Malware, data loss are two risks posed by employee use of social media

A full 82% of chief marketing officers surveyed by IBM last year said that they plan to increase their use of social media over the next three to five years.

According to the 2011 Ponemon Institute Global Survey on Social Media Risks, close to two-thirds of executives surveyed said that employee use of social media puts their organization at risk, and only 29% said they had the necessary security controls to mitigate the threat posed by social media use.

“Many organizations are not even aware of the social media activities that their employees are participating in”, Anthony observed. “Employees going to any websites, not just social media, are exposing the company to security risks. It is not just going to well-known bad sites”, he told Infosecurity.

“Sometimes people can be sloppy in posting information [on websites] and leave the website open to someone coming in and injecting malware”, Anthony said.

Disclosure of confidential information is another risk of visiting social media sites, as well as of sharing data on file sharing sites such as DropBox, he noted. “You have people exporting confidential information off their machine onto a public website and then download the information from home. You may want to set up a policy that says, ‘We are not going to allow you to have an account on that site that you can access from work’”, Anthony said.

To help companies enforce those type of policies, IBM is launching a network security product – the XGS 5000 – designed to control social media and web browsing risks for enterprises. The intrusion prevention product helps clients address malware or other attacks targeting their organization, providing visibility into what applications are being used on the network and where users are going on the web, as well as the ability to monitor and control that activity.

The XGS 5000 incorporates threat intelligence from IBM’s X-Force team, including a web filter database of over 15 billion URLs and over a thousand different applications and actions. “You can categorize the URLs, such as gambling sites and sharing sites. The organization can see the activity going to those sites, and they can decide how they want to manage that activity”, Anthony explained.

Using the XGS 5000, customers will be able to discover which applications and websites are being accessed; identify misuse by application, website, and user; and enforce security policies with intelligent application-level controls, Anthony said.

What’s hot on Infosecurity Magazine?