Social Networking in the Workplace Could Put Corporate Networks in Danger

Just when you thought your business continuity program was doing a great job… a recent Trend Micro survey of corporate end users found that more and more employees are visiting Web 2.0 social networking sites while on the corporate network. The company reported an increase in the number of employees who admit to visiting social networking sites on the Internet while connected to the corporate network.

The study, which surveyed 1,600 corporate end users in the U.S., U.K., Germany and Japan, found that 19 percent (compared to 15 percent in 2007) of respondents across these countries have visited social networking sites. These sites, usually built upon Web 2.0 technologies, are prime targets for cybercriminals and malware authors who exploit their interactive nature and popularity to launch profit-driven, malicious attacks. In addition to social networking sites, blogs, wikis and collaboration tools also use Web 2.0 technologies. According to Trend Micro’s recent Threat Report & Forecast, Web 2.0 threats spiked, in volume, to over 1.5 million a month in January 2008 compared to just over 1.0 million in December 2007.

Throughout the last 6-12 months, Trend Micro research discovered various forms of malware activities within many social networking sites. For example, one popular site was compromised in late 2007 by banner ads that installed malicious files and programs onto a victim’s computer. Other sites were also found to be embedded with codes that redirect users to malicious sites – all in an effort to steal identity and private data. Further, social networking sites can often be a haven for adware and spyware.

The survey found that:

- In the U.K., the percentage of end users who have visited social networking sites while on the company network increased significantly from 11 percent in 2007 to 27 percent in 2008. In Germany, the increase jumped from 9 percent in 2007 to 13 percent in 2008.

- In the U.S., U.K. and Germany, the number of end users who browse social networking sites while on the company network is increasing faster in large companies than in small companies.

- Alternatively, Japanese end users in small companies are more likely to visit social networking sites while on the company network than their counterparts in large companies.

- In the U.S., U.K. and Germany, mobile workers are more likely to visit social networking sites than desktop workers.

- Overall, 45 percent of end users said they have sent confidential information via Web mail, which is the most commonly used Web 2.0 application according to the survey. In Germany, over half of end users have used Web mail to send proprietary corporate information.

- From 2007 to 2008, the percentage of mobile end users who admitted to having sent confidential information via Web mail increased significantly in the U.K. (30 percent in 2007 and 49 percent in 2008) and Germany (51 percent in 2007 and 64 percent in 2008).

- Japanese end users are more likely than end users in other countries to spend more than one hour using Web 2.0 applications on the corporate network or while working remotely.

For additional guidance on Internet security practices see the Information Security Management Handbook on CD.

Sound Information Security policies and procedures are critical to protecting your organization. Information Security Policies Made Easy, by Charles Cresson Wood, is the ‘bible’ for Infosec policies and procedures.

Be Sociable, Share!

• 

Tags: Social Networking, Surveys