The next generation gap: IT and Web 2.0
By Gerhard Eschelbeck, chief technology officer for Webroot
Published: September 12 2008 17:15 | Last updated: September 12 2008 17:15
Once, if you were “twittering” you would be nervous, and a “face book” was a catalogue of known criminals. Now, Twitter and Facebook are two of the fastest growing Web 2.0 collaboration applications. Until recently they merely kept a younger generation of technology-fluent “Generation Ys” up late at night; now they are causing sleepless nights for IT management because of the security holes they represent.
Over the past decade, many fundamental business activities – marketing, advertising, customer support, sales transactions – have become web dependent. At the same time, the web is now considered the number one delivery mechanism for malware. This poses a significant security challenge to companies due to adoption of Web 2.0 technology (blogs, video, wikis, internet messaging, social networking sites, RSS feeds and similar elements) – the communication tools of choice for Gen Y.
In the next 10 years 71m Gen Y (18-30 year-olds) will enter the workforce with their favored tools for communication, researching and collaborating. Gen Y thrives on flexibility and is used to having information a click away using Web 2.0 technology. In a recent survey by Blessingwhite of employees in the UK and Ireland, 23 per cent of Gen Y employees felt they were fully engaged and taking pride in helping the organisation achieve its goals when they felt it was aligned with their own values, goals and aspirations. This alignment is the best method for achieving sustainable employee engagement.
Even though there are a number of social software tools that IT managers can comfortably deploy within their enterprise network, such Microsoft SharePoint and IBM Lotus Connections, they don’t compare with Web 2.0 sites such as Facebook. The latest ComScore data show that Facebook’s 90m user network grew 153 per cent last year globally and by more than 303 per cent in Europe where the site recorded 37m unique visitors in June alone. Gen Y youngsters depend on social-networking to organise their lives and interact with colleagues. Blocking access or using URL filtering alone is not the answer because they don’t fully answer the problem and a restrictive corporate environment will not be appealing to these bright college graduates.
And, with 85 per cent of all threats coming from the web, and with at least 5 per cent of heavily trafficked “trusted” web sites now harbouring malware, URL filtering systems and blocking alone can’t begin to protect a network since they can’t detect or stop malware or phishing attacks.
In a recent exploit, Facebook users received a post on their “wall” to view a video. Viewers were then redirected to a fake Google site with a message telling them to download a viewer. The payload was actually a Trojan Horse that downloaded spyware and keyloggers. According to Gartner, almost 50 per cent of companies do not block access or monitor this type of activity on social networking sites. With this type of web threat, it’s no wonder that IT departments are struggling to clean up malware pouring through these gaping security holes, let alone preventing data breaches, monitoring policy and employee productivity, and minimizing corporate liability to objectionable content.
What IT managers can do:
•Only block social-networking or websites after careful review (from legal and HR departments) where there is significant corporate risk that can’t be mitigated any other way
•Employ a dynamic, perimeter web security solution that can filter inbound pages for spyware and viruses; provides URL filtering for known inappropriate sites (sexual content, violence, etc); supports outbound data leak prevention by content scanning; and, can respond instantly to changing threats
•Work with HR and Legal to update employee guidelines to support acceptable Internet use policies and guidelines
•Train users on the hazards of indiscriminate use of social-networking and web sites
•Protect mobile laptop users.
What employees should do
•When using personal web mail accounts, do not click on links in your e-mail
•When visiting social networking sites, do not download applications without checking on the vendor
•Don’t download videos without proper security against spyware and viruses
•Don’t post your profile on a public social networking site if it identifies your employer and it can have a negative impact on the company’s reputation.
•Always be sure your antispyware and antivirus protection is up to date and that your personal data is protected using a secure online backup system.
Copyright The Financial Times Limited 2008
No comments:
Post a Comment