For a small-to-medium business, social networking sites like Facebook can provide a real dilemma. Do you allow your employees access and open a potential Pandora’s Box of problems such as unintended security breaches? Or should you impose a blanket ban and risk losing a valuable channel of communication and collaboration?
Many SMEs want an approach that will allow them to take advantage of the many business benefits that social networking offers while safeguarding them against the potential pitfalls and security threats. But the cost of IT resources to constantly monitor and manage usage policies for Facebook can be prohibitive for most small businesses. Chris Russell, SMB expert at Symantec.cloud, formerly MessageLabs, investigates the challenges and helps solve the Facebook dilemma for SMBs.
Networking or not working?
Revolutions have been mobilised through it; academics study it; they’ve even made a movie about it! With over 9.5 million people in Australia now using Facebook, it’s more than a social networking site, it’s a social phenomenon. While the main purpose may be social, Facebook also offers real opportunities for businesses. Developing contacts, marketing a brand, sharing ideas, recruiting top quality staff, building relationships with customers and partners – it can make business processes and communication easier, less expensive and more effective, and boost employee engagement and team spirit across your workforce.
But for every plus, there’s a minus. Facebook can be addictive, leading small businesses to regret giving their employees access at work, and count the cost in dented productivity – a problem widely known as ‘social notworking’.
The relaxed nature of Facebook can also lure even well-meaning employees into serious lapses of judgement. It’s easy to let slip a confidential nugget of information or make an off-the-cuff comment about a customer or competitor, which has explosive consequences. And the dangers don’t end there.
Cybercrime and Facebook
Where internet users go, cybercriminals follow. Knowing Facebook’s sheer size makes it virtually impossible to police, they’ve devised a bewildering battery of devious techniques to trick and trap users. Hijacking accounts, spreading rogue applications, setting up fake, ‘ghost’ accounts, posing as Facebook itself – many strategies can be deployed to plant malware on victims’ PCs (e.g. via infected weblinks) or harvest personal information (e.g. via ‘phish’ emails).
Malware today has real business-bruising potential. Viruses that freeze networks or recruit PCs to botnets; spyware that snoops on browsing behaviour; Trojans that secretly burrow in search of sensitive information that can be turned to profit; almost all malware can propagate via Facebook. Some have even been specifically developed to exploit it. For instance, the Koobface worm spread by sending messages to friends of Facebook users whose machines had already been infected.
With social engineering now part and parcel of cybercrime, the loss of personal information via Facebook can be every bit as damaging for a business. Users’ names, ages and job titles, for example, can be harnessed to help craft plausible, sniper-like attacks targeting a specific company or individual – sent in an email pretending to come from a familiar contact.
Malicious emails (as well as URLs) may misappropriate the Facebook name by referencing Facebook in subject lines, body text, attachment names or weblinks.
Symantec.cloud’s Skeptic filtering engine detects countless examples. In fact, Facebook-related threats contribute between 2-3 billion emails being sent worldwide every day, indicating a massive global problem.
What policy is best?
Your Facebook policy needs to reflect the nature of your business, weighing up pros and cons in the context of your business. But broadly speaking there are three options, each with its own challenges:
- Unlimited access – but users need to be safeguarded from rogue applications, camouflaged malware, links to pornographic websites etc.
- Restricted use – limit access to certain hours and/or user groups via configurable web filtering capabilities
- Outright ban – this must be implemented using web filtering technology agile enough to prevent employees accessing Facebook both in the workplace and via the corporate network from home
Awareness-raising education and training will be essential to highlight the policy, explain it and, unless there is an outright ban, promote appropriate, circumspect use of Facebook.
Choosing the right IT solution to safeguard your business
Once you’ve decided the best policy for your business, you need to choose the right web filtering technology to enforce it effectively. There are many options available, but the industry best practice for web filtering technology is through the cloud, so malicious content and cyber attacks are detected and blocked in the cloud, in real-time, before they ever reach your network. The cloud also allows you to enforce your web filtering policy and antivirus scanning for your roaming and laptop users while outside the corporate network.
Cloud-based web filtering is a hosted service, so the IT maintenance and updates are automatically managed for you, allowing you to ‘set and forget’, with the confidence that you will be protected from both known and unknown malware and viruses. You don’t need to employ or train internal IT staff, as all IT support is provided as part of the service.
Small businesses need straightforward and reliable security that doesn’t compromise on features or blow the budget. Choosing a fixed monthly subscription-based, pay-per-user service is the most cost effective option for SMBs, as you only pay for the number of users connected and can easily scale up or down; for example you can add individual users as your workforce grows, without needing to purchase any hardware or software or invest in any other long-term infrastructure commitments.
The best web filtering services deliver superior enterprise-grade protection and industry leading service level agreements (SLAs) with a money-back guarantee, irrespective of the size of your business or the industry you’re in, so SMBs can leverage the same IT security infrastructure and support that large enterprises use.
User education alone is not enough, especially as social networking malware tactics are ever-changing. With the right usage policy plus the right web filtering solution that will continuously evolve to combat new threats, combined with proactive employee education, SMBs can solve the Facebook dilemma.
Chris Russell is Symantec.cloud’s Small to Medium Business Development Manager