Open use of Twitter, Facebook a concern: WatchGuard

Social media not high on security priorities for IT managers, survey reveals

Internet security provider, WatchGuard Technologies, are "alarmed" by survey results that revealed some Australian IT professions do not consider social media to be a potential risk.

The survey, commissioned by WatchGuard, was conducted with 157 IT professionals - including IT managers and CIOs - in March 2011.

The results showed that social media use within business was on the rise, with 82 per cent of organisations allowing employee access to social networking sites such as Twitter, Facebook, and LinkedIn. Video streaming was also popular, with 76 per cent of businesses allowing employee access to streaming sites such as YouTube.

WatchGuard A/NZ regional director, Scott Robertson, told Computerworld Australia that he was surprised by the results.

"We know businesses use these forms of social media to manage and promote their own brands," he said. "But we were alarmed at how many businesses were leaving these online applications open."

While Roberston acknowledged that IT managers were trying to handle potential exposure with the risk of employee revolt if they were not allowed access to social networking sites, he said all users should upgrade their accounts to only use the secure versions of Twitter and Facebook, which were rolled out in March.

Security priorities that were high on the list included data protection, securing mobile devices and email encryption.

More than one in five organisations stated that email encryption was now a requirement for their business. According to the survey, this was in response to the increasing need to protect data in transit for mobility purposes.

47 per cent of the professionals surveyed cited prevention of theft and inappropriate disclosure as their top investment, while 44 per cent cited the need to provide security for a mobile workforce. Other drivers included compliance and prevention of unauthorised employee access to data.

Mobility took the top two places in the list of security priorities for 2011, with 65 per cent nominating the need to secure mobile devices such as smart phones and memory sticks as their most important task. Another 57 per cent stated that their greatest priority was remote access for employees. Network access control (52 per cent) and threat detection and monitoring (50 per cent) were also priorities for many organisations. The four least important priorities for 2011 were identity management, incident or attack response, extranet security, and regulatory compliance.

Robertson also said that the priority for IT managers was to adapt organisational security measures to suit the new mobile hardware environment.

"The biggest challenge is to prevent both intentional and unintentional data leakage," he said. "The tools to achieve this do exist, but right now most organisations are still in a state of catch up.

"Over the next year there will be a big focus on putting in place mobility strategies and tools, after which we anticipate attention to turn to the bandwidth and security issues of social media."

From a market point of view, he said there was an increasing interest in Australia to explore data leakage offerings.

"There are a number of products out there that offer comprehensive data leakage," Robertson said. "One of the difficulties IT managers face is to understand what data content should be shared and not shared.

"There are certain things that are used, such as document fingerprinting, which only gives access to some people."

Robertson said he was pleased that data protection was high on priorities but felt more could be done to prevent data leakage.

"Australia is lagging behind countries, such as the US and UK, where data leakage is penalised," he said. "Companies there are held responsible for any customer data leakage and sensitive information."

According to Robertson, local policy makers needed to consider taking this more seriously because of the recent hack of UK-based cosmetics company, Lush.

"Their customers in Australia and New Zealand had credit card details hacked, but this only became public after it was exposed through the press," he said. "At a legislative level, should this business not be held responsible?

"If policies and penalties are attached to data leakage we would see a faster rate of adoption."

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU

Join the CSO newsletter!

Error: Please check your email address.

Tags watchguardwatchguard technologiessecuritysocial media

More about FacebookWatchguardWatchguard Technologies

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Hamish Barwick

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts