Social media is now everyone’s business. New research reports that Social media use on corporate networks is up significantly. The Osterman Research found that 36% of corporate employees are using Facebook at work, up from 28% 12 months ago; Twitter use has gone from 11% to 17%; LinkedIn from 22% to 29%. There are many business aspects to social media including IT and security implications of corporate social media use and issues around end users and social media including personal use of social media in the workplace.
The research also highlighted that Malware is rampant in social media. IT and network managers now must manage and secure new network entry points created via the use of social media. Ultimately the more people on social networks the more potential for security issues as a result of successful security attacks. Spam and phishing attacks propagated on social networks can have a devastating consequences for companies.
Among organizations using Facebook, 24% have had malware infiltrate their corporate networks; the figures for Twitter and LinkedIn are 7%. However, a significant proportion of the IT-focused individuals surveyed were simply not sure if they have been the victims of malware via social media or not.
With employees spending an increasing amount of time on social networks, sharing both personal and sometimes unwittingly sensitive company information, the growth in the number of targeted spear phishing attacks tells us that social networks are not only an excellent source of information for cyber criminals but also more often than not the chosen platform by which to propagate. Companies and individual users must do more to protect themselves from these targeted phishing attacks which leave them exposed to the threat of identity theft, bogus offers and malware attacks.
We all know the scenario, an employee visits a social media site from their work PC during their free time and end up picking up malware from a Trojan on the site. It is possible for an executive in any company to fall prey to such a scam, business users are just as susceptible to phishing and malware attacks as consumers, the difference in that in the business environment the stakes can be considerably higher. If the user uses the same password for personal social media site as for your network its double trouble.
Some malware will log keystrokes that monitor computer activity by capturing the keystrokes of user. The information, which could be used to access email accounts, online accounts, bank accounts, and other such information that should not be shared with others is then sent to someone who should not have access to this information.
It is clear that a layered approach to protection is key. Companies need to deploy a variety of tools in an intelligent way to ensure the network is protected both from email and web attacks. From a social networking viewpoint companies need to monitor, manage and control how different individuals use social networks in the workplace as well as providing protection for company data from malware and other internet threats such as viruses, spyware and phishing .
The continued growth of Web 2.0 in the workplace and the proliferation in social spam beckons a new frontier for employee responsibility in the area of network security. A successful corporate phishing scam can lead to financial loss and loss of customer data. Organisations need to remain vigilant and follow proven guidelines such as not clicking on links or attachments in unsolicited emails. User awareness is key and awareness training should be a part of every corporate security program. Social Networks too have a responsibility in preventing successful attacks from happening. It is clear that the implementation and tightening of social spam filters is inevitable if this is to be achieved.
What this research is telling us is that social media in the workplace today is where email was during the mid-1990s: rapidly growing use, but little oversight of or insight into that use. This leaves organizations vulnerable to a wide range of threats, including malware infiltration, data leaks, a failure to archive corporate records posted via social media channels, and other risks that are far more costly than the technologies that could be deployed to protect against them.
Sign-up for email updates...