Social networking security has been in the spotlight again, with a poll of users finding them "more vulnerable than ever" to "web-borne identity theft and infection".
While it is easy to dismiss social networking is a consumer activity, a massive number of employees undoubtedly access such sites when working (a British council has banned social networking access in its offices after finding it is losing 400 working hours per month). Sites such as LinkedIn go further, blurring the lines between business and personal networking. But there is a big issue with regard to the amount of sensitive corporate information that is shared, and how this could be used by miscreants.
Security software player AVG found that 57% of users "infrequently or never" alter their privacy settings, meaning that in many cases the default settings are still in place, and 21% accept contact offerings from people they do not recognise. With regard to infrastructure security, 64% click on links offered by community members or contacts, and 26% share files within social networks -- meaning 47% have been victims of malware infections.
While software can be deployed to protect against malware and viruses, the same is not possible for staff who may post information that provides competitors with insight into what a business is up to, through inadvertent actions rather than deliberate malice. Earlier in 2009, there was some speculation with regard to a planned handset from Motorola after an employee posted a little too-much information on a LinkedIn profile. This is not a flaw in the site, which has done exactly what it is intended to; rather an employee has freely provided information which in other situations would probably have been a closely-guarded secret.
As has already been demonstrated, banning access is an option, although this is perhaps a somewhat draconian overreaction to an issue that can be addressed through a clear, and enforced policy. After all, there are some business benefits: social networking can prove a valuable tool in driving employee collaboration, creating closer working relationships between staff that may be physically separated by thousands of miles. But the risk should be taken seriously, and policies reviewed frequently, as the growth in informal communications increases the danger of accidental slips in security.
A couple of videos have already been posted on the Orange Business Live blog discussing threats and recommendations for social networking sites -- they are here and here. The message then, as it is now, is "surf carefully".
While it is easy to dismiss social networking is a consumer activity, a massive number of employees undoubtedly access such sites when working (a British council has banned social networking access in its offices after finding it is losing 400 working hours per month). Sites such as LinkedIn go further, blurring the lines between business and personal networking. But there is a big issue with regard to the amount of sensitive corporate information that is shared, and how this could be used by miscreants.
Security software player AVG found that 57% of users "infrequently or never" alter their privacy settings, meaning that in many cases the default settings are still in place, and 21% accept contact offerings from people they do not recognise. With regard to infrastructure security, 64% click on links offered by community members or contacts, and 26% share files within social networks -- meaning 47% have been victims of malware infections.
While software can be deployed to protect against malware and viruses, the same is not possible for staff who may post information that provides competitors with insight into what a business is up to, through inadvertent actions rather than deliberate malice. Earlier in 2009, there was some speculation with regard to a planned handset from Motorola after an employee posted a little too-much information on a LinkedIn profile. This is not a flaw in the site, which has done exactly what it is intended to; rather an employee has freely provided information which in other situations would probably have been a closely-guarded secret.
As has already been demonstrated, banning access is an option, although this is perhaps a somewhat draconian overreaction to an issue that can be addressed through a clear, and enforced policy. After all, there are some business benefits: social networking can prove a valuable tool in driving employee collaboration, creating closer working relationships between staff that may be physically separated by thousands of miles. But the risk should be taken seriously, and policies reviewed frequently, as the growth in informal communications increases the danger of accidental slips in security.
A couple of videos have already been posted on the Orange Business Live blog discussing threats and recommendations for social networking sites -- they are here and here. The message then, as it is now, is "surf carefully".
The social networking web application is beginning to lose its relevance. It is not unlikely that some people have lost their jobs due to misuse of the internet, especially visiting social websites during working hours. I think, just as the British council did , it is the resposibility of an organization to use firewall and other ways of restriction to prevent its staff from having access to unwanted website. I believe there are other avenues of reaching out to your consumers than through social application site.
As regard the claim that it could be a valuable tool in driving employee collaboration, creating closer working relationships between staff, especially those that are physically far apart, organization should provide such feature on their websites. Bridging the distance between colleagues from distant branches of the same organization.
To the Social networking providers, like "Facebook", "twitter" etc, there should be a regulation to monitor and control the status of shared data on their website.
Thanks