The need for secure use of social networking applications while at work is something that I have discussed regularly. PricewaterhouseCoopers (PwC) has just released a study which reveals that only 32 per cent of firms monitor their employees’ use of social networking sites, a figure which is dismal enough, but when you consider that PwC also noted that only 31 per cent of UK firms would be spending more money on data security you would be forgiven for wondering if these businesses take their network security seriously at all.
There is often a business case for allowing social network use at work. These sites are increasingly being used for business purposes and so blocking them may not be the answer for everyone. But businesses should only allow access to these sites if they have the safeguards in place. Social networking can be great for communicating over long distances and at great speed, but viruses and Trojans can be sent, received and installed on your network with similar immediacy.
If the ever-growing list of social networks and applications undergo no real scrutiny from businesses the breach in the defences of corporate networks will come under even greater assault as hackers, phishers and fraudsters exploit employees to take control of business networks. Businesses need to be investigating how they can protect themselves from existing threats from social networks, and ensuring that they are defended against new threats as and when they arise.
Then there are attacks on the applications that allow us to make and receive voice and video calls online. Toll fraudsters use Session Initiation Protocol – or SIP – (which many networks use to control multimedia activity) to defraud businesses out of huge sums of money.
Many businesses wrongly assume that they must be protected from such fraudulent activity because they have locked down their IP private branch exchange to their SIP provider, but all this does is effectively ‘out source’ their security posture to the SIP trunk provider whose attitude to security is very likely to very different to their own. (Those in any doubt over the extent of toll fraud need only look at the $55 million toll fraud ring that was shut down by the US government in June 2009).
In short, the threat from social networks and applications is growing and businesses know it. The difficulty seems to be in persuading those in the boardroom that the risk the business is being exposed to is worth investing in strong and flexible data security solutions. With the FSA handing out increasingly large fines and the ICO being given not just fines of up to £500k but also the ability to jail those responsible, it is probably time to look anew at security to ensure companies are safe.