Infosec: Workplace Facebook bans are a waste of time

Like sign

IT departments that try to ban employees from accessing social networking sites for security reasons are fighting a losing battle, claims security vendor Barracuda Networks.

Speaking to IT Pro at Infosecurity Europe, the firm's chief research officer, Dr. Paul Judge, said most end users find a way round blanket bans on Facebook and Twitter use in the workplace.

Your average company's website is just sat out on the internet with nothing protecting it

And, with newer sites such as Pinterest and Instagram emerging and growing in popularity, it is an evolving situation that is hard for IT departments to keep tabs on.

"If you look at the time people spend online, the biggest time drain is social networks. So, if you're an attacker trying to get in front of more eyeballs, it's the place to be," said Judge.

"[These attackers] are making millions of fake accounts to interact with legitimate people and, potentially, your company's employees are exposing you to risk."

However, rather than stop people using them completely, there are steps companies can take to mitigate these risks.

"A lot of companies try to tell people they can't use Facebook or Twitter, but it is easier to let them access the sites in a controlled way," he explained.

"For instance, they can use application control rules or policies to protect themselves against malware, viruses and data loss by controlling the amount of risk social networks expose them to."

He said businesses should make use of "read-only web" tools, which allow employees to visit sites, but prohibits them from downloading and uploading content.

"You can compromise in other ways by letting employees access Facebook, but use tools that stop them from accessing user profiles and limits access to company-related pages," he added.

"There are tools that scan Facebook and Twitter profiles, looking for suspicious content, malware and spam, which gives employees access to a wider range of pages in a controlled way."

Aside from social networking sites, he claimed businesses are also leaving themselves open to attack by failing to secure their corporate sites properly.

"Large financial institutions have been doing [a great job of this] for years, but your average company's website is just sat out on the internet with nothing protecting it," he claimed.

"It is changing. The Anonymous era has increased awareness of network and website breaches and increasingly the board is saying to the IT department, how can we stop that happening to us?"

Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.