from 1 to 42 workers plus volunteers at the highest point) and on the advice of the Security Manager (external). The Board endorsed that decision because we were not in a position to manage input. We updated that decision and set up a Facebook Account in the organisations name as identified above when I was able to appoint a part time information-research officer who could assist in the ongoing work. As part of the IT suite of policies I updated & endorsed by the Board, my training engaged with workers and young people in use of social media as outlined blog 7 so there was knowledge of Facebook. We were not disadvantaged as an organisation by not using Facebook and used Linked In as and when necessary because it presented fewer potential risks.

As regards workers use of Facebook we did not engage in routine monitoring of workers activity. I am aware that many larger companies do and for I know of workers being terminated for using sick leave inappropriately and posting about it. Updated policies encouraged workers to maintain privacy settings when using social media and refrain from inappropriate content.
Sarah in the down load does not protect herself by giving specific personal information about herself and her choice of pic would attract comment and alienate some. She also makes derogatory remarks about her clients families and uses the post to ventilate about her having to work which would be worrying to her employers and hurtful to service users.  She is commenting inappropriately on professional issues.
When I read this I wondered if our  guidance to staff was sufficiently explicit and having looked again felt it was but wondered whether if I was in the position again, setting up a closed group for the purpose of internal staff exchange might be a positive idea. I am thinking about the professional integration of staff  as well as benefits for the dispersed group and residential workers learning a model that could potentially be developed as part of their after care strategy with young people (although there would still be sensitive issues to overcome about protecting individuality).  The closed group however does provide a safe space that is inclusive, for networking without external distraction  and is much like the early staff portal (Sharepoint ) I set up when our organisation began - though technically more advanced.

 

Day 7

Thing 4 and 6

Digital footprint & Further steps to address risks in online activity

This is a bit of a post script because since my last blog and on doing reading for thing 6, I've become quite preoccupied with how essential our digital learning is to the range of activities social care workers are expected to perform. The skills underpin so much of what the worker is expected to do and communicate about that I am beginning to form a view that it is or should be core learning for all managers and workers. And needs to find it's way into induction programs and professional training especially so for those in small to medium projects in the voluntary sector. Although it does seem repetitive we are working with young people who see themselves as savvy and yet make the most basic of blunders such as sharing on line bank access with friends and then find their account emptied. Unless workers are alert to these issues and know the actions needed to minimize risk then we fail young people. Managers too must be able to take the necessary steps to protect their company from security breaches. In my last post we did a lot of work to discourage use of public wifi hot spots because of the security risk and possible data breaches which are not only upsetting but carry serious financial penalties. The accounts manager and myself double password protected as a means of ensuring that the most sensitive of data would not be breached. Spot checks on password security formed an element of the organisation's standard risk audit since as a very small charity we had to strictly manage all aspects of digital security. We put a limit on daily transactions through the bank so the Bank were alert to any suspicious on line activity. We updated policies so workers became aware of the risks of using mobiles to take photographs at events and the activity was prohibited.
As promised in previous blog, I did arrange for a 'security health check and clean up' of my computer by someone who does this for a living and was quite astonished to see how much information was accumulated through visiting different websites and search engines and how often I was agreeing to 'give data access' without thought. Not good!  I have scheduled  a routine cleanup and ensured that iphone has it's current security updates and double password protection. .

Thing 6 exercises bring good ideas to help with team and management responsibilities for data security

Working through the reading for thing 6, I found the section on Passwords of practical assistance and a bit of fun for everyone to do at a team session. Reading the Worst Passwords made me feel quite smug and then of course the exercise how strong is my password brought me down to earth. I tested one of my passwords and found it took only 15 mins to break so thought I was back to lots of jumbled up letters etc. which always get forgotten. I wasn't sure about the notion of starting from a phrase but then could see how each individual might have phrases in their memory bank that might be a good starting point. I thought a bit about obscure poems and bits of books I had memorized over the years so think I might start with that to avoid  recall issues. Again useful for the young people. Later I checked out another password created from a personal phase substituting some letters for numbers and did rather better at 1 month to break it so will try to do this more in the future.

Not so convinced about the usefulness of services to store the information because they have such different reviews and of course these are not immune to hacking but I can see how it works for individuals. The equivalent in the work place is paying a data security manager to take on that task on behalf of a small company and it is welcome that cyber experts from large companies can be willing to give free or subsidized time to help small charities with security issues. Useful too if the person is prepared to endorse the organisation policies and procedures in this area ......provided ofcourse we undertake appropriate safety checks first.

Overall I am thinking that the advice in this section ought to be incorporated into the organisation's policies on data security because it is so fundamental to the individual and the organisation. Following good P&P training by an expert or expert information, teams are able to remind each other of do's and don'ts of everyday security on line. The systems put in place by the company to regulate workers activity online should be checked at intervals as part of the quality management activity. Quarterly checks at team meetings - of passwords, permissions, settings - can be fun using the kind of exercises in Thing 6 and is not hugely time consuming. This high profile monitoring builds self regulation and greater sensitivity to safe practices for young people and workers.

I need to learn a whole lot more about settings and just take time to do checks ..... 

Having trawled through information on app permissions and content, I have to say I found the process a little disconcerting and concluded that we need to be a whole lot more careful about the permissions process and understand that if we don't want certain others to have access to certain information then we need to become much clearer about what we are signing up to. This seems to be about thinking through what the consequences may be and who and for what purpose access to data about us, ideas or service users is needed. I think the high profile Facebook episode of data being shared with & used by a third party recently brought the discussion and accountability into the public domain though may not have influenced  behavior. For me it is about thinking more carefully about who we wouldn't want to have access.  I definitely need to read more carefully when visiting  new sites and fully appreciate the risks since I have learnt that even with the most basic apps like the calendar we risk breaching highly sensitive information by not taking time to check the permissions settings.

Increased risks present for outreach workers............

 As a manager one of the recurrent themes of risk management in this area is workers engaging with service users at home or on coffee shops.  Nowadays core services expect young people to conduct business on line - for example benefits claims, job search, banking. Depending on individual circumstances it is common for workers to have to assist young people in these tasks sometimes using their own devices. It is essential that through supervision workers are clear about company expectations and know how to manage risk appropriately. Public wifi or hotspots are  commonplace and surveys still reveal that a significant percentage of the population  use these routinely ignoring the very real security risks. All workers needs to understand that this is not acceptable as it places themselves and the young persons data at risk - from hacking, malware, no encryption. Likewise work devices linked to a home network which is shared can lead to serious compromise to any data held on the device. Managers / supervisors have a professional responsibility to ensure that their workers know how to protect their clients identity and any information stored on devices at that point - emails, personal details - through safe online connections, password protection, always ensuring that security on devices are routinely updated.   

Day 3
Reading material for Open Badges was really quite interesting because of the global scale and applicability. Made me think of a couple of things. Firstly, this must have application to young people and since this is my field, I am thinking it opens up a new set of possibilities for young people who have missed out on educations. We spent a lot of time using accredited learning - VQs in Personal Development for example - because it was practical and achievable. And whilst contrary to popular belief not all young people have access to technology especially when you are living at the very edge of society, there are ways that the Open Badges could be a real option for individuals to do with their outreach worker or in a group. And even if you have to change addresses frequently you are not losing paper and evidence of achievements are still there in your backpack. Not having to rely on certificates is good - just take phone to interview. Something to build on.

Secondly......Before I retired from Up-2-Us which is a Scottish Care and Justice Charity, we were exploring SSSC's Open Badges program with the Staff group  though never quite got round to using it. I could see how as one of a range of learning options this would be useful. Trouble is of course not all workers have the same skills level with technology. Often they think they have no such skills when in fact they are on their phones and tablets as a matter of course. What they really need to think about is specific skills and data security. 23Things definitely offers tangible evidence that we are all of the same page with that one. With new changes this year we had invested a lot of time updating policies and practice material but as a manager you are never certain that individuals have nailed the learning. I think Open Badges is a good way for individuals to engage in the learning process without is seeming like a big deal and at the same time evidencing to supervisors that they have the skills and knowledge required for the job. I'm meeting a manager next week and really want to talk about how useful Open Badges would be if it was introduced as part of the learning culture from day one.

In my situation now it is really important to stay in touch with  new learning models by testing them out. Today in Social Services including Care there are more requirements of workers and a myriad of possibilities in terms of learning. That can add to the stress and as managers we need to test the water ourselves to ensure that the tasks for learning are relevant, worthwhile and manageable A part of my Lifelong Learning journey I recognize too that need to update skills and especially keep pace with new technology. 23 Things is a reminder of the pitfalls to be navigated in the digital world  and also the possibillities. Tomorrow, I will reflect on my learning and try to recall any skills achieved so far.

Day 2
Day 2 blog though actually spent a bit of time every day getting comfortable with the idea and desensitizing so I find my way around more quickly.
Been looking at some of the other Badges in this Digital group and started a couple. Got really frustrated with Thing 7 which is about sourcing materials / resources - instead of just relying on Google. That seemed like a good challenge because we all have our favourite sites so keen to explore SSKS library. However that did not go well because of my 'intermediate' status at the moment - retired from full time work so have no organisation though I am helping one or two on a voluntary basis. I will return to this again because a lot of the information was health based and I was keen to explore some of the mental health items.
But going back to the beginning instead - Thing 2 because that really was the motivation for embarking on this challenge - i.e. how to equip ourselves and staff and young people for the digital world because it just opens up so many possibilities for learning and is cost effective. But only good if each individual is comfortable and knows how to stay safe.