In Cisco‘s Mid-Year Security Report, the company cites research finding that 50% of end users admitted to accessing social media tools at work, in spite of company rules, at least once a week. Another 27% have changed the settings on a company device to access prohibited sites or applications. The report notes the security risks, and potential for lost productivity, Facebook and other social media sites present, but doesn’t recommend enterprises block social media sites entirely.
Citing both worker morale and the potential to use the tools for work-related activities, Cisco recommends better security education and social media policies in the work place instead of technical restrictions that employees would likely route-around anyway.
“If enterprises respond to this threat by banning all access to social networking sites, they may damage workers’ ability to collaborate and communicate in a changing business environment,” the report states. Interestingly, Cisco notes that the cybercriminals security managers may be trying to protect their companies from are early adopters of social media technology. For example, a social networking based market for buying and selling stolen credit card information was discovered in Russia.
Cisco suggests companies establish explicit security policies and create and distribute a security handbook. “Too often, C-level executives are allowed to label security as ‘IT’s problem.’ But in the enterprise, security is everyone’s problem,” the report says.
Only 1/7 of the companies participating in one study Cisco conducted have established formal processes for the use of social networking tools in the enterprise, and only 1/10 said their IT departments had direct involvement in social media initiatives.
The report suggests that, at minimum, enterprises implement a process for employees to address social media related questions to the right decision makers so that errors that impact security might be avoided. (See also Error and Accuracy in the Read/Write Enterprise)
The stakes are high: Last year, in the total losses linked to online fraud jumped to $559.7 million from $265 the year before.
Cisco ends the report with five suggestions for improving enterprise security:
1. Close Gaps in Situational Awareness. “Most enterprises are simply not
aware of the totality of their network.”
2. Focus First on Solving “Old” Issues–and Doing It Well “Software updating and patching is a good place for many organizations to begin making improvements.”
3. Educate Your Workforce on Security–and Include Them in the Process “Target C-level executives and other VIPs for extensive education, as they are prime targets for phishing and social engineering schemes.”
4. Understand That One Security Border Is No Longer Enough “Business is becoming ‘borderless,’ and so, too, is the network, which means there are multiple borders to protect… and they are constantly changing.”
5. View Security as a Differentiator for Your Business “How an enterprise approaches security and responds to trends such as social networking and mobility can have a direct impact on its ability to hire and retain talent.”
Cisco’s research on social media use in the enterprise is consistent with research conducted by other companies, such as firewall vendor Palo Alto Networks, whose own report we covered last year. Palo Alto offers some intriguing alternatives to outright blocking Facebook – the company allows administrators to block only applications, or make the site read-only.
What do you think? Does it make more sense to block Facebook than try to deal with the security issues it poses or should enterprises embrace it?
Image Credit: Massimo Barbieri