A new survey from FaceTime Communications describes the apparent risks from the increasing use of consumer social networking sites from within the corporate network. You can download it here. Within the organisation I work for use of social networking is allowed and is widespread: I personally use LinkedIn and the web usage statistics generally indicate that about a third of all desktop Internet usage is to a social networking site.
The survey scarily states that “Four in ten IT managers report incidents involving non-compliance (37%), while another 27 percent have seen unintentional release of corporate information.” The report doesn’t tell us if those same organisations subsequently still allow access to social networking sites or whether following an incident they block access.
Would I prefer to have access to social networking sites blocked from within the corporate network? Personally, yes. My arguments for doing so include obvious malware risks and a lack of control over business related communications and data and subsequent liability, or compromise of sensitive information. In my position, while I can state what I think the risks are, and point to reports such as this one from FaceTime and numerous others to back up my assertions the business believes that allowing use of consumer sites is progressive and needs to be facilitated.
That’s not to say that my words fall on deaf ears. The organisation has conceded to a fair usage policy on social networking and blogging, and regular security awareness related messages on the subject are sent out. Measuring the effectiveness of the messages is difficult but we’re not seeing any trend of incidents – or at least not any incidents that we can track.
There’s no doubt that we open up the door to more risk through the continued use of consumer networking sites from within the corporate network. Is the risk more important and a higher priority than some of the other things we need to be dealing with? Answers on a post-card…