Social Networking Security

By John Wagley

Increasingly, employees expect to remain connected to social networking sites while at work. But these sites represent a growing threat in terms of malware, for instance.

It can be challenging to measure the exact threats posed by the variety of networking sites in this regard, says Larry Ponemon, president of the Ponemon Institute. That said, there does appear to be a significant association between a company granting permission to allow social networking sites and the organization’s level of malware.

Networking sites also represent a risk in the area of social engineering. Hackers can use the sites to glean information about employees to carry out targeted e-mail, or phishing, attacks, for example.

Another significant risk is that an employee could post or inadvertently reveal sensitive information. For example, someone could say that he or she “can’t attend a party because they have to work on xyz deal,” says Chip Tsantes, a principal in the financial services office of Ernst & Young. That might have just revealed the existence of a deal or a meeting not meant to be disclosed.

Despite the risks, companies can’t just say no to social networking. That’s not practical in today’s environment, note experts. For one thing, employees are going to participate in these sites on their own time at home in any case, creating some of the exposures regardless.

Another factor is that some workers, the younger ones in particular, may avoid working for organizations that are overly strict on using social networking on the company’s network, says Per Thorseim, a security consultant at EDB ErgoGroup, a Norway-based IT services firm. In some cases, “if employers say ‘we want you here but there’s no access to social networking sites,’ there’s almost no way they’ll want to work there no matter what kind of pay you give them.”

In some cases, employees can access sites through Internet proxy Web sites. It can also be hard for organizations to block sites once they’ve already been allowed for business purposes, says Thorseim. And they are increasingly part of business marketing and communications efforts. For these and other reasons, “few companies have been getting more conservative on what they allow,” he says.



The Magazine — Past Issues


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.