Social networking can cause problems in the workplace, but there are solutions

• Article 19 of 33
• SC Magazine, December 2009
• View the original article online

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | All 6 Pages

There are also advantages to the business in enabling employees to access Web 2.0. Some of these advantages can be as simple as perks for employees, to compensate for other problems a company might have. One large retailer, with a remote HQ, had few shops nearby. One of the perks the company decided to offer was an ‘open access' policy to online shopping and Web 2.0 sites, so that employees had something to do and could use their break times to continue their personal life. Being in a remote location became less of a problem.

Local authorities often take advantage of people's openness about their private lives on Bebo, Facebook and Friends Reunited to conduct research into fraudulent benefit claims. Salespeople use sites such as Facebook and LinkedIn to network, get new contacts and recommendations from existing contacts, and generate leads. Marketing people use Twitter and Facebook to interact with customers, promote the company, get opinions on it and make it seem more human. Some small businesses reported a surge in customers during the recession, brought in by word of mouth on social networks. “I tweet a mixture of business and home things, so I'm seen as more a rounded individual than a company twonk,” says Nigel Hawthorn, EMEA marketing VP at Blue Coat Systems.

A project on University of Leicester students demonstrated how valuable Twitter can be. The study found it a useful tool for developing peer support, with activity rising prior to assessment deadlines or exam revision; creating personal learning networks, often in situations when they were physically isolated from peers; and arranging social meetings. The researchers found Twitter attractive as a data collection tool for recording the student experience and assessing it using free online analysis tools.

Indeed, there are now HR departments using Facebook to keep employees up-to-date with information, to contact them, receive information from them, and to organise meetings. The fact that so many ‘Generation Y' and indeed ‘Generation X' employees know how to use Facebook in their personal lives can help companies effectively save on training employees how to use a new application.

However, Web 2.0 shouldn't be used by employees if it's insecure. What are the best ways of defending against Web 2.0 attacks? Web 2.0 traffic almost always comes through on port 80, the same port used by all other web traffic, so standard firewalls are of no use in blocking them.

Sending web traffic via a proxy makes it easier to forbid access to particular sites or to block certain kinds of traffic. Software and services that inspect content, such as those from Blue Coat, Fortinet and Clearswift, are a better bet.

“The big difference between Web 1.0 and 2.0 is that Web 1.0 was one-way. We monitor both ways. We can look at the content going out and make sure it doesn't contain confidential information,” says Richard Turner, Clearswift's CEO. “We can protect against downloads, and work at a fine-grain level.” In Facebook, this can include restricting the use of apps, the changing of profile pictures and preventing uploads. Companies can also set up policies so that only specific users can perform certain tasks and access be only allowed at certain times.

With Web 2.0 being a browser-based technology, focusing on browser security is one of the key requirements of adoption. “It's the common mantra – keep patched and up-to-date,” says Mike Shema, security research engineer at Qualys. “AV companies are starting to look into browser-based attacks.”

Rick Caccia, VP of product marketing at ArcSight, says using Google Chrome has its advantages, since Google has designed it for web apps and it has better measures to prevent cross-site scripting – although no single browser is better than others. The important thing, says Tim Orchard, principal consultant at Activity IM, is that the desktop be locked down, and the user isn't using admin privileges, so if there is a problem, the computer won't be taken over. “It's all about defence in depth, not about firewalls. You have to look at the architecture of the network in general.”

Auditing is another issue. Web 2.0 sites tend to take advantage of Ajax, Silverlight, JavaScript, Flash, SSL and other technologies that are both hard to monitor and audit. Qualys's Mike Shema says that using at least a proxy server to channel web traffic will be helpful for forensics to determine where malware, if it's found, might have originated.

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | All 6 Pages