More businesses are blocking social networking sites for
security reasons than three years ago, an IDC security conference
in London has heard.
There has been a significant increase in the number of
businesses taking a more stringent view on access to sites like
Facebook, said Eldar Tuvey, chief executive of web security firm
ScanSafe.
Social networking has gradually become one of the most blocked
categories in the web access policies of many businesses, he
said.
But Mark Sparshott, EMEA security manger at Google, said
recruitment is one area that is being opened up by social
networking.
Networking sites like LinkedIn are increasingly being used by HR
departments for finding talent to recruit and are being allowed
access because there is a specific business case, he said.
Francis de Souza, security senior vice-president at Symantec,
said although the trend has been to clamp down on social
networking, many businesses realise they will not be able to do so
in the long term.
Eventually it will become pervasive like instant messaging,
which many companies blocked initially, he said.
Blocking social networking may be viable for a while, but in the
long term, businesses will have to deal with it and should be
planning their security strategies now, said DeSouza.
These strategies should include a comprehensive awareness
training programme for staff, said Andy Bushby, identity and access
manager at Sun Microsystems.
There is no substitute for education and policy about how social
network services can and should be used in the corporate
environment, he said.
Employees need to be made aware of what they risk when they
expose information about themselves and the business when they
engage in social networking activities, said Bushby.
Companies need to think about how they are going to use social
networking, draw up a policy around that, and then ensure employees
are familiar with its contents, he said.
Such policies should also include blogging, as several prominent
retailers have suffered damage to their reputation because of
employees blogging about attitudes to customers, said Eldar
Tuvey.
Businesses need to make employees aware of the possible
consequences of what they post to the web in blogs, he said.
Cybercriminals are extremely conscious of the fact that most
users of social networking and blogging sites are poorly educated
about safe practices, said James Lyne, senior technologist at
security firm Sophos.
A simple piece of information, such as today is my birthday, can
be exploited by cybercrimals to build up personal profiles and hack
into online accounts.
The move to life on the web is happening, so businesses need to
start dealing with that as soon as possible from a security point
of view, said Lyne.