Yammer unrelated external network pending request

%3CLINGO-SUB%20id%3D%22lingo-sub-137799%22%20slang%3D%22en-US%22%3EYammer%20unrelated%20external%20network%20pending%20request%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-137799%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20a%20few%20users%20that%20have%20pending%20requests%20to%20join%20an%20unrelated%20external%20network.%20What%20would%26nbsp%3Bare%26nbsp%3Bsome%20of%20the%20risks%26nbsp%3Bin%20approving%20these%20requests%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-137799%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EYammer%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-138284%22%20slang%3D%22en-US%22%3ERe%3A%20Yammer%20unrelated%20external%20network%20pending%20request%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-138284%22%20slang%3D%22en-US%22%3E%3CP%3EAgreed%20with%20Loryan%20that%20the%20same%20risks%20apply%20to%20joining%20any%20external%20site%20with%20your%20internal%20email%20address.%20I%20want%20to%20add%2C%20too%2C%20that%26nbsp%3Bfor%20us%20it%20depends%20on%20a%20few%20things%20-%20the%20overall%20risks%20outlined%20for%20Yammer%20at%20your%20organization%20and%20the%20nature%20of%20your%20work.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAt%20EY%2C%20we%20have%20client%20MSAs%20to%20protect%20(e.g.%20if%20we%20were%20to%20approve%20practitioners'%20access%20to%20client%20external%20networks%20without%20first%20outlining%20the%20risks%20to%20the%20client%20which%20they%20are%20required%20to%20waive%2C%26nbsp%3Bit%20could%26nbsp%3Bpotentially%20be%20in%20breach%20of%20providing%20data%20to%20a%20third%20party%20without%20their%20consent).%20We%20have%20put%20a%20blanket%20response%20in%20place%20to%20disable%20external%20network%20usage%26nbsp%3Bdue%20to%20the%20risks%26nbsp%3Bbut%20are%20able%20to%20grant%20exceptions%2C%20which%20requires%20us%20to%20work%20with%20internal%20stakeholders%20in%20risk%20and%20legal%2C%20the%20client%20and%20the%20client%20engagement%20team%20to%20make%20it%20happen.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EBrand%20and%20reputation%20are%20also%20potential%20risks%20as%20users%20are%20now%20representing%20your%20organization%20in%20another%20network%20(and%20if%20you%20do%20any%20internal%20monitoring%20in%20your%20home%20network%2C%20it's%20not%20possible%20to%20have%20that%20same%20trail%20or%20any%20control%20over%20deleting%20potential%20misuse).%20We%20use%20this%20as%20an%20opportunity%20to%20educate%20our%20people%20on%20always%20adhering%20to%20our%20Global%20Code%20of%20Conduct%20and%20firm-wide%20values%20regardless%20of%20what%20external%20site%20or%20initiative%20they're%20participating%20in%20-%20we%20will%20remind%20them%20that%20our%20internal%20Yammer%20network%20Terms%20of%20Use%20is%20expected%20to%20be%20followed%20at%20all%20times.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-137824%22%20slang%3D%22en-US%22%3ERe%3A%20Yammer%20unrelated%20external%20network%20pending%20request%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-137824%22%20slang%3D%22en-US%22%3EI%20don't%20believe%20there's%20any%20more%20risk%20in%20them%20joining%20an%20unrelated%20external%20network%2C%20than%20if%20they%20were%20to%20use%20their%20company%20email%20address%20to%20sign%20up%20for%20websites%20or%20other%20social%20networks%20(eg.%20Slack).%3CBR%20%2F%3EThere%20is%20the%20normal%20risk%20that%20they%20are%20using%20a%20company-provided%20account%2C%20so%20if%20they%20say%20or%20do%20something%20inappropriate%20it%20may%20reflect%20on%20the%20company%20-%20however%20that%20would%20usually%20be%20handled%20by%20general%20IT%20usage%20or%20social%20media%20policies.%3C%2FLINGO-BODY%3E
Contributor

We have a few users that have pending requests to join an unrelated external network. What would are some of the risks in approving these requests?

2 Replies
I don't believe there's any more risk in them joining an unrelated external network, than if they were to use their company email address to sign up for websites or other social networks (eg. Slack).
There is the normal risk that they are using a company-provided account, so if they say or do something inappropriate it may reflect on the company - however that would usually be handled by general IT usage or social media policies.

Agreed with Loryan that the same risks apply to joining any external site with your internal email address. I want to add, too, that for us it depends on a few things - the overall risks outlined for Yammer at your organization and the nature of your work. 

 

At EY, we have client MSAs to protect (e.g. if we were to approve practitioners' access to client external networks without first outlining the risks to the client which they are required to waive, it could potentially be in breach of providing data to a third party without their consent). We have put a blanket response in place to disable external network usage due to the risks but are able to grant exceptions, which requires us to work with internal stakeholders in risk and legal, the client and the client engagement team to make it happen.

 

Brand and reputation are also potential risks as users are now representing your organization in another network (and if you do any internal monitoring in your home network, it's not possible to have that same trail or any control over deleting potential misuse). We use this as an opportunity to educate our people on always adhering to our Global Code of Conduct and firm-wide values regardless of what external site or initiative they're participating in - we will remind them that our internal Yammer network Terms of Use is expected to be followed at all times.