IT security firm Trend Micro recently released results from their latest study surveying 1,600 end-users in the United States, United Kingdom, Germany and Japan. The study focused on employees’ use of corporate computers while on corporate LANs.
Trend Micro found that the use of social networking sites grew globally from 19% in 2008 to 24% in 2010.The fact that the use of social networks is growing, and will most likely continue to grow, probably doesn’t come as a surprise to anyone, but it is always interesting to attach real figures to this trend.
The report doesn’t imply whether this growth relates to the use of social networks in a productive manner to drive businesses, or employees wasting companies’ time and money. Regardless of the reasons behind the growth, Trend Micro warned that without proper oversight, the increased use merely makes organizations more viable as malware distribution points.
“Social networking is an extremely important tool both for personal and professional relationship building,” David Perry, global director of education at Trend Micro, said in a statement. “While most companies’ concerns around social networking in the office center around the loss of employee productivity, what they may not realize is that many social networking sites are built on interactive technologies that give cybercriminals endless opportunities to exploit end users, steal personal identities or business data and corrupt corporate networks with malware.”
Trend Micro are pretty clear (and we couldn’t agree more) that blocking social networking sites is not the solution. Not only is blocking counter-productive, cause employee resentment and can increase costly turnovers, the report also states that “Trying to just prevent users accessing social networks from work could potentially increase the risk to an organization as users look for ways around computer security, possibly increasing the chance of exposure to security threats”.
Damned if you Don’t, Damned if you Do
Many organizations are still fumbling in the dark when it comes to the best approach for handling, and effectively embracing, social networking. On the one hand, it is distracting for employees, productivity can definitely suffer from excessive usage and organizations become more vulnerable to cybercriminals, data leakage, malware etc. On the other hand, social networking is a great way to communicate with customers, generate leads, build brand reputation, increase SEO and can have beneficial impact on productivity if used in moderation.
Sadly there is no one-size-fits-all solution that can smoothly be implemented in every organization. According to a recent Symantec survey only 5% of organizations block social networking sites outright. One-third doesn’t block but do have policies stating that social networks can only be used for business purposes. Meanwhile, 42% of organizations have no policy or blocking whatsoever.
As with any other internet related issue, the high level social networking best practices should include:
- Educating the whole organization about security threats related to social networking
- Establishing (and communicating) social networking acceptable usage policy that is regularly updated to keep relevant
- Monitor to ensure policy adherence
Please bear in mind that the monitoring aspect isn’t just to make sure employees spend no more than their acceptable time on social networking sites. The software also acts as a great tool to find out who in your organization may need additional assistance in identifying threats, such as phishing sites (read blog on how one of our clients used a phishing attack as an opportunity to educate the workforce), or simply to verify the configuration of the network’s firewall and other threat management systems.
Don’t hesitate to get in touch with any questions or comments.