Networking sites Twitter and Facebook are two of the fastest growing Web 2.0 collaboration applications in the world. And, where they once kept a younger generation of technology-fluent "generation Ys" (Gen Y) up late at night, they are now causing sleepless nights for IT management around the world because of the security holes they represent, Gerhard Eschelbeck, chief technology officer at Webroot.
Over the past decade, many fundamental business activities - marketing, advertising, customer support, sales transactions - have become web-dependent. At the same time, the web is now considered the number one delivery mechanism for malware.
This poses a significant security challenge to companies around the world due to adoption of Web 2.0 technology (blogs, video, wikis, internet messaging, social networking sites, RSS feeds and similar elements) - the communication tools of choice for Gen Y.
In the next 10 years, 71 million Gen Y (18-30 years old) will enter the workforce with their favored tools for communication, researching and collaborating. In a recent survey by Blessingwhite of employees in the UK and Ireland, 23% of Gen Y employees felt that they were fully engaged and taking pride in helping the organisation achieve its goals when they felt it was aligned with their own values, goals and aspirations. This alignment is the best method for achieving sustainable employee engagement.
There are a number of social software tools that IT managers can comfortably deploy within their enterprise network like Microsoft SharePoint and IBM Lotus Connections, but they don't compare with Web 2.0 sites like Facebook. The latest ComScore data show that Facebook's 90 million user network grew 153% last year globally and over 303% in Europe where the site recorded 37 million unique visitors in June alone.
Gen Y depends on social-networking to organise their lives and interact with colleagues. Blocking access or using URL filtering alone is not the answer - a restrictive corporate environment will not appeal to bright new college graduates and they don't fully answer the problem.
With 85% of all threats coming from the Web, and at least five percent of heavily trafficked "trusted" web sites now harboring malware, URL filtering systems and blocking alone can't begin to protect a network since they can't detect or stop malware or phishing attacks.
In a recent exploit, Facebook users received a post on their "wall" to view a video. Viewers were then redirected to a fake Google site with a message telling them to download a viewer. The payload was actually a Trojan horse that downloaded spyware and keyloggers.
According to Gartner, almost 50% of companies do not block access or monitor this type of activity on social networking sites. With this type of web threat, IT departments are struggling to clean up malware pouring through gaping security holes, let alone preventing data breaches, monitoring policy and employee productivity, and minimising corporate liability to objectionable content.
What IT managers can do
- Only block social-networking or web sites after careful review (from Legal and HR) where there is significant corporate risk that can't be mitigated any other way
- Employ a dynamic, perimeter web security solution that can filter inbound pages for spyware and viruses; provides URL filtering for known inappropriate sites (sexual content, violence, etc.); support outbound data leak prevention by content scanning; and responds instantly to changing threats
- Work with HR and legal to update employee guidelines to support acceptable Internet use, policies and guidelines
- Train users on the hazards of indiscriminate use of social-networking and Web sites
- Protect mobile laptop users.
What employees should do
- When using personal web mail accounts, do not click on links in your email
- When visiting social networking sites, do not download applications without checking on the vendor
- Don't download videos without proper security against spyware and viruses
- Don't post your profile on a public social networking site if it identifies your employer and it can have a negative impact on the company's reputation.
- Ensure your antispyware and antivirus protection is up to date and that your personal data is protected using a secure online backup system.
Webroot is exhibiting at Infosecurity Europe 2009 on 28-30 April 2009 at Earls Court, London.