Social networking threat to businesses
By Rene Millman,
Companies could find confidential data about them posted on social networking sites by employees, experts warned.
Results of a survey by the National Cyber Security Alliance study (NCSA) found that 57 per cent of users of social networking sites such as MySpace divulged critical information about themselves they would not usually reveal. Some experts said that employees could end up putting out secret corporate information in the public domain.
"Employees could potentially see sensitive company data being posted in the public domain without restriction, creating the risk of information ending up in the wrong hands, or customers' and employees' personal data being made publicly available," said James Walker, UK/IRE Product Manager at ZyXEL.
"In addition they could potentially be held liable to prosecution for staff that access information regarding another business through these sites," he said.
Graham Cluley, senior technology consultant at Sophos said that businesses have to take social networking sites very seriously, both from a security and productivity perspective.
"These sites provide an open forum that is accessible worldwide, with few restrictions over what users are allowed to say about their working lives - worse still, if accessed in the office, they represent a potential new avenue for hackers to exploit, in order to gain access to the corporate network," he said.
Others thought that social networking sites provide raw material to spammers and other criminals.
"All the phishing operations targeting MySpace accounts boil down to that: stealing as many account credentials as possible, and using them to post spam-like comments on their friends' pages. Only your "friends" can post a comment on your page, hence the spam-wise value of stolen credentials," said Guillaume Lovet, Manager of Fortinet Technologies' Threat Response Team.
Lovet said that given that social networking was essentially a private matter, it was be difficult and morally questionable for companies to police users outside of work.
"The best thing is to hire responsible employees, and make sure they understand that data related to the company cannot be disclosed, should it be to their concierge, a stranger in a bar, or their personal webpage," he said.
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
Who to trust after the VeriSign hack?
Davey Winder questions what data was stolen from VeriSign and wonders why the company hasn't been more forthcoming.
- Striving to solve the security skills crisis
- Would you employ a hacker or malware writer?
- Q&A: Raj Samani, CTO McAfee
- Erase and rewind: the EU and privacy
- My email address is [CENSORED]
- Is there such a thing as a secure tablet?
- 2011: The year in news
- BYOD: Old or new, good or bad?
- Are the cookie laws crumbling already?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- Will someone rid me of these troublesome Macs?
- Head to Head: Mac OS X 10.7 Lion vs Windows 7
- Head to Head: Office 2010 vs Open Office 3.1
- Nokia Lumia 710 review
- Virgin 100Mbps rollout 'ahead of schedule'
- BT considering Ofcom price cap appeal
- A data shock warning for Orange customers
- Cisco announces 40GbE and 100GbE switching upgrades
- T-Mobile announces 'UK's first' fully unlimited deals
- BT announces FTTP 'on demand'
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
