Apathetic attitudes to security when using social networking sites

By Scott McKinnel*
Monday, 01 November, 2010


New research by Check Point and the Ponemon Institute has revealed nearly half of Australian employees rarely or never consider security issues when engaging in social networking sites, downloading internet applications, opening links or video streaming. This apathetic attitude can put organisations at severe risk, particularly as Web 2.0 presents increasingly sophisticated threats. It’s time employees took responsibility for their actions in the workplace.

Some have cited the buzz around Web 2.0 as reminiscent of the dot com boom in the '90s; but make no mistake: social media is here to stay and so are the threats that come with it. The second generation of the World Wide Web sees a more interactive internet experience that allows us to tag photos, create personalised Google Maps and interact with hundreds of other users. And just as with the early days of any new tech phenomenon, protection tends to be an afterthought.

It makes sense that with this sophisticated interactive experience come increasingly advanced threats using Web 2.0 as their channel. The Secure Enterprise 2.0 Forum released its 2009 industry report earlier this year, which assessed the Top 8 Web 2.0 security threats and the vulnerabilities that Web 2.0 can bring into a business environment. Insufficient authentication, information leakage and phishing (not only limited to Web 2.0) are amongst the top threats.

These findings support Check Point’s Web 2.0 survey conducted this year with the Ponemon Institute, a leading privacy and information security research firm. The multinational study surveyed 2100 IT and security practitioners located in the UK, US, Australia, France and Japan, 400 of which were surveyed in Australia. The Ponemon research focused on Web 2.0 security in the workplace and also highlighted that data leakage was a major concern for IT practitioners.

What is worrying is that the research also found that 48% of Australian IT practitioners believe corporate employees rarely or never consider security issues when downloading internet applications, web browsing, opening links, video streaming, utilising peer-to-peer (P2P) file sharing sites and engaging in social networking sites.

This is a disturbingly high statistic when you consider that employees are at the coal face of these threats, essentially the blockade which decides whether or not to let these threats infiltrate our organisations and nearly half do not consider these threats. In addition to data loss, workplace productivity, viruses and malware were also cited as top concerns of using new internet applications in the workplace.
More than ever, businesses are struggling to keep up with the security challenges that the shifting internet environment presents. It’s no longer just a matter of simply blocking IP addresses, ports and protocols, it’s a matter of keeping up to date with the tens of thousands of applications currently available on the web and knowing what risks they contain.

The use of social media is increasing at a rapid rate in the workplace: marketing departments are incorporating Twitter and Facebook into their strategies as par for the course, HR practitioners use LinkedIn as a tool to source new hires and company wikis are built as a go-to information portal for employees. Any of this sound familiar? Regardless of company size, one or more of these examples would apply to your organisation and so do the associated risks.

Protecting against Threats 2.0

It is crucial that the mindset of employees starts to shift and this will only happen through a combination of educating employees about security risks and implementing a Web 2.0 application control platform that will identify, allow, block or limit the usage of thousands of applications so as to provide protection against increasing threat vectors and malware. This system needs to engage employees in the decision-making process so they are asked about Web 2.0 risks in real time and learn how to identify potential threats.

Flexibility is key

Because each department is unique in its day-to-day requirements, flexibility is key to managing the risks associated with Web 2.0 across the organisation.

A system which allows the organisation to define and set usage policies according to the needs of different departments is ideal. As previously mentioned, the marketing department would need to access a whole host of Web 2.0 apps, while the finance department may only need to mid-month or at the end of the month, or perhaps an organisation will decide to crack down on workplace productivity, only allowing employees to access Facebook during the lunch hour.

While The Web 2.0 Security in the Workplace survey revealed that almost half of Australian employees do not consider risks when using Web 2.0, it also highlighted a reassuring statistic: that organisations recognise the issues with Web 2.0 use in the enterprise and, fortunately, are making it a priority. Remember, education and a customisable approach are key when protecting your organisation against these threats.

*Scott McKinnel, Regional Director ANZ, Check Point Software Technologies

Related Articles

Is the Australian tech skills gap a myth?

As Australia navigates this shift towards a skills-based economy, addressing the learning gap...

How 'pre-mortem' analysis can support successful IT deployments

As IT projects become more complex, the adoption of pre-mortem analysis should be a standard...

The key to navigating the data privacy dilemma

Feeding personal and sensitive consumer data into AI models presents a privacy challenge.


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd