14 DAY TRIAL // A recent survey on how companies deal with social networking, performed by IT security vendor Sophos, has concluded that over 60 percent of them worry that personal info shared on such services by their employees could put their infrastructure at risk. However, productivity concerns remain the main reason for controlling access to social networking while at work.
Social networking has become an important aspect of the online life of many Internet users. This is clearly reflected in the popularity boom of services such as Facebook, MySpace, Twitter, or LinkedIn. But, as with all popular online resources, they also become large pools of potential victims, which cyber crooks will attempt to exploit.
The dangers users are exposed to on the social networking websites come in many forms, from spam to phishing and malware distribution. The Sophos survey, which quizzed some 700 professionals working in the IT security field, who also socialized on one or more of these four networks, revealed that over 33% of them had received spam messages through the service.
Moreover, 21% had been the target of phishing attempts and another 21% had been sent malware. "Although social networking sites are going some way to mitigate threats to users – activating pop-up windows to confirm if a user really wants to visit that external link for example – unfortunately it's just not enough," Graham Cluley, senior technology consultant at Sophos, notes.
Companies fear that their employees expose themselves to identity theft by making too much information about themselves available online for attackers. Compromised computer systems and online accounts, which could result from attacks on social networking sites, can also serve as an entry point into the corporate infrastructures and give cyber criminals access to sensitive data.
Therefore, when asked if they thought that their employees' activity on social networking sites could endanger security at their company, 66% of respondents answered in the affirmative. Between seven and eight percent said that they controlled access to such services, because of data leakage concerns, while six to nine percent pointed to malware as their reason.
Sophos researchers share that completely blocking access to these websites is not a practical answer. "The danger is that by completely denying staff access to their favourite social networking site, organisations will drive their employees to find a way round the ban – and this could potentially open up even greater holes in corporate defences," Mr. Cluley explains. "Let's not also forget that social networking sites can have beneficial business purposes for some firms too, giving them the chance to network with existing customers and potential prospects," he adds.
The report makes some basic recommendations, which include, but are not limited to, educating the workforce of the risks, flexible filtering of access based on time and user groups, constantly checking if business data is being shared online by employees, and employing a comprehensive security solution that is able to detect malicious content on websites.