Half of SMBs Block Employee Access to Facebook: Report

A Webroot survey reveals how social networking has impacted the security of cost-conscious businesses in 2010.

Research commissioned by Internet security specialist Webroot suggested small to midsize businesses are becoming more vigilant when it comes to their employees' use of social networking sites. The survey of more than 1,000 businesses from the United States and United Kingdom with up to 500 employees found most (81 percent) have an employee Internet policy. Half (50 percent) said employees are not permitted to visit any social networks via a company computer or laptop.

The report found just as new variants of the Koobface social networking worm continue to evolve, so are company policies-some have made changes as a result of an employee's misuse of these sites: 42 percent have implemented an Internet use policy as a result of an employee's inappropriate use of a social networking site, and more than one-third (34 percent) deployed a Web security product to monitor Internet use and enforce policies.

Four in 10 of those polled (39 percent) have an Internet use policy that prohibits employees from visiting Facebook, while 30 percent block access to Twitter and 27 percent prohibit access to video-sharing sites like YouTube. Two in 10 SMBs (21 percent) allow employees to visit social networking sites only during specific times (lunch break, after work hours, etc.), and 16 percent grant certain departments (e.g., marketing) permission to visit specific social networking sites.

"Clearly the potential impact of social networks as a threat vector has hit home for IT administrators," said Gerhard Eschelbeck, CTO of Webroot. "One in six of those we surveyed said a social networking site or Web 2.0 application was the source of an infection or attack, and over half of companies said their network was infected with spyware this year. Every company needs to develop a policy for social networking use and should also deploy reliable Web security services for ongoing protection against zero-day threats."

The report also found that concern about threats via social networking sites remains high. More than half of those polled (53 percent) said they are very or extremely concerned about malware infections via social networks, while two out of five (42 percent) said they are very or extremely concerned about data leakage through social networking sites.

Nearly one-third (30 percent) say Web-based threats caused the biggest security headache for them in 2010, and more than one in 10 (12 percent) say sensitive company information has been released via their employees' use of social networking sites. Half of those surveyed said they were victims of a virus or worm, while four in 10 said they experienced a phishing attack this year.

Webroot sponsored the online survey of businesses with 500 and fewer employees between Oct. 29 and Nov. 3. Invitations to participate were emailed by e-Rewards to panel members in the United Kingdom and the United States. Respondents qualified for the survey if they were purchase decision makers for e-mail or Web security. At the 95 percent confidence level, the margin of error is ??3.0 percentage points for the full sample of 1,087 respondents, ??3.6 points for the U.S. sample of 751 and ??5.4 points for the U.K. sample of 336 respondents.