Risk
10/28/2008
02:20 PM
Keith Ferrell
Keith Ferrell
Commentary
50%
50%

Social Networking Growth Grows Business Risks Too

We've said it before but it bears repeating: social networking can be a valuable business tool. Whether or not you use social networks for work, your employees are using them at work, and the risk of data breaches and other security incidents is growing along with their use.

We've said it before but it bears repeating: social networking can be a valuable business tool. Whether or not you use social networks for work, your employees are using them at work, and the risk of data breaches and other security incidents is growing along with their use.A new survey from FaceTime Communications finds that the more your employees and staff use social networks, the more likely your business is to face security issues.

79 percent of the more than 500 IT professionals (half of them at small and midsized businesses with fewer than 1.000 employees) queried reported that employees used social networks such as Facebook or LinkedIn for business purposes, with 82 percent reporting that employees used social networks for personal purposes at work. (The survey also covered Web-based applications, with equally high or higher employee usages figures found.)

No surprises there, really, but the survey also found that companies whose overall social networking use had increased over the past six months also saw a sharp increase in the number of security incidents requiring IT involvement each month.

Perhaps most telling is the number of employees using social nets (and Web-based applications )for personal reasons even though such use is a direct violation of company policy.

I've written before about the trend toward the sense of digital entitlement many employees feel; Face Time's findings both quantify and reinforce that sense.

Dealing with employee use of company equipment and network access for personal reasons, regardless of company policy, is an issue that continues to grow and will, I think loom large as perhaps the leading security issue of the next few years.

The complete Face Time Report, "The Collaborative Internet: Usage Trends, Employee Attitudes and IT Impacts" is here. The company's fourth annual such survey, links to earlier reports can be found at the end of the report, making for fascinating, sobering comparative reading.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, January 2015
To find and fix exploits aimed directly at your business, stop waiting for alerts and become a proactive hunter.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7402
Published: 2014-12-17
Multiple unspecified vulnerabilities in request.c in c-icap 0.2.x allow remote attackers to cause a denial of service (crash) via a crafted ICAP request.

CVE-2014-5437
Published: 2014-12-17
Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote management via a request to remote_management.php,...

CVE-2014-5438
Published: 2014-12-17
Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allows remote authenticated users to inject arbitrary web script or HTML via the computer_name parameter to connected_devices_computers_edit.php.

CVE-2014-7170
Published: 2014-12-17
Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service.

CVE-2014-7285
Published: 2014-12-17
The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.