Sophos conducted a poll in February 2009 with 709 respondents. Of those, 63% of system administrators worry that employees share too much information on their social networking profiles. They believe this puts the corporation, and its data, at risk (since cybercriminals have access to more information for identity theft, malware or spam). A quarter of the businesses had been the recipients of spam, phishing or malware attacks via sites like Twitter, Facebook, LinkedIn and MySpace.
Over 40% of companies don't control access to any of these major social networking platforms - for those that do, productivity still represents the largest share of concern, but security concerns are on the rise.
We're seeing more incidents of unwanted adverts and malicious links being spammed out, particularly to Facebook users, from their friends' compromised accounts. Although social networking sites are going some way to mitigate threats to users - activating pop-up windows to confirm if a user really wants to visit that external link for example - unfortunately it's just not enough. Organisations need to incorporate defences into their IT security policy, and a key part of this is to educate individuals to choose strong passwords and to take good care of them to prevent cybercriminals taking over online accounts which could provide an entry point to the IT infrastructure." - Graham Cluley, senior technology consultant at Sophos.
Sophos summarizes their study with the top 5 tips to combat social networking perils in the business environment, which include: