The Ten Commandments of Social Network Security (For IT Managers)

Social networking is an important part of the lives of most Web surfers. After people get home from work, they go to their computers, see what their friends are up to on Facebook, MySpace and Twitter and go about their lives.

There’s just one problem; those social networks are being hit hard with some serious attacks. In fact, Canada’s privacy commissioner said on July 16 that Facebook, the most popular social network in the U.S., isn’t doing nearly enough to keep its users safe. The country’s privacy commissioner went on to say that “it’s clear that privacy issues are at the top of mind for Facebook, and yet we found serious privacy gaps in the way the site operates.

Of course, Facebook isn’t alone. There are a variety of privacy issues impacting most social networks. Twitter has been the target of phishing scams, hijacking and other security issues. MySpace has also experienced a slew of security problems.

All the while, those users who enjoy social networks are bringing that love to work. They’re now accessing their profiles from their cubicles. They’re communicating with buddies on Twitter over lunch. They are becoming more social.

According to a recent study, most companies don’t like that, leading some to investigate made for business versions of social networking tools. Anti-virus firm Sophos found earlier this year that 63 percent of the companies that it surveyed said that they fear social networks can put the company’s security at risk. It’s a valid concern. And one that no IT manager should take lightly. But at the same time, the severity of those outbreaks hasn’t been great enough to justify that fear. While social networks do pose some threats to the enterprise, IT managers can deal with them as they come.

Here’s how:

1. Be logical
Although it’s easy to fear social networks, the reality is, most social networks don’t pose the kind of security threats Windows does. Furthermore, most social networks don’t pose the kind of threat e-mail phishing scams do. Is there are a danger? Of course. But it’s not the biggest danger IT managers need to face.

2. Remember social networks have value
Social networks have some real value. Companies that give employees access to them can use employee profiles to promote their business. Happy employees will talk about their employers in a good light. It makes the company look good. And it might eventually bring in better talent.

3. Social networks are promotional tools
Having employees using social networks is a great way to promote business products or services. Think of social networks more as a public relations arm, rather than a security hole. Are there threats? Of course. But IT managers might just find that the benefits of promotion far outweigh the security issues that might arise.

4. Blocking only makes it worse
As Sophos pointed out in its study, blocking social networks is a bad practice. It only makes employees want to find ways to access their profiles through other means that have a higher likelihood of causing security issues in companies. They will search for “anonymisers”. They will look for holes in security. And in the process, they might find some real trouble on the Web.