Canadian biz failing in social media security

The good news: Canadian businesses and workers are among the world’s leaders in social media use.

The bad news: The vast majority of Canadian businesses are way behind in protecting their organizations against social media risks.

“It’s amazing how much of a gap there is between what companies perceive to be threats and what they actually do,” said Fiaz Walji, Canada-based country manager for Internet security firm Websense Inc.

Survey finding for Canada indicated that:

  • 70 per cent of respondents believe that employee use of social media puts their organization’s security at risk
  • In contrast, 31 per cent of the respondents said their companies have the security controls to mitigate risks posed by social media use
  • As much as 51 per cent of respondents said viruses and malware infections are increasing as a result of social media use
  • 36 per cent of companies do not have a policy for that informs employees about the acceptable use of social media in the workplace
  • 25 per cent of respondents are not sure of their company has a policy covering social media use in the workplace
  • Of the organizations that do have social media use policies, only 37 per cent said these policies were being enforced

The Websense survey involved 4,640 IT security practitioners in the U.S, Canada, U.K., France, Germany, Italy, Australia, Singapore, Hong Kong, India, Brazil and Mexico with an average of 10 years experience. Fifty-four percent hold positions of supervisor or above, and 42 per cent are employed by organizations larger than 5,000 employees. Of those polled some 420 were Canadian IT professionals that handle IT security for their companies.

From a practice that has been typically banned in the workplace, social media is increasingly being embraced by business.

“Many retailers simply accept that social media involvement is a necessity in today’s marketplace,” said Laurie Mah, marketing expert and independent contractor who conducted a survey on technology buying patterns for the Retail Council of Canada (RCA).

That survey, released last year, indicated that all member companies of the council had a Facebook account, 85 per cent used Twitter, about 50 per cent engaged in blogs and chat forums and 30 per cent used YouTube.

Companies more focused on productivity and bandwidth

Walji also said Websense found out that companies were more concerned about the impact social media use on worker productivity and bandwidth consumption rather than the security implications.

  • 96 per cent of respondents indicated that diminished employee productivity was among the top negative consequences of social media use
  • 68 per cent cited depletion of IT bandwidth as one of the primary drawbacks of social media use in the workplace

“It was surprising to learn that despite being aware of the security risks, companies opted to spend their budgets on boosting Internet bandwidth to support social media use,” said Walji

The survey indicated that 64 per cent of companies increased their Internet bandwidth to support social media use.

The top five tools considered essential or very important to reduce risks caused by use of social media at work are: anti-virus and anti-malware; endpoint security; secure Web gateways; identity and access management; and mobile device management.

Facebook turns to Websense

Meanwhile, plagued by malware distribution campaigns, survey scams and other threats for years now, Facebook, partnered with Websense to protect its users from third-party malicious URLs spammed on the social networking website, the companies said on Monday.

The site’s blocking mechanisms have improved over time, but spammers are very determined to find ways around them since social media has become one of the primary malware propagation channels.

Most attacks involve users clicking on links that point to malicious web pages outside of Facebook’s control. So to counter this Facebook passes requests to external resources through its own URL redirector.

This allows it to check links against third party and self-maintained blacklists. Earlier this year, the company announced a partnership with Web of Trust (WOT), a provider of community-powered URL reputation services, in order to better detect spam links on the website.

But with attackers capable of switching malicious URLs very quickly it’s hard to keep up using only a blacklist-based approach. That’s why Facebook chose Websense, which brings to the table a cloud-based scanning engine capable of checking third-party pages in real-time before allowing users to visit them.

Walji said his company has provided Facebook with a real-time site qualification tool that scans the site for malware, spyware, inappropriate content, data leaks, and spam.

When the Websense ThreatSeeker platform detects malicious content, users get notified that proceeding to the destination is potentially unsafe, Walji said.
Of course, to work around any false positive incidents that might occur, the option to ignore the alerts will also be available.

“Facebook cares deeply about protecting users from potentially malicious content on the internet. We are excited about our partnership with Websense to provide industry leading tools to help our users protect themselves,” commented Dan Rubinstein, Facebook’s product manager for site integrity, in a statement.

The partnership has yet to prove its effectiveness on the world’s largest social networking website, but giving the current attack rate any form of additional protection is most probably a good thing. Bit.ly is also using Websense technology to block malicious URLs, but just like Facebook, it does it in conjunction with solutions from multiple providers.

Nestor Arellano
Nestor Arellano is a Senior Writer at ITBusiness.ca. Follow him on Twitter, read his blog, and join the IT Business Facebook Page.

(With notes from By Lucian Constantin -IDG News Service)

Share on LinkedIn Share with Google+