As a result of the strong human desire to connect,
social networking websites have encouraged online behaviour where
security and privacy are not always the first priority, writes
Andrea Simmons, consultant forum manager at theBCS
Security Forum.
A survey by YouGov revealed that employees are being distracted
by the use of social networking sites to the tune of some three
hours a week, outstripping online banking, shopping or music
downloads.
However, the key cause for concern is the late realisation of
the open nature of the web and thus how much personal information
has been left exposed to any passing stranger.
The work and the personal world is extremely blended at the
edges, so there is cross over between the two sets. However, the
anonymous feeling of online transactions seems to leave the user
capable of dropping their "real-time shields".
With this in mind, an employer is more than likely to do a check
on some of the social networking sites to see whether you have an
avatar or online presence and, if so, how you are behaving and how
you conduct yourself and thus, whether, by your actions, you are
the kind of person that they, as an employer, want to join their
organisation.
The risks of social networking to the individual continue once
they are in employment. This is illustrated by the case of a
disenfranchised Waterstones employee who critcised his managers
in his blog. The story illustrates the issues on both sides - the
individual needing to apply caution to their online activity, and
the employer's need to be cognizant of blogs and encourage people
to be careful in their online transactions.
Similarly,
Oxford University trawled Facebook for evidence of students
behaving inappropriately - including "trashing" each other.
Another example worth noting is an NHS organisation that has
set up its own Facebook site inviting users to chat with
patients and staff.
The South West Yorkshire Mental Health Trust offers people the
opportunity to discuss the stigma suffered by those with mental
health. This might seem like a good idea, but the nature of the
information being exchanged may, in all likelihood, fall into the
category of sensitive personal data, which needs to be carefully
protected from risk of inadvertent disclosure.
The bottom line is that the social networking site you are using
is a third party and you need to be happy that you would trust that
third party with your personal information.
Addressing these issues, IBM has a
code of conduct that extends into virtual worlds. It warns
employees to back away from inappropriate people, behaviour or
transactions. Participation must be approved by a manager, and the
avatar's appearance should be "appropriate".
Identity theft
Trade in online information is now at a significant level and
invariably in the hands of criminal organisations. Too many
individuals are experiencing what is wrongly termed "identity
theft" (your identity itself cannot actually be stolen but
information relating to you can indeed be used to create another
identity). "Caution" needs to be the watchword.
In October 2007, ENISA launched a position
paper identifying threats and giving policy recommendations for
"safer social networking". The paper emphasises the commercial
and social benefits of a safe and well-informed use of social
networking sites.
From initially feeling that the sites should be considered to be
frivolous, there are obviously those who can see that, if used and
managed in the right way,
social networking sites can be a useful business tool.
Read more expert advice from the Computer Weekly Security Think
Tank >>