Social networking threat to businesses

Companies could find confidential data about them posted on social networking sites by employees, experts warned.

Results of a survey by the National Cyber Security Alliance study (NCSA) found that 57 per cent of users of social networking sites such as MySpace divulged critical information about themselves they would not usually reveal. Some experts said that employees could end up putting out secret corporate information in the public domain.

"Employees could potentially see sensitive company data being posted in the public domain without restriction, creating the risk of information ending up in the wrong hands, or customers' and employees' personal data being made publicly available," said James Walker, UK/IRE Product Manager at ZyXEL.

"In addition they could potentially be held liable to prosecution for staff that access information regarding another business through these sites," he said.

Graham Cluley, senior technology consultant at Sophos said that businesses have to take social networking sites very seriously, both from a security and productivity perspective.

"These sites provide an open forum that is accessible worldwide, with few restrictions over what users are allowed to say about their working lives - worse still, if accessed in the office, they represent a potential new avenue for hackers to exploit, in order to gain access to the corporate network," he said.

Others thought that social networking sites provide raw material to spammers and other criminals.

"All the phishing operations targeting MySpace accounts boil down to that: stealing as many account credentials as possible, and using them to post spam-like comments on their friends' pages. Only your "friends" can post a comment on your page, hence the spam-wise value of stolen credentials," said Guillaume Lovet, Manager of Fortinet Technologies' Threat Response Team.

Lovet said that given that social networking was essentially a private matter, it was be difficult and morally questionable for companies to police users outside of work.

"The best thing is to hire responsible employees, and make sure they understand that data related to the company cannot be disclosed, should it be to their concierge, a stranger in a bar, or their personal webpage," he said.

Email to a friend

Print this page