Is 'Social' Security an Oxymoron?

Social networking sites are a key vector for potentially compromising your online security in the workplace, a new study shows. Sadly, these threats are likely to continue to grow in frequency and severity as more businesses see the value of such sites and eliminate total bans on their employees accessing them during the work day.

The number of malware, phishing and spam attacks on social networks such as Facebook and Twitter by scammers and cybercriminals continued to rise through 2010, according to a 2011 security threat report prepared by Sophos, an information technology security and data protection company.

Researchers found that 4 in 10 social networking users they surveyed had been sent malware such as worms via social networking sites — a 90 percent increase since the summer of 2009. And two-thirds of users reported that they had been spammed through social networking sites, more than double the proportion less than two years ago.

“Rogue applications, clickjacking, survey scam — all unheard of just a couple of years ago, are now popping up on a daily basis on social networks such as Facebook,” said Graham Cluley, a senior technology consultant at Sophos.

Total workplace bans on accessing social networking sites are increasingly becoming a thing of the past as more firms recognize the value such sites can bring in raising brand awareness and delivering social media marketing campaigns.

“If your business isn’t on Facebook, but your competitors are, you are going to be at a disadvantage,” Cluley said. “But you have to be aware of the risk and secure your users while they’re online.”

Sophos estimates that half of the workers they surveyed have been given unrestricted access to social networks at work. The users, at least, are aware of the potential security risks. A majority (59 percent) of them believe that employee behavior on social networking sites could endanger corporate network security, and nearly as many (57 percent) worry that colleagues are sharing too much information online.

But it’s not just social networking sites that pose a threat to users, Sophos said. In addition to increasingly prevalent social networking threats, tried and true cybercrime tactics continue to plague Internet users. Although some websites are deliberately created in infect users, legitimate websites continue to be a popular target for attack as well, as hackers who compromise them can distribute malware to unsuspecting users.

“Many computer users still don’t realize that you can wind up with something nasty on your machine simply by visiting a website,” Cluley said. “Over the year, we saw an average of 30,000 new malicious URLs every day — that’s one every two to three seconds. More than 70 percent of these are legitimate websites that have been hacked — this means that businesses and website owners could inadvertently be infecting their patrons unintentionally and without knowledge.”

Reach BusinessNewsDaily senior writer Ned Smith at nsmith@techmedianetwork.com. Follow him on Twitter @nedbsmith.