They're a productivity sink and a bandwidth suck. They're a vector for malware and a gift for corporate spies. They're a data spill just waiting to happen. And like it or not, they're already inside your enterprise.
Meet the Social Network. No, not that movie about Mark Zuckerberg, the real social network, from Facebook and MySpace to Twitter and Flickr, used by your coworkers and colleagues every single day, whether they're officially allowed to or not.
But social networking inside the enterprise is not only inevitable, it's essential. Used correctly, social media can help your company solve problems, burnish its public image, recruit top talent and generate ideas. Implemented poorly or worse, ignored, it can create a world of pain.
You can get on the social bus, or you get dragged behind it: your choice.
Taming the social network: With friends like these, who needs enemies?
What could go wrong with giving unfettered access to social networks at work? Plenty. Even if you manage to keep employees from spending all day milking cows and harvesting crops in Farmville, a host of other potential threats lurk just below the surface.
Take bandwidth, for example. Social media is consuming ever increasing amounts of network resources, according to Palo Alto Networks' Application Usage and Risk Report. While the number of social media apps found on corporate networks has remained relatively stable over the past year, the bandwidth these apps consume has more than doubled and is expected to grow even more.
"Social media traffic is massive," says Rene Bonvanie, vice president of worldwide marketing for the network security vendor. "We see the bandwidth demands going up substantially through social media apps. In many cases, it does conflict with business systems in these organisations, which could lead to continuity issues."
Worse, because they're based on trust, social networks have become very effective vectors for spreading malware, says Sarah Carter, chief strategy officer for FaceTime, a maker of web 2.0 security tools, much more so than say email.
"We're well trained in the email and traditional web world," Carter says. "We don't click on .exe attachments or URLs that look suspicious, heck we probably don't even see them anymore because of our spam filters. But in the world of social networking, where the person we're receiving the message/notification from is inside our trusted network of people, we're more susceptible to just plain clicking on that link and infecting ourselves."
According to Panda Security's Social Media Risk Index PDF, one-third of small-to-midsize businesses have suffered a malware infection initiated through social media with Facebook as the leading source. Malware threats once thought of as nearly extinct have made a rousing comeback in business environments, thanks to overly trusting social networkers.
Yet the biggest threat is probably the accidental data leak, wherein well meaning employees tweet details of secret projects they're working on, "check in" to meetings between two companies on a verge of a confidential deal or post status updates that mention internal problems at the company. It's not quite on the scale of say, losing a prototype iPhone in a bar, but employee social media gaffes can cause your organisation everything from public embarrassment to legal liabilities.
"I can't begin to tell you how many times companies come to us because they've discovered their employees were using social networks that compromised sensitive data," says Mike Logan, CEO of Axis Technology, a vendor of data masking products. "A P2P network or a social network like Facebook that collects info is pretty much the equivalent of digging a tunnel right into a company's data centre."
In Proofpoint's seventh annual study of outbound communications security, conducted by Osterman Research in July, one in five organisations reported losing confidential or sensitive information via social networks, a figure Osterman acknowledges is probably lower than the actual number. In the past 12 months, 20 percent of companies surveyed have disciplined employees for violating company policies on social networking, while 7 percent have terminated people for their actions on social nets.
It gets worse. If your employees post proprietary information on a site like Facebook, whose legal terms claim ownership over any data shared on its network, you may lose control over your company's intellectual property.
"It all boils down to what is written in the terms of service," says Carter. "These differ between the different social networks, which creates its own problems. Having proprietary data residing on a social network should absolutely create concerns for enterprises, especially if that data is not stored anywhere else. Enterprises should look at their record retention policies and not rely on Facebook, LinkedIn or Twitter to store that data for them."