Social networking security has been in the spotlight again, with a poll of users finding them "more vulnerable than ever" to "web-borne identity theft and infection".
While it is easy to dismiss social networking is a consumer activity, a massive number of employees undoubtedly access such sites when working (a British council has banned social networking access in its offices after finding it is losing 400 working hours per month). Sites such as LinkedIn go further, blurring the lines between business and personal networking. But there is a big issue with regard to the amount of sensitive corporate information that is shared, and how this could be used by miscreants.
Security software player AVG found that 57% of users "infrequently or never" alter their privacy settings, meaning that in many cases the default settings are still in place, and 21% accept contact offerings from people they do not recognise. With regard to infrastructure security, 64% click on links offered by community members or contacts, and 26% share files within social networks -- meaning 47% have been victims of malware infections.
While software can be deployed to protect against malware and viruses, the same is not possible for staff who may post information that provides competitors with insight into what a business is up to, through inadvertent actions rather than deliberate malice. Earlier in 2009, there was some speculation with regard to a planned handset from Motorola after an employee posted a little too-much information on a LinkedIn profile. This is not a flaw in the site, which has done exactly what it is intended to; rather an employee has freely provided information which in other situations would probably have been a closely-guarded secret.
As has already been demonstrated, banning access is an option, although this is perhaps a somewhat draconian overreaction to an issue that can be addressed through a clear, and enforced policy. After all, there are some business benefits: social networking can prove a valuable tool in driving employee collaboration, creating closer working relationships between staff that may be physically separated by thousands of miles. But the risk should be taken seriously, and policies reviewed frequently, as the growth in informal communications increases the danger of accidental slips in security.
A couple of videos have already been posted on the Orange Business Live blog discussing threats and recommendations for social networking sites -- they are here and here. The message then, as it is now, is "surf carefully".