Social networking threat to businesses
By Rene Millman,
Companies could find confidential data about them posted on social networking sites by employees, experts warned.
Results of a survey by the National Cyber Security Alliance study (NCSA) found that 57 per cent of users of social networking sites such as MySpace divulged critical information about themselves they would not usually reveal. Some experts said that employees could end up putting out secret corporate information in the public domain.
"Employees could potentially see sensitive company data being posted in the public domain without restriction, creating the risk of information ending up in the wrong hands, or customers' and employees' personal data being made publicly available," said James Walker, UK/IRE Product Manager at ZyXEL.
"In addition they could potentially be held liable to prosecution for staff that access information regarding another business through these sites," he said.
Graham Cluley, senior technology consultant at Sophos said that businesses have to take social networking sites very seriously, both from a security and productivity perspective.
"These sites provide an open forum that is accessible worldwide, with few restrictions over what users are allowed to say about their working lives - worse still, if accessed in the office, they represent a potential new avenue for hackers to exploit, in order to gain access to the corporate network," he said.
Others thought that social networking sites provide raw material to spammers and other criminals.
"All the phishing operations targeting MySpace accounts boil down to that: stealing as many account credentials as possible, and using them to post spam-like comments on their friends' pages. Only your "friends" can post a comment on your page, hence the spam-wise value of stolen credentials," said Guillaume Lovet, Manager of Fortinet Technologies' Threat Response Team.
Lovet said that given that social networking was essentially a private matter, it was be difficult and morally questionable for companies to police users outside of work.
"The best thing is to hire responsible employees, and make sure they understand that data related to the company cannot be disclosed, should it be to their concierge, a stranger in a bar, or their personal webpage," he said.
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
What is your password worth?
Would you be tempted to sell off company passwords for a fee? If not, seems like you're in the minority, acccording to research.
- Macs under attack?
- Intel: security inside
- Are you spending too much on IT security?
- Does the government want to snoop on your data?
- Eurocrats versus the cyber criminals
- The truth about spam
- Google and privacy: What’s the problem?
- Q&A: Symantec’s CISO on the source code hack
- RSA: Back from the breach?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- Apple iPad 3 vs iPad 2 head-to-head review
- Hutchison denies it will pull plug on Three UK
- EMC World 2012: Tucci declares Documentum is here to stay
- ICO: Fines for cookie law breakers
- EMC World 2012: EMC talks up cloud, security and big data
- Dell PowerEdge R820 review
- Sony Vaio T13 Ultrabook review: First look
- BlackBerry 7 OS certified to carry 'Restricted' UK government information
- Facebook floatation marred by Nasdaq glitch
- CIO: Career is over?
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
