That fact was made clear by some recent news stories:

• Google has been collecting passwords and e-mail messages, it is claimed. Apparently, Google’s roving Street View cars that present neighborhood views of locations across the world, have been intercepting local Wi-Fi communications. A lawsuit has been brought in France, but the practice goes on in a number of countries. Google’s response: Yes we collect the info, but it’s fragmentary, and we don’t use this stuff. Trust us.
• Twitter recently settled a suit with the Federal Trade Commission, admitting that allowed hackers to take control of several Twitter accounts, including those of President Obama and Fox News. The agreement sets up an independent security auditor that will assess how the company is doing, The company has vowed to take measures to prevent “unauthorized access to nonpublic information and honor the privacy choices made by consumers.”
• Social networking giant Facebook faces a number of class-action lawsuit over its callous disregard for customer privacy, by making so-called private information on user accounts easily available, both to the general public and to marketers. The controversy was inflamed by Facebook founder Mark Zuckerberg’s public pooh-poohing of anyone’s privacy concerns, the company’s default setting of having the default set at no privacy at all and its policy of making that hard to change.
• AT&T is, for now, the sole mobile source for iPad 3G users in the United States. Well, it didn’t take long. A group of hackers easily obtained the e-mail addresses of 114,000 iPad owners, using a security hole in AT&T’s website. Fortunately, in this case the hackers were part of a group that it specializes in exposing security vulnerabilities, and they quickly informed AT&T, who fixed that vulnerability. The conclusion: AT&T should have a lot of expertise on board, but they left a door wide open. How many more are there?

What IT issues are going to give organizations the most trouble in 2010?

Data security company Webroot released the results of its 2010 survey of 803 IT managers at small-to-midsize businesses (companies between 50 and 1,000 employees).

The managers surveyed were asked what threats they anticipated to be most important in the upcoming year.

The overwhelming anxiety was about social networking and Web 2.0 applications, including Facebook, Twitter and the like. That was the biggest worry of 80% of the respondents.

The great majority felt that they had managed to reduce the threats coming from email, but that they keep learning about new issues with social networking sites. In fact 25% reported that their networks had already been compromised in some way by social networking software.

Other results:

• 88% of the companies surveyed had stated policies on employee Internet use
• 54% have totally banned social network use at work
• 25% worried about Windows operating system vulnerabilities
• 24% were concerned about vulnerabilities in Internet browsers
• 24% had seen problems with client-side software (Flash, QuickTime, Java)

In addition, respondents reported recent attacks from: viruses (60%), spyware (57%), phishing attacks (47%), hacking attacks (35%), and SQL injections of their Web sites (32%).

Limit threats

One way to limit the threats of social networking sites: Have a strong company policy, and make sure its communicated to users.

You don’t need to outline every specific thing employees can and can’t do online. Most companies can solve a lot of problems with a policy that covers two basic elements:

1. Make it clear that employees have no right to privacy when they post on a public social-networking site, no matter where they connect from. If it’s done at work, their activity can be monitored, and if they post something at home and it’s publicly displayed on the site, it can be used as grounds for discipline.
2. Remind employees that company policies (like confidentiality agreements) extend to online behavior.

In the past year, attacks by hackers through social networking sites have increased by 70% compared to the year before, according to a recent survey by security firm Sophos.

Sophos also identified about 50,000 social-media-centric viruses, twice more than there were a year ago. There have also been increased instances of phishing attacks over Facebook and similar sites.

Most businesses are concerned their companies could be affected — of the 500 IT managers surveyed, 60% were concerned that users’ activity could leave their networks vulnerable to attacks.

Short of completely blocking those sites from office computers, companies can help protect the network by offering users these tips:

1. Don’t accept friend requests from people you don’t know — it could be a cycber-criminal.
2. Be careful about clicking links, even if they’re sent from a friend — some viruses have taken over people’s accounts to automatically send malware to everyone on their list of contacts.
3. Don’t respond to requests for personal information. Thieves have reportedly been hacking into people’s accounts and messaging their friends to obtain to bank account numbers and the like.

Here’s how it works: Hackers break into a Facebook account, change the password and send messages to the user’s “friends” announcing that the account holder is stranded in London.

The message requests funds be wired to the stranded friend via Western Union. Would you respond to a request for money sent by someone in an emergency who chose Facebook of all methods to contact you? Apparently, plenty of people would.

For example, a Missouri woman was tricked into wiring about $4,000 to someone in England after receiving a help messages from a friend on Facebook.

Jayne Scherrman of Cape Girardeau wired the money through Western Union after receiving what she believed were several requests for help from her friend, police said.

Scherrman’s case isn’t an isolated one. Facebook has received reports of similar scams and says it’s working with law enforcement to try and track down the culprits. The site’s administrators claim they have systems to detect suspicious behavior tied to compromised accounts.

The best bet for prevention is to change passwords frequently and let the site owners know immediately if access is blocked.