Is social networking in the workplace a ticking time bomb? writes Ronan Kavanagh, CEO, SpamTitan Technologies.
As social networking and collaboration tools become absorbed into the workplace, the business environment is gradually changing forever. Many businesses now appreciate that social networking applications can provide a valuable business function, especially as a way to engage directly with customers and to conduct online marketing campaigns. Yet social networking is a fundamentally open technology and as such inevitably carries new network security risks. There is always the danger of opening up the network to new vulnerabilities that wait undetected, ready to be exploited further down the line.
The evidence suggests that companies have so far done little in the way of taking practical steps to combat the risks of social networking. In a survey of 200 SMBs carried out by SpamTitan in early 2010 almost all allowed Internet access and some social networking applications. But while 76.4 percent said Web filtering was important step in addressing this issue around half (49 per cent) of all respondents admitted not using one. At least 50 per cent of those without filtering said they were actively doing more to better secure themselves when it came to social networking applications. A further 16 per cent who had not yet done anything said they planned to do something about it in the next 12 months. This still leaves a significant proportion doing nothing at all.
The dangers should not be underestimated. A 2010 study by Clearswift revealed that 82 per of office workers have received some form of unsolicited content via email and the social networking sites that they access at work. Spam (68 percent) and phishing emails (45 percent) are the most commonly received unsolicited content although personally offensive content / cyber bullying and exploitation of international news events cause the most upset and irritation. Internet hoaxes /chain letters also scored relatively highly on both the frequency and upset scale. Worms, too, have spread to social sites. They are no longer designed to hop from machine to machine but stay within the ecosystem of the social network, spreading from profile to profile.
Staying safe is not just a matter of relying on browser patching and user education. Unregulated use of social media in the enterprise can lead to embarrassing and potentially costly mistakes. It is important to ensure that only those employees that are using social networking for the company’s advantage have access to it.
This is a new era and every company should develop corporate social media policies in tandem with their social networking strategy. Even when using social networking as a business tool, corporations still need to manage traffic to social sites. Companies need to get to a point where they are not just blocking or allowing access, but are managing employee behaviour. Employers have to be aware how much data is flowing out of their networks and what is being revealed to the world at large.
A layered approach to protection is the key. Companies need to deploy a variety of tools in an intelligent way to monitor, manage and control how different individuals use new web applications in the workplace. The best solutions allow for flexible policy controls where certain groups, departments or individuals can have customised internet access depending on company’s internet policy. Some, like our own WebTitan, provide control over who can access which sites and down to a very granular level. Of course, the technology of choice should also fit comfortably in the latest virtualized, Cloud-based environments that are increasingly becoming the norm.
Social networking is here to stay. It is very powerful, and can be a very effective tool for an organization. Companies somehow need to manage the behaviour on those sites without compromising the social networking activities that are benefiting the company. A robust Internet education policy within a company and effective monitoring tools are critical to addressing social networking security issues by keeping employees safe, compliant and productive. As the boundary between home and work becomes increasingly blurred, companies need to keep pace by deploying security tools that offer limitless flexibility without compromising control or ease of use.
