Lancope is warning IT administrators at Global 1000 companies to be aware of the hidden risks to corporate networks because of social networking sites such as Facebook, Twitter and YouTube.
Facebook’s recent 500 million account milestone illustrates the explosive growth of social media technology within the Internet community. The current trend points toward 1 billion accounts within 12 months.
“Organizations must consider what Facebook, Linkedin, Twitter, blogs, and other social media mean to them, form a social media policy, and educate their users,” said Adam Powers, CTO, Lancope. “Access to social media networks such as Facebook and Linkedin have proven benefits such as improved moral, collaboration and administrative efficiency. Unfortunately in some organizations the risks could outweigh the value.”
IT administrators should be aware of the following productivity and security issues associated with social networking sites such as Facebook:
1. Workplace productivity issues – Facebook Chat and games such as Mafia Wars and Farmville can add up to huge losses in worker productivity if abused. Corporations must adopt a policy on the use of social networking applications, tracking user access and blocking certain sites deemed high-risk. Once a social media policy is established, make sure to educate users on what the policy means to their daily lives.
2. Phishing – Attackers can leverage personal information found on social networking sites to coax victims into giving away confidential or proprietary corporate information. Again, education is the best defense against social engineering attacks through social media.
3. Flash-based vulnerabilities in games – Web 2.0 technology has led to an amazingly rich and unfortunately fragile world of games and Web-based apps – many of which run in Facebook’s social media platform. Attack vectors in enabling technology such as Flash have led to multiple incidents over the last few years. Regardless of whether workers are using Flash-based games in the office or at home, if they use a wireless device to access a corporate network and social networking applications, then they are putting their company at risk. A policy against Flash-based gaming and a rigid patch management process pay off well here.
4. Information leakage – Corporations need to reinforce their policies on proprietary information disclosure into the social media meta-space. Ensuring private company information or SEC regulated information doesn’t make its way into the public’s hands is a must.
5. Network impact – Organizations with large concentrations of users can see a significant network impact from excessive use of social media, especially YouTube and Facebook. The clicky nature of Facebook games leads to many concurrent connections active from each user which leads to memory and bandwidth consumption across the network. A balance needs to be struck between workers using social networking applications for work and/or for personal use. Firewall, proxy log and NetFlow logs are excellent tools for measuring the impact from social media usage.