Few companies enforce social networking security policies, says survey

Article

Few companies enforce social networking security policies, says survey

Ron Condon, U.K. Bureau Chief
Employees are sharing too much personal information on social networking sites, and putting their corporate infrastructure and data at risk as a result, according to an online poll conducted by antimalware security company Sophos Plc.

    Requires Free Membership to View

    Login

    SearchSecurity.co.UK members gain immediate and unlimited access to breaking UK industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.co.UK today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.co.uk you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.co.uk is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

For more Infosecurity Europe 2009 news

Get the latest news and interviews from the conference floor. Check out our live coverage of Infosecurity Europe 2009.
The company ran the survey in February and received responses from 706 system administrators.

The results showed that 63% of respondents were concerned about information being too freely shared on social networking sites, and that a quarter of the businesses represented had been the victim of spam, phishing or malware attacks via sites like Twitter, Facebook, LinkedIn and MySpace.

Yet, according to the survey, nearly half of the companies made no attempt to control usage of those sites, and where social networking policies and controls were in place, the prime motivation was to avoid wasting time. Only 8% blocked social networking for fear of malware, and another 8% said they blocked usage because of data leakage concerns.

Graham Cluley, senior technology consultant at Sophos, noted that LinkedIn, a business-centric social network, was the least of the sites likely to be blocked. "For some reason, it is perceived differently and is most likely to be allowed, even though much of the information in it – such as people joining a new company -- could be used for spear phishing attacks."

Don't miss need-to-know info!
Security pros can't afford to be the last to know. Sign up for email updates from SearchSecurity.co.uk and you'll never be behind the curve!
Cluley advised companies to monitor usage of social networking sites, and to put in some controls or policies, for instance limiting usage to break times for some workers, and giving access outside those hours only to those who need it for their work.

Proper Web filtering should also be in place to prevent users from downloading malware and falling prey to other scams such as phishing, he said.