Social networking sites should prevent the minefield of corporate data leaks

Happy NET, Renren, Weibo, these social networking sites in China, although not long, but has been unstoppable momentum to become finished office white-collar favorite, nothing to update the mood, release a little feeling, share a few photos, complain a few life, is a lot of business staff time important pastime. However, social networks attract more than just ordinary netizens, and some cyber criminals are also pinning their sights on them. Research has shown that social networking site users are more vulnerable to security threats such as property loss, information theft, and malware infection, even more serious than their own imagination. Recently, Kaspersky Laboratories released a "Global IT Security Risk Survey," the survey showed that social networking sites have been seen as one of the biggest threats to corporate information security, second only to Peer-to-peer file sharing.

Of all the sample companies surveyed, 53% of the companies completely blocked access to social networks, and another 19% of companies imposed restrictions on such behaviour. Social networking is often seen as a time consuming act, and can also create potential malware attacks that pose a threat to company confidential data. The most common form of attack on social networking sites is "fishing". The offender appears as a user, and then sends a Web site containing a malicious program to his friends who, once logged on to the site, may suffer varying degrees of loss, which has previously caused a stir among Chinese users of Sina Weibo group poisoning. Since the attack on Weibo was the first time, and no Trojan was implanted to record the user's password, it did not cause serious consequences. But the spread of crisis and cyber threats in social networking sites has already begun to emerge, and in the future it is likely to be exploited by cyber criminals and able to pry into confidential data within the enterprise.

Experts suggest that companies should build a sound defense system and choose appropriate security solutions, such as using a black-and-white list to restrict access to social networking sites, if employees have the need for daily work and communication through social networking sites. The newly upgraded cloud security service can also quickly help identify new malicious URLs and warn users not to access them, thereby avoiding loss of corporate information assets.

(Responsible editor: Lu Guang)