Few companies enforce social networking security policies, says survey

For more Infosecurity Europe 2009 news Get the latest news and interviews from the conference floor. Check out our live coverage of Infosecurity Europe 2009.

The results showed that 63% of respondents were concerned about information being too freely shared on social networking sites, and that a quarter of the businesses represented had been the victim of spam, phishing or malware attacks via sites like Twitter, Facebook, LinkedIn and MySpace.

Yet, according to the survey, nearly half of the companies made no attempt to control usage of those sites, and where social networking policies and controls were in place, the prime motivation was to avoid wasting time. Only 8% blocked social networking for fear of malware, and another 8% said they blocked usage because of data leakage concerns.

Graham Cluley, senior technology consultant at Sophos, noted that LinkedIn, a business-centric social network, was the least of the sites likely to be blocked. "For some reason, it is perceived differently and is most likely to be allowed, even though much of the information in it – such as people joining a new company -- could be used for spear phishing attacks."

Don't miss need-to-know info! Security pros can't afford to be the last to know. Sign up for email updates from SearchSecurity.co.uk and you'll never be behind the curve!

Proper Web filtering should also be in place to prevent users from downloading malware and falling prey to other scams such as phishing, he said.