More businesses block social networking sites

More businesses are blocking social networking sites for security reasons than three years ago, an IDC security conference in London has heard.


More businesses are blocking social networking sites for security reasons than three years ago, an IDC security conference in London has heard.

There has been a significant increase in the number of businesses taking a more stringent view on access to sites like Facebook, said Eldar Tuvey, chief executive of web security firm ScanSafe.

Social networking has gradually become one of the most blocked categories in the web access policies of many businesses, he said.

But Mark Sparshott, EMEA security manger at Google, said recruitment is one area that is being opened up by social networking.

Networking sites like LinkedIn are increasingly being used by HR departments for finding talent to recruit and are being allowed access because there is a specific business case, he said.

Francis de Souza, security senior vice-president at Symantec, said although the trend has been to clamp down on social networking, many businesses realise they will not be able to do so in the long term.

Eventually it will become pervasive like instant messaging, which many companies blocked initially, he said.

Blocking social networking may be viable for a while, but in the long term, businesses will have to deal with it and should be planning their security strategies now, said DeSouza.

These strategies should include a comprehensive awareness training programme for staff, said Andy Bushby, identity and access manager at Sun Microsystems.

There is no substitute for education and policy about how social network services can and should be used in the corporate environment, he said.

Employees need to be made aware of what they risk when they expose information about themselves and the business when they engage in social networking activities, said Bushby.

Companies need to think about how they are going to use social networking, draw up a policy around that, and then ensure employees are familiar with its contents, he said.

Such policies should also include blogging, as several prominent retailers have suffered damage to their reputation because of employees blogging about attitudes to customers, said Eldar Tuvey.

Businesses need to make employees aware of the possible consequences of what they post to the web in blogs, he said.

Cybercriminals are extremely conscious of the fact that most users of social networking and blogging sites are poorly educated about safe practices, said James Lyne, senior technologist at security firm Sophos.

A simple piece of information, such as today is my birthday, can be exploited by cybercrimals to build up personal profiles and hack into online accounts.

The move to life on the web is happening, so businesses need to start dealing with that as soon as possible from a security point of view, said Lyne.

Read more on IT risk management