Social networking in the workplace may endanger corporate networks

Trend Micro reported an increase in the number of employees who admit to visiting social networking sites on the Internet while connected to the corporate network, according to the results of a Trend Micro study that explores corporate computer users’ perceptions of and experiences with security threats.

The study, which surveyed 1600 corporate end users in the U.S., U.K., Germany and Japan, found that 19 percent (compared to 15 percent in 2007) of respondents across these countries have visited social networking sites. These sites, usually built upon Web 2.0 technologies, are prime targets for cybercriminals and malware authors who exploit their interactive nature and popularity to launch profit-driven, malicious attacks. In addition to social networking sites, blogs, wikis and collaboration tools also use Web 2.0 technologies. According to Trend Micro’s recent Threat Report & Forecast, Web 2.0 threats spiked, in volume, to over 1.5 million a month in January 2008 compared to just over 1.0 million in December 2007.

Throughout the last 6-12 months, Trend Micro threat research analysts have discovered various forms of malware activities within many social networking sites. For example, one popular site was compromised in late 2007 by banner ads that install malicious files and programs onto a victim’s computer. Other sites were also found to be embedded with codes that redirect users to malicious sites – all in an effort to steal identity and private data. In addition, social networking sites can often be a haven for adware and spyware.

The survey found that:

• In the U.K., the percentage of end users who have visited social networking sites while on the company network increased significantly from 11 percent in 2007 to 27 percent in 2008. In Germany, the increase jumped from 9 percent in 2007 to 13 percent in 2008.
• In the U.S., U.K. and Germany, the number of end users who browse social networking sites while on the company network is increasing faster in large companies than in small companies.
• Alternatively, Japanese end users in small companies are more likely to visit social networking sites while on the company network than their counterparts in large companies.
• In the U.S., U.K. and Germany, mobile workers are more likely to visit social networking sites than desktop workers.
• Overall, 45 percent of end users said they have sent confidential information via Web mail, which is the most commonly used Web 2.0 application according to the survey. In Germany, over half of end users have used Web mail to send proprietary corporate information.
• From 2007 to 2008, the percentage of mobile end users who admitted to having sent confidential information via Web mail increased significantly in the U.K. (30 percent in 2007 and 49 percent in 2008) and Germany (51 percent in 2007 and 64 percent in 2008).
• Japanese end users are more likely than end users in other countries to spend more than one hour using Web 2.0 applications on the corporate network or while working remotely.