February 23, 2009, 10:50 AM — Millions of people have a personal online profile; they share photos, news and gossip with friends, spend hours updating their details and adding new friends. Welcome to social networking and the world of Facebook, MySpace and Bebo.
What makes social networking on the Internet so popular is the power it gives individuals to create, maintain and expand any number of networks to include family, close friends and people who share a similar interest, profession or hobby.
The growing popularity of Facebook, for example, has encouraged corporate marketing teams to explore the opportunities to be had by having a corporate profile; using their employees contacts for sales and marketing, effectively creating a snowball effect as the corporate message is passed from one network to another. These sites give them a direct route to targeted groups of individuals with similar interests and, most importantly, it's free.
There is no doubt that Facebook and other social networking sites have potential for commercial use but to what extent should organizations or businesses allow social networking at work? What are the concerns? Should employees have access to Facebook, LinkedIn and other social networking sites when they are supposed to be working?
The concerns
Social networking sites are the root of four problems.
Loss of productivity: According to a study by information security consultancy Global Secure Systems and the organizers of the Infosecurity Europe trade show, the use of such sites is costing U.K. business an estimated $12.5 billion per year in terms of reduced output. Another study showed that employees spend at least 30 minutes a day visiting these sites with some employees spending up to three hours of their working day taking care of their online profile.
Impact on network resources as bandwidth is consumed: In smaller organizations, unnecessary browsing, uploading to and downloading of files from social networking sites can eat up bandwidth thus affecting network resources.
Social engineering and phishing: This can result in data or identity theft. Most people would not divulge certain details to strangers but it is amazing what data can be gleaned from social networking sites--personal e-mail addresses and even social security numbers!
Sites are attractive to hackers and spammers: Social networking sites are attracting hackers armed with malware of all kinds: spyware, viruses and online scams. Hundreds of applications being developed for these sites are used as launch pads of malware such as Trojans.
What can businesses do?
There are three options.
1. Ban access to social networking sites (in an extreme case--block all Internet connectivity).
2. Allow employees unrestricted access, confident that they will only use it during their lunch break and they will not download material on to the network.
3. Monitor and limit staff access to these types of sites, including general Internet browsing and downloading.
Banning internet access outright is obviously counterproductive while allowing uncontrolled Web browsing is tantamount to leaving the front door to one's house open with the key in the lock.
The middle ground monitors all Web activity and controls it on a per user basis when social networking sites can be accessed at the office. Administrators can use Web monitoring software to block access during most of the day except during the staff lunch break or before and after normal office hours. The same software can be used to ensure that any files downloaded or links accessed online are checked in real time for exploits, malware and viruses.
If a company wants to make use of a social networking profile for marketing purposes, access should be given to those who will be updating the profile and all content should be monitored to ensure it is appropriate. Running third party applications should be discouraged.
Education also is important. If an organization wants its employees to be given restricted access to their social networking profile, it must be made clear to them that they need to be vigilant, avoid clicking on links that are suspicious, refrain from downloading files or applications that may be infected, and limit what details they add to their profile--details that could be used to steal identities and commit fraud.
Hackers are attracted to social networking sites because they see the potential to commit fraud and launch spam and malware attacks. Organizations, on the other hand, need to be made aware of the security risks involved and take the steps necessary to safeguard their systems and data yet allow the company to make the most of what the Internet and social networking have to offer.
David Kelleher is communications and research analyst at GFI.
