Companies are increasingly coming to rely on
social networking sites to create and maintain crucial business
contacts, but the potential risks are as great as the
advantages.
Intellectual property theft has been a serious challenge for
business organisations ever since e-mail become commonplace in the
work environment. But the use of social networking sites has thrown
wide open the floodgates for leaking confidential information.
The problem was highlighted last week when the
London High Court ordered a former employee of a recruitment agency
to disclose the business contacts he added to his LinkedIn social
networking site account before leaving the company.
The agency, Hays Specialist, alleges that former employee Mark
Ions used LinkedIn to steal business contacts for use by his own
company, which he set up before resigning from Hays last year. Ions
denies the claims.
The case shows that businesses are finding it more difficult to
protect confidential information when their staff rely on web-based
tools such as LinkedIn that are controlled by third parties.
The most obvious defence is to
shut down employee access to social networking sites. But for
recruitment companies such as Hays, the value of social networking
is too great, and they have to find an alternative way of managing
the risk.
Technology has a role to play, but security professionals agree
that companies first need to clarify the restrictions and
obligations staff are required to follow.
Phillip Carnell, an associate at law firm CMS Cameron McKenna,
says that organisations should ensure their employment contracts
and internet-usage policies are updated to include social
networking.
The risk of loss of information is nearly always indicated by
the behaviour of the individual, says Paul Dorey, chairman of the
Insitute of Information Security Professionals.
But if there are approprate internet-use policies in place, the
professional security team for the company will be able to monitor
unusual data movements and intervene, he said.
In fact, behavioural monitoring is becoming a key security tool.
Companies are deploying appliances that plug in to networks to
monitor the activities of their staff and alert administration to
any unusual activity.
Manufacturing company Abbey Corrugated & Abbey Board has
restricted access to social networking and other sites the company
considers inappropriate for business use, but IT manager Steve
Butler says activity monitoring is also an important security
strategy.
Butler says employees are required to sign up to a policy
governing their internet and other network activities and are made
aware that it will be enforced using the activity monitoring and
logging tools in place.
It could take several months for Hays to consider the
information it receives about the information its former employee
used to add people to his LinkedIn contact list. The case could
lead to a landmark trial that will set an important precedent that
will inform company policies on the use of social networking
sites.