Social networking security is a people issue

For the corporate body of knowledge, social networking sites can be a leech - is your health and safety record with HR or YouTube is appraisal information best gleaned from FaceBook?

Social networking sites are enticing and offer a glamorous opportunity for self-publicity, writes Daniel Dresner, head of standards at the National Computing Centre. They can add a new angle of interest to make the otherwise mundane seem entertaining.

But for the corporate body of knowledge they can be a leech - is your health and safety record with HR or YouTube is appraisal information best gleaned from FaceBook? They can take over from the correct repository of information and leave data in an untested, outsourced repository where the owner has no guaranteed control.

Then the content of the information must be measured, with millions of online Gerald Ratners making remarks that may seem witty at midnight but wipe confidence off the shares in daylight. Or is that a carefully planned marketing campaign collapses as someone mentions their work on their blog and announces the new product to the world before you have time to get that lead on your rivals?

It is an enticing technology but few of the associated risks are really technology problems. It is no different from that old managerial adage of "less gob, more job". And heavy handed bans are unlikely to mitigate the risks. You may curtail the workplace access, but you cannot control the cybercafe or home PC without instilling staff with a risk-literate attitude.

If it is not your job to update a social networking site, you are stealing from your employer if you do it during working hours. With quick checks and small updates, you will find yourself like Oscar Wilde - resisting everything but temptation. You may have intended it to be a five-minute break an hour ago

I was recently involved with the Getsafeonline roadshow. About half of those who tried to brush me off with "I never use the internet" were attracted to the leaflet when I pointed out that their friends and family may be posting information about them in blogs or social network sites.

What consideration do people give to the consequences of publishing holiday photographs or personal information on a Web 2.0 social network? What is posted is rarely deleted - even if you thought it had been removed.

Read more expert advice from the Computer Weekly Security Think Tank >>

Read more on IT risk management