A few weeks, several of the Smart Planet bloggers (including me) fell all over themselves with information about why social media and social networks would become part of business strategy. With this in mind, I wanted to share a few data points about why all this will give your security types fits.
AVG Technologies has just released a new survey reporting that about 86 percent of approximately 250 consumers surveyed by the CMO Council are using social networks at either their home or at their office. But very few of them take the same precautions with these applications or platforms or whatever you want to call them that we have been taught to take with things like e-mail or intranet applications.
For example, 64 percent of the survey respondents had either NEVER or infrequently changed their log-in password. Slightly fewer, 57 percent, had never adjusted any of their privacy settings, while 90 percent had failed to mention their participation to their social network administrator.
Even more disturbing: Almost one-quarter of people in social networks accept invitations from members they don't recognize (guilty as charged), while approximately 64 percent click on links that are posted by community members.
As a result, nearly 20 percent had experienced identity theft, close to half had been the victims of malware infections, and 55 percent had been the subject of phishing attacks.
The survey was conducted in the second quarter of 2009. You can find a summary at this link.
Another security vendor, Websense, conducted a separate study of Web 2.0 and social media usage and the results are equally alarming. Here's my blog about that research.
Apparently, we are either very naive or have bad memories. Fact is, we should be even MORE careful with how we visit with others around social networks, especially since there are so few security policies in place.
There really isn't any time to waste about this. If you're allowing your employees to use social networks, you need to get on the ball and let them know about the dangers AND you need to make sure your corporate network isn't being put at risk.
Here are some common sense actions you and your employees can take, as suggested by AVG Technologies:
- Change your password at least once per month
- Don't post confidential information
- Don't let someone access their social networking account on your computer, and vice versa
- Regularly clear your browser history
- Do not accept "friend" requests from people who aren't your friends
Of course, there are also security measures that your IT department should take, as well, in order to safeguard your corporate network and upholding policies that may already be in place regarding disclosure of privileged information, filtering of inappropriate content and so on. Does your team enforce your broader security policy as part of social media usage? And no, shutting off access completely isn't really a smart option.