Social networking has been dubbed ‘the new frontier of cybercrime’ by IT security company Sophos and the results of a survey it conducted in February this year would certainly appear to support this claim.

Graham Cluley, senior technology consultant at Sophos commented: “The initial productivity concerns that many organisations harboured when Facebook first shot to popularity are giving way to the realisation that there are more deliberate and malicious risks associated with social networking. As cybercriminals choose to exploit these sites for nefarious purposes, both innocent users and companies are finding themselves in the firing line.”

Sophos research confirms that although one third of organisations still consider productivity issues to be the major reason for controlling employee access to social networking sites, the threat from both malware and data leakage is becoming more apparent with one in five citing these as their top concerns.

What is your primary reason for controlling access?

Cyber-attacks: a new frontier

From traditional scams that aim to fool users into sending money to foreign destinations under the ruse that a friend is in trouble, to malware disguised as Facebook error messages, cybercriminals are using the same old techniques, but pushing them out via social media.

A typical method of attack is for hackers to compromise accounts by stealing usernames and passwords - often using phishing or spyware - and then, use this profile to send spam or malicious links to the victims' online friends and colleagues. Sophos research reveals that one third of respondents have been spammed on social networking sites, while almost one quarter (21 per cent) have been the victim of targeted phishing or malware attacks.

Have you, or any of your colleagues, ever been...

Total lockdown is not necessarily the answer

With social networking behaviour firmly ingrained in many employees' daily routines, Sophos experts predict that users will continue to share information inappropriately, putting their identities - and potentially the organisation they work for - at risk. However, banning social networking in the workplace outright may be a rash move - one that could cause more harm than good.

Cluley explained: “The danger is that by completely denying staff access to their favourite social networking site, organisations will drive their employees to find a way round the ban. Let's not also forget that social networking sites can have beneficial business purposes for some firms too, giving them the chance to network with existing customers and potential prospects."

Sophos concludes that social networking sites are here to stay and urges businesses to find a practical way to work with these sites - not against them. By adopting a more holistic approach - including investment in greater security and control solutions, as well as offering comprehensive user education - organisations will be better equipped to deal with social networking risks.

Top five Sophos tips to help business and users stay safe:

Educate your workforce about online risks - make sure all employees are aware of the impact that their actions could have on the corporate network

Consider filtering access to certain social networking sites at specific times - this can be easily set by user groups or time periods for example

Check the information that your organisation and staff share online - if sensitive business data is being shared, evaluate the situation and act as appropriate

Review your Web 2.0 security settings regularly - users should only be sharing work-related information with trusted parties

Ensure that you have a solution in place that can proactively scan all websites for malware, spam and phishing content

Source: Sophos online poll, 709 respondents, February 2009.

Please bear in mind that this poll is not scientific and is provided for information purposes only. The comments expressed are those of a subsection of poll participants, and not necessarily those of Sophos. Sophos makes no guarantees about the accuracy of the results other than that they reflect the choices of the users who participated.