The biggest threat in 2010? Web 2.0
February 23, 2010 by Sam NarisiPosted in: Security, Special Report
What IT issues are going to give organizations the most trouble in 2010?
Data security company Webroot released the results of its 2010 survey of 803 IT managers at small-to-midsize businesses (companies between 50 and 1,000 employees).
The managers surveyed were asked what threats they anticipated to be most important in the upcoming year.
The overwhelming anxiety was about social networking and Web 2.0 applications, including Facebook, Twitter and the like. That was the biggest worry of 80% of the respondents.
The great majority felt that they had managed to reduce the threats coming from email, but that they keep learning about new issues with social networking sites. In fact 25% reported that their networks had already been compromised in some way by social networking software.
Other results:
- 88% of the companies surveyed had stated policies on employee Internet use
- 54% have totally banned social network use at work
- 25% worried about Windows operating system vulnerabilities
- 24% were concerned about vulnerabilities in Internet browsers
- 24% had seen problems with client-side software (Flash, QuickTime, Java)
In addition, respondents reported recent attacks from: viruses (60%), spyware (57%), phishing attacks (47%), hacking attacks (35%), and SQL injections of their Web sites (32%).
Limit threats
One way to limit the threats of social networking sites: Have a strong company policy, and make sure its communicated to users.
You don’t need to outline every specific thing employees can and can’t do online. Most companies can solve a lot of problems with a policy that covers two basic elements:
- Make it clear that employees have no right to privacy when they post on a public social-networking site, no matter where they connect from. If it’s done at work, their activity can be monitored, and if they post something at home and it’s publicly displayed on the site, it can be used as grounds for discipline.
- Remind employees that company policies (like confidentiality agreements) extend to online behavior.
DocuCrunch.com delivers the latest IT and Imaging news once a week to the inboxes of over 200,000 IT and Imaging professionals.
Click here to sign up and start your FREE subscription to DocuCrunch!
Tags: Facebook, Linkedin, MySpace, security threats, social networking, Webroot
Loading ...
February 24th, 2010 at 2:00 pm
Banning something is usually not the way to handle these types of situations. I would say that it’s better to create a policy around the usage/intent for business purposes and TRAIN the staff on what is acceptable or not. Create a sound social media policy for both individuals (employees) and the organization (should they choose to have social networking sites) and monitor what’s being posted. It’s similar to banning web access. Most companies have had to deal with the fact that web access at work is part of how people do business. Organizations need to adapt to different communication streams (especially for those used by the current generation). I’m not minimizing the fact that there are threats the IT department is worried about, but I’m not convinced that anything is totally safe in an electronic environment.
February 24th, 2010 at 3:14 pm
bstarck is certainly not in I/T. Bans and policies are good for grounds for disciplinary action or to insure that all are treated in the same manner (at least in theory). The reality is that someone will generally find a way around these and advertise it to their peers; some number of whom will use their new “access”.
Blacklists and whitelists, do more to prevent legitimate use than stop inappropriate use. Content filtering is poorly defined and requires extraordinary resources to enforce. One very valid point bstarck makes is that he is, “…not convinced anything is totally safe in an electronic environment.” Quite true. How to deal with it? A layered defense that takes surprisingly few resources and is as unobtrusive as possible is what is used by me (250+ users). Use of real-time malware detectors/blockers, antivirus software, firewall monitoring and rules, and the low-tech HOSTS file keeps the vast majority of threats out of our network. The user education (call when something unusual pops up) and I/T approach (try to get it resolved and prevented in the future; regardless of someone’s position, without making them feel stupid) is of enormous help.
February 25th, 2010 at 9:50 am
10 years ago “should employees have access to the internet?” and everyone was worried about the risks of “Web 1.0″ and Friends Reunited. 15 years ago “should employees have access to external email?” because viruses could be brought into the company network…
There are solutions for data leakage, endpoint protection, anti-malware, employee monitoring and these will catch up and catch on and any organization with internet presence and access should be aware of them.
However the fact that a recent poll I saw published showed something like 85% of companies still using Windows XP as the standard desktop platform shows how far behind the technological edge much of the corporate IT estate has become.
In the public sector it is not uncommon to find IE6 still a standard desktop browser.
Those who fall behind will fail.
Web2.0 does give challenges, but that is why we have IT departments. We meet the challenge. The board needs to resource this.