A new IG report cites security and productivity concerns associated with employees' use of the popular online collaboration tool.
Things got a little loose on the in-house social network at the Department of Veterans Affairs, and the agency's watchdog is cracking down.
Under then-CIO Stephen Warren, VA adopted Yammer, an Microsoft-owned online business collaboration platform that aims to keep workers connected.
In addition to work-related communications, however, employees created private groups for off-topic chats and posted comments, videos and jokes. According to a report by VA's Office of Inspector General released Aug. 17. those discussions were "non-VA related, unprofessional, or had disparaging content that reflected a broad misuse of time and resources."
The report says a group called Swap Meet drew 267 members interested in buying and selling personal items. A Young Professionals Group allowed members to network and arrange the "occasional happy hour," and a Geek Jokes forum attracted 584 members.
The OIG isn't going after VA message boards out of sheer pique. According to the report, multiple security concerns were associated with the way Yammer is run on VA networks. For instance, there was no system to ensure that former employees and contractors had their access privileges revoked once they left VA service.
Additionally, "the relatively simple process to post to Yammer...made VA vulnerable from [a] user uploading, on purpose or accidentally, personally identifiable information (PII), protected health information (PHI) or VA sensitive information, [to] which any current or former employee remaining active on the site would have access."
The Yammer Notifier, an app that keeps users updated on posts and alerts, was approved on a limited basis for use at VA, but the online social network component, where the collaboration actually happens, was not authorized.
According to the OIG's tally, more than 25,000 VA email addresses linked to active Yammer accounts and another 25,609 were registered but not activated. The report found that Yammer spammed users with invitations and news of account activation and deactivation.
VA Chief of Staff Rob Nabors promised to complete a review of VA's Yammer use by Oct. 15, to make sure it met agency and federal guidelines for collaboration networks. Nabors said he would block Yammer if it was not approved.
In his written comments, he also pledged to determine whether any VA employees should be subject to disciplinary action for inappropriate use of Yammer, and to clarify which web-based social networks and collaboration tools are authorized for use on the agency's systems.