Study links staff use of Web 2.0 to security risks

U.K. firms are at risk of data leakage through their employees' increasing use of Web 2.0 technologies and social networking Web sites, security experts have warned.

A survey of more than 1,000 office workers found that 42% of those aged between 18 and 29 discussed work-related issues on social networking sites and blogs.

More than a quarter of young workers spent three or more hours a week -- during their office hours -- surfing blogs and Web sites such as YouTube and MySpace, the research, carried out by polling firm YouGov for content security specialists Clearswift found. Nearly four in 10 admitted accessing such sites "several times a day".

Younger employees are more likely to take access to such sites for granted, with 59% of office workers aged 18 to 29 believing that staff should be able to visit these sites for personal reasons, using their work computer, compared with 38% of staff aged over 30.

Clearswift chief operating officer Ian Bowles said: "It's clear from the research that organizations need to take a closer look at the social media sites that their employees are using at work to ensure sensitive business issues or information is not being discussed.

"However, finding the balance between harnessing so-called 'Web 2.0' technologies for business benefit and maintaining strong security is key."

Bowles added: "It isn't difficult to envisage an employee posting unauthorized comments about their organization's product or service quality issues on a blog -- causing major brand damage -- but at the same time, banning all blog access is not the answer as it cuts the organization off from conversations with partners and customers."

Commenting on the findings, Clive Longbottom, service director at analyst Quocirca, said that inadvertent rather than malicious disclosure could prove the greatest threat to an organization's intellectual property.

Frost & Sullivan analyst Katie Gotzen said: "Whilst organizations have woken up to the security risks with email traffic, this awareness is not always extended to the bidirectional communications which are common in Web 2.0. Yet social networking sites and blogs carry an even greater risk for data leakage and brand damage than email, because anyone can potentially access them."

The survey found that most office workers were aware of their company's policy on employee use of the internet, with just 14% saying they did not know if one existed or not. More than a quarter of those surveyed said their organization did not allow access to social media sites. But 14% said their company had no policy at all.

For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.