Social networking trends expose companies to higher security threats

More than twice as many UK employees are using company networks to access social networking sites compared to last year.

More than twice as many UK employees are using company networks to access social networking sites compared to last year, leading to increased security risks according to Trend Micro.

The security firm found that 27% of UK employees visited social networking sites using company networks in its 2008 survey of corporate end users. This compared with 11% in 2007.

Mobile workers are more likely to visit social networking sites, according to the report. It found that 10% more laptop users visited them than those using desktop computers.

Rik Ferguson, solutions architect at Trend Micro, said this was exposing companies to greater security risks.

"Sites with user generated content, which also include blogs and wikis, provide an easy way to trap users into downloading malicious applications," he said.

In January social networking site Facebook banned the "Secret Crush" third party application after users were tricked into downloading spyware by a promise to identify an admirer.

Trend Micro recently discovered that more than 400 phishing kits were targeting top Web 2.0 sites, which typically contain user-generated content.

"Even some of the most high-profile sites do not always have measures in place to ensure the security of that content, making it easier for cybercriminals to present applications or embed hidden code aimed at stealing user information for profit," said Ferguson.

He said any site that allows user-generated content and does not apply the strictest possible controls is at risk of being exploited by cybercriminals.

The problem is that sites are often reluctant to use controls that may slow down content delivery.

According to Trend Micro's latest threats round-up and forecast, the first six months saw an increase in web threats, but decreases in adware and spyware.

The web threats peaked at 1.5 million in January, representing an increase of around 500,000 from the month before.

An increase in the use of company networks to access web-based e-mail applications is another area of risk, said Trend Micro.

Ferguson said web mail is usually less secure than company e-mail systems because it is vulnerable to browser-based attacks as well as the risks associated with traditional email.

"Unpatched versions of web browsers are the most popular means of infection by web threats," he said. "Flaws are commonly exploited to redirect users to phishing sites."

According to the survey, 45% of the 1,600 end users surveyed in the UK, US, Germany and Japan sent confidential information using web mail. In the UK, 49% of mobile workers said they used web-based mail, which represents an increase of 19% in the past year.

Ferguson said if companies allow access to social networking sites through their corporate networks, they need to ensure the protection they have in place is agile enough to deal with the dynamic threats that are commonly propagated through these sites.

Read more on Hackers and cybercrime prevention