Wednesday, August 22, 2007

Facebook Costs Employers More Than $5 Billion A Year

Security firms warn that Facebook use on the job could be putting a company's network at risk.

Workers at the office using social networking sites, like Facebook, are costing employers more than $5 billion a year and putting corporate networks at risk of attack, according to a new study.
The data is out of Australia, but a spokeswoman at security company SurfControl noted that country is ranked fifth among global Facebook users, coming in behind the United States. That, she pointed out, means the problem of lost time and network risk is even greater here in the U.S.

If one employee spends one hour of company time on Facebook every day, it potentially costs his or her employer more than $6,200 per year. Factored across the 800,000 businesses in Australia, that one wasted hour a day adds up to a productivity loss of $5 billion annually for the Australian economy.

And SurfControl's researchers also noted in an advisory the rise of what they're calling "underground intranets," such as groups of users dedicated to nothing more than slacking off at work. Some of the groups are specific to employees at individual companies.

"The worrying trend for employers is that, while it's unclear if these social networking sites are replacing existing mediums like instant messaging, or the legitimate company intranet or e-mail, it's obvious that they sit outside the security and risk management systems of many organizations," said Richard Cullen, chairman of SurfControl's global technology strategy council. "Unchecked, this poses real questions about an employer's liability for comments posted by employees on such underground intranets."

According to SurfControl, a review of the Facebook Web site shows that a "large number" of Facebook's 3 million users log in during work hours, with many members joining groups specifically relating to using Facebook at work.

"Some employers are blocking the sites, while others have embraced the new, global networking capability and are setting down times when it's acceptable to Facebook," said Cullen. "If appropriate filters are in place, employees are able to use sites like Facebook and MySpace in their downtime without putting the network at risk. Either way, employers should be aware of the risks and manage them in the way in which they're most comfortable."

Last week, Sophos released a study that showed that some social networkers will readily reveal their personally identifying information -- to absolutely anyone or anything.

A social engineering test on Facebook showed that 41% of users readily hand out personally identifying information to complete strangers. That, according to researchers at security company Sophos, puts them at great risk of identity theft and in line to receive massive dumps of spam and targeted malware attacks.



http://informationweek.com/security/showArticle.jhtml?articleID=201801251

No comments: