Dec 15 2017 12:11 PM
We have a few users that have pending requests to join an unrelated external network. What would are some of the risks in approving these requests?
Dec 15 2017 02:21 PM
Dec 18 2017 01:19 PM - edited Dec 18 2017 01:24 PM
Agreed with Loryan that the same risks apply to joining any external site with your internal email address. I want to add, too, that for us it depends on a few things - the overall risks outlined for Yammer at your organization and the nature of your work.
At EY, we have client MSAs to protect (e.g. if we were to approve practitioners' access to client external networks without first outlining the risks to the client which they are required to waive, it could potentially be in breach of providing data to a third party without their consent). We have put a blanket response in place to disable external network usage due to the risks but are able to grant exceptions, which requires us to work with internal stakeholders in risk and legal, the client and the client engagement team to make it happen.
Brand and reputation are also potential risks as users are now representing your organization in another network (and if you do any internal monitoring in your home network, it's not possible to have that same trail or any control over deleting potential misuse). We use this as an opportunity to educate our people on always adhering to our Global Code of Conduct and firm-wide values regardless of what external site or initiative they're participating in - we will remind them that our internal Yammer network Terms of Use is expected to be followed at all times.