The latest phenomenon to revolutionise web surfing has hit like a social tsunami. Facebook is already one of the world’s most used sites, and many visits take place on company time. It can bring young workers together, yet the risks are much greater than lost productivity. Malicious content, data leakage and legal liability mean businesses need an efficient tool to control internet misuse.
A bit of fun? Or a big business impact
It’s been just over a year since it emerged from its university origins and became universally accessible, yet Facebook already has over 49 million active users worldwide and is the eighth most visited site on the web, with over 400,000 new registrations each day during 2009.
More than a chance to get your face on the web and research new acquaintances, Facebook makes uploading photos, video or blogging easy, and tagged friends are ‘pinged’ when they’re featured - creating a virtual network that reaches right out and grabs you.
Alexa web monitoring reports that around 3.4 per cent of global users visit Facebook – up 82 per cent in the last three months – with about 30 unique pages viewed by each user each day. While the vast majority of Facebook users are in the US, Canada and the UK, 2.5 per cent of its users are Australians.
MessageLabs’ statistics reveal that Facebook is now the most blocked site for businesses in the Asia-Pacific region, followed by RSVP.com.au.
Facebook was initially created in 2004 by Harvard undergraduate Mark Zuckerberg to keep in touch and swap information with fellow students, and named after the paper ‘facebooks’ US colleges traditionally distribute to new students and staff containing snapshots of key people around campus.
It’s now one of the most popular social networking sites for Generation Y – more like a social tsunami than a social trend. More than half its users are not at universities, and its fastest growing demographic is people 25 years and older.
Yet Facebook and its sister social networking sites are not simply a little bit of good clean fun. They’re big business, and they have big business impacts.
That price a ping?
A recent Australian study noted that since doodling and Solitaire gave way to Hotmail and now more evolved social networking sites, Social networking sites alone could be responsible for up to $5 billion in productivity losses from the Australian business economy. Calculated using the average Australian salary, each employee spending an hour each workday on these sites, costs their employer $6,200 a year.
Employees using the internet at work for social purposes can also be placing their employers at a significant liability risk. If an employee is using a corporate domain name, improper statements made can be attributed to the company. Employees exposed to sexually explicit or offensive material on a colleague’s computer screen can disrupt the working environment and often result in legal action against employers.
Australian Computer Crime and Security Survey (AusCERT) found that one in five Australian companies experienced damage to the confidentiality, integrity and availability of network data or systems, and the average annual losses from computer misuse and crime rose by 63 per cent to $241,150 per organisation - making the real costs to business from employee internet access abuse all too clear.
Innocent social surfing can also present a chink in your business security for electronic threats such as viruses, worms, Trojans and spyware to enter and damage your corporate network and place information at risk.
To block or not to block
A recent AusCERT report revealed that changing users’ attitudes and behaviour around internet use is still the major challenge for most organisations (60 per cent). Accidental misuse or intentional abuse of email and the internet presents costly and damaging problems for businesses of all sizes. Educating your employees about the risks, rights and wrongs online is essential in protecting your business.
Your Acceptable Usage Policy should be part of your regular training and include guidance on things such as:
- not misusing email – keeping it mainly for business use
- what sort of personal use is allowed
- being wary of unsolicited email
- guarding against handing over confidential information
- not downloading and installing unnecessary applications
- websites that are acceptable to use at work.
For further information on how to set policies for AUP, please visit MessageLabs Whitepapers for further information.
Given the risks and costs associated with social networking sites, every employer needs to consider whether to ban access to social networking sites, or whether to control and monitor its use. Blocking access at the firewall or proxy level is administratively inefficient, and doesn’t allow for variations in access rights for different user groups.
Using a managed service to control employee access to the web ensures you are always abreast of new fads and emerging threats, and ensures that your web access policy is clearly implemented in line with your regulatory responsibilities.
MessageLabs Web Security Services are implemented at the Internet layer,which means there is no hardware, no software and no overheads. Your IT staff are free to focus on helping grow your business, and your network is protected around the clock by a company that scans electronic communications as its core business – guaranteeing your protection from new or unidentified threats and productivity losses resulting from internet misuse.
For those companies who want to allow safe use of social networking sites, a managed service can enable your employees to access the site only between certain hours – such as outside 9 to 5 or at lunchtime – and advanced scanning technology can ensure that any threats are detected and infected pages blocked.
MessageLabs incorporates a range of multi-layered technologies that ensure total protection from external and internal web threats. Specifically, MessageLabs Web Security Services is comprised of two core offerings:
Multi-layer Protection - state-of-the-art anti-spyware and anti-virus technologies scan all web content for malicious software. MessageLabs’ powerful predictive technology, Skeptic™, guards against new and converging threats, while known threats are blocked by industry-leading and constantly updated third party technologies.
URL Filtering - a sophisticated categorisation database ensures your employees only gain access to appropriate content and do not visit sites that are offensive or represent a security risk. The control system is highly configurable, enabling you to apply different filtering rules to specific individuals or user groups.
To learn more about services available to protect your business from any implications from social networking sites visit Messagelabs Email & Web Security website.