Workers Sharing Too Much Information On Social Networks

    April 28, 2009

More than half (63%) of system administrators are concerned that employees share too much personal information on their social networking profiles, putting company infrastructure at risk, according to a new survey by Sophos.

"The initial productivity concerns that many organizations harbored when Facebook first shot to popularity are giving way to the realization that there are more deliberate and malicious risks associated with social networking," said Graham Cluley, senior technology consultant at Sophos.

Sophos Research

"As cybercriminals choose to exploit these sites for nefarious purposes, both innocent users and companies are finding themselves in the firing line. But until users wise up to the dangers, and firms begin to take precautionary measures to combat these threats, then the situation will intensify."

The survey found that although one – third of organizations still consider productivity issues to be the major reason for controlling employee’s access to social networking sites. The threat from both malware and data leakage is becoming more apparent with one in five citing these as their top concerns.

Popular social networks including Facebook, MySpace, LinkedIN and Twitter have all received spam and malware attacks during 2009, all aimed at stealing information or compromising PCs.

One method used by hackers is to compromise accounts by stealing usernames and passwords in order to send spam or malicious links to the victim’s online friends.  Sophos found that one third of respondents have been spammed on social networking sties, while 21 percent have been the victim of targeted phishing or malware attacks.

Sophos says that users will continue to share information inappropriately online. However it does not recommended banning social networking in the workplace.

"The danger is that by completely denying staff access to their favorite social networking site, organizations will drive their employees to find a way round the ban – and this could potentially open up even greater holes in corporate defenses," explained Cluley. "

Let’s not also forget that social networking sites can have beneficial business purposes for some firms too, giving them the chance to network with existing customers and potential prospects."