28/10/2010

By David Kelleher, Communications and Research Analyst at security software vendor, GFI

Millions of people are members of one or more social networks. Give them access to the Internet and they will spend the next hour checking their email, their Facebook profile, their MySpace webpage, updating their Twitter account and their LinkedIn account.

If you own a business would you want your employees to be so keen on social networking that they could be spending unacceptably long periods of time online and chatting? No. Do you ban social networking and how? What are the options? David Kelleher looks at the security issues associated with social networking and advises companies on the best way to maintain a level of control within a business and reduce the potential risks.

Encourage dialogue about, not on, social networking sites

In today’s networked world, it is impossible to isolate a business because of social networking sites. Despite the concerns, there are steps a business can take to allow social networking in the office and still maintain a level of control, the most basic being restricting access to the Internet for employees to during lunch breaks and before and after working hours commence. This can easily be done using Internet monitoring and filtering software, but if you do have to deny a privilege or block a site, make sure users understand why.

Most employees are unaware of the amount of time they spend on social networking sites, or the security risks associated with this. It is important to teach users about web-based threats and encourage them to speak up if something looks odd or out of place. Convert them from trusting to being suspicious of outside requests to install or uninstall an application; encourage them to call the help desk; make sure they understand that social networking sites are havens for criminals and malware; provide them with security best practices that they can use on their home computers too. All these together will reinforce the online safety message.

Write it into law

Most organisations have a specified set of rules in place that are usually spelled out in the staff handbook, that an employee has to acknowledge by signature that he or she has understood. All policies include a set of sanctions that can be used against employees who violate the company’s policies. To safeguard its electronic communications, every company should have an Acceptable Use Policy in place that governs the Internet, email and computer use in the business. The policy should also detail the consequences that company personnel can expect to face for the abuse of this technology.

A wary eye

There are still a percentage of employees who do not understand the message, lack the necessary computer skills to adhere to them or simply choose to disregard them for a variety of reasons. The losses to productivity, exposure to security breaches and liability can be extensive. In circumstances such as this, web monitoring can provide a powerful solution.

Internet monitoring is a general term for protecting a company from web threats through the use of software to achieve control of Internet use of the organisation by blocking specific sites, filtering against keywords, preventing downloads in general or specific file types and logging sites an employee visits.

None of this alone, or in tandem will stop malware. In fact nothing may ever provide a total solution. However, if an organisation chooses to deploy some or even all of these, these methods will go a long way to helping a company form a comprehensive security strategy.