A Webroot survey reveals how social networking has impacted the security of cost-conscious businesses in 2010.
Research commissioned by Internet security specialist Webroot suggested
small to midsize businesses are becoming more vigilant when it comes to their
employees' use of social networking sites. The survey of more than 1,000
businesses from the United States
and United Kingdom
with up to 500 employees found most (81 percent) have an employee Internet
policy. Half (50 percent) said employees are not permitted to visit any social
networks via a company computer or laptop.
The report found just as new variants of the Koobface social networking worm
continue to evolve, so are company policies-some have made changes as a result
of an employee's misuse of these sites: 42 percent have implemented an Internet
use policy as a result of an employee's inappropriate use of a social
networking site, and more than one-third (34 percent) deployed a Web security
product to monitor Internet use and enforce policies.
Four in 10 of those polled (39 percent) have an Internet use policy that
prohibits employees from visiting Facebook, while 30 percent block access to
Twitter and 27 percent prohibit access to video-sharing sites like YouTube. Two
in 10 SMBs (21 percent) allow employees to visit social networking sites only during
specific times (lunch break, after work hours, etc.), and 16 percent grant
certain departments (e.g., marketing) permission to visit specific social
"Clearly the potential impact of social networks as a threat vector has
hit home for IT administrators," said Gerhard Eschelbeck, CTO
of Webroot. "One in six of those we surveyed said a social networking site
or Web 2.0 application was the source of an infection or attack, and over half
of companies said their network was infected with spyware this year. Every
company needs to develop a policy for social networking use and should also
deploy reliable Web security services for ongoing protection against zero-day
The report also found that concern about threats via social networking sites
remains high. More than half of those polled (53 percent) said they are very or
extremely concerned about malware infections via social networks, while two out
of five (42 percent) said they are very or extremely concerned about data
leakage through social networking sites.
Nearly one-third (30 percent) say Web-based threats caused the biggest
security headache for them in 2010, and more than one in 10 (12 percent) say
sensitive company information has been released via their employees' use of
social networking sites. Half of those surveyed said they were victims of a
virus or worm, while four in 10 said they experienced a phishing attack this
Webroot sponsored the online survey of businesses with 500 and fewer
employees between Oct. 29 and Nov. 3. Invitations to participate were emailed
by e-Rewards to panel members in the United
Kingdom and the United
States. Respondents qualified for the survey
if they were purchase decision makers for e-mail or Web security. At the 95
percent confidence level, the margin of error is ??3.0 percentage points for the
full sample of 1,087 respondents, ??3.6 points for the U.S.
sample of 751 and ??5.4 points for the U.K.
sample of 336 respondents.