Millions of people have a personal online profile; they share photos, news and gossip with friends, spend hours updating
their details and adding new friends. Welcome to social networking and the world of Facebook, MySpace and
What makes social networking on the Internet so popular is the power it gives individuals to create, maintain and expand
any number of networks to include family, close friends and people who share a similar interest, profession or hobby.
The growing popularity of Facebook, for example, has encouraged corporate marketing teams to explore the opportunities to
be had by having a corporate profile; using their employees contacts for sales and marketing, effectively creating a snowball
effect as the corporate message is passed from one network to another. These sites give them a direct route to targeted
groups of individuals with similar interests and, most importantly, it’s free.
There is no doubt that Facebook and other social networking sites have potential for commercial use but to what extent should organizations or
businesses allow social networking at work? What are the concerns? Should employees have access to
Facebook, LinkedIn and other social networking sites when they are supposed to be working?
Social networking sites are the root of four problems.
Loss of productivity: According to a study by information security consultancy Global Secure Systems and the
organizers of the Infosecurity Europe trade show, the use of such sites is costing U.K. business an estimated $12.5 billion
per year in terms of reduced output. Another study showed that employees spend at least 30 minutes a day visiting these sites
with some employees spending up to three hours of their working day taking care of their online profile.
Impact on network resources as bandwidth is consumed: In smaller organizations, unnecessary browsing, uploading
to and downloading of files from social networking sites can eat up bandwidth thus affecting network resources.
Social engineering and phishing: This can result in data or identity theft. Most people would not divulge certain
details to strangers but it is amazing what data can be gleaned from social networking sites—personal e-mail addresses
and even social security numbers!
Sites are attractive to hackers and spammers: Social networking sites are
attracting hackers armed with malware of all kinds: spyware, viruses and online scams. Hundreds of applications being
developed for these sites are used as launch pads of malware such as Trojans.
What can businesses do?
There are three options.
- Ban access to social networking sites (in an extreme case—block all Internet connectivity).
- Allow employees unrestricted access, confident that they will only use it during their lunch break and they will not
download material on to the network.
- Monitor and limit staff access to these types of sites, including general Internet browsing and
Banning internet access outright is
obviously counterproductive while allowing uncontrolled Web browsing is tantamount to leaving the front door to one’s
house open with the key in the lock.
The middle ground monitors all Web activity and controls it on a per user basis when social networking sites can be
accessed at the office. Administrators can use Web monitoring software to block access during most of the day except during
the staff lunch break or before and after normal office hours. The same software can be used to ensure that any files
downloaded or links accessed online are checked in real time for exploits, malware and viruses.
If a company wants to make use of a social networking profile for marketing purposes, access should be given to those who
will be updating the profile and all content should be monitored to ensure it is appropriate. Running third party
applications should be discouraged.
Education also is important. If an organization wants its employees to be given restricted access to their social
networking profile, it must be made clear to them that they need to be vigilant, avoid clicking on links that are suspicious,
refrain from downloading files or applications that may be infected, and limit what details they add to their
profile—details that could be used to steal identities and commit fraud.
Hackers are attracted to social networking sites because they see the potential to commit fraud and launch spam and
malware attacks. Organizations, on the other hand, need to be made aware of the security risks involved and take the steps
necessary to safeguard their systems and data yet allow the company to make the most of what the Internet and social
networking have to offer.
David Kelleher is communications and research analyst at GFI.