A while ago I came across an interesting story on the register where Wikipedia have banned an IP address for posting racist comments - the catch? The IP address belongs to Volvo's IT division.

Wikipedia is a site that I imagine is not blocked or banned in many companies, as it's used as a major source of information by people all through business (the merits or accuracy of which is a discussion for another time).

Volvo aren't the first organization to be caught wikifiddling, when the Wikiscanner was released a few years ago a range of organizations were found to be questionably editing information, including the then-Australian Prime Minister's department and the CIA.

As far as I know the previous organization's 'outed' were mainly revealed to be engaging in pointless vandalism, such as changing Wolf Blitzer's name or adding 'jerk' multiple times to George W. Bush's profile.

A charge of racism is, however, a whole different situation, and one that can certainly bring extremely damaging attention to an organization.

But what to do? Blocking access completely is too draconian for most companies. Policies on blogging and editing online web 2.0 type sites (such as Wikipedia) are a start. Educating the workforce on the type of damage they can do and ensuring they know their access is monitored can act as a proactive deterrent. Combine this with web monitoring/auditing of access to enable follow-up on offenders can allow for quick follow-up in the event of an incident.

It often seems that even 'IT-savvy' staff can completely forget that their actions on the internet can be tracked, traced and may well leave a permanent imprint, especially when it comes to social networking. Adding some general awareness to Information Security education programs along with the usual 'don't click on attachments' may pay off in the long run.