A report released by MessageLabs, a UK-based security vendor, found that nearly 20 percent of organizations blocked social networking and dating sites in February due to concerns about employee productivity and malware. In addition, the number of websites blocked by filters was nearly 47 percent, which, according to MessageLabs, should spur IT departments to update their electronic use policies to reflect newer Web 2.0 technologies.
'Organizations need to raise awareness about the risks of these sites,' says Paul Wood, a security analyst with MessageLabs. 'Some of the policies are not up to date.'
Wood says it wasn't always clear how malware entered users' computers or networks as a result of using social networks. In one example, however, he cited a case where a user visited a fake MySpace page where they were served up a pop-up add designed to look like a Microsoft software update. When the person clicked on the pop-up, they were taken to an illegitimate site that tried to install malware over JavaScript.
The report, which according to a spokesman polled most of MessageLabs' 16,000 customers, also sheds some light on other consumer technologies, such as Gmail. The proportion of spam originating from Gmail accounts doubled in the month of February, the research states. According to the report, spammers found a way around Completely Automated Public Turing Test To Tell Computers and Humans Apart (CAPTCHA), which is essentially the letters users are asked to type when they start an e-mail account or look for tickets on a site such as Ticketmaster.
Spam from Yahoo still leads the way, claiming 90 percent of the spam sent from consumer-based e-mail services, according to MessageLabs.
The MessageLabs' report echoes the worries IT leaders expressed in CIO's recent survey-based story, the Nine Consumer Technologies CIOs Fear. Nearly 10 percent of IT decision makers told CIO that they viewed social networks such as Facebook and MySpace as the biggest consumer technology threat to their organizations. Approximately 18 percent cited consumer-based e-mail like Hotmail, Yahoo and Gmail as the greatest threat to their organizations, making it second only to USB devices.
IT departments will have to reevaluate their electronic use policies to include social networks and other new Web 2.0 technologies, Wood says. 'It's not just about e-mail anymore,' he says. 'People need to know how to conduct themselves on blogs, IM and social networks.'
If IT institutes better electronic use policies that educate users about the sites that they visit, better security will follow, Wood argues. 'It's more of a management issue than a technology issue,' he says.