Trend Micro Warns IT on Social Networking

The popularity of consumer social-networking services like Facebook and Twitter has spilled over into the workplace, bringing potentially dire consequences, warns Trend Micro.

As part of its corporate end-user study released Monday, the IT security firm found that the use of social-networking sites in the workplace grew from 19 percent in 2008 to 24 percent in 2010. Some 1,600 end users in the United States, United Kingdom, Germany and Japan were surveyed.

Even if employees need to access consumer social networks for business reasons, Trend Micro warned that their increased use merely makes them more viable as malware distribution points without proper oversight.

“Social networking is an extremely important tool both for personal and professional relationship building,” David Perry, global director of education at Trend Micro, said in a statement. “And while most companies’ concerns around social networking in the office center around the loss of employee productivity, what they may not realize is that many social networking sites are built on interactive technologies that give cybercriminals endless opportunities to exploit end users, steal personal identities or business data and corrupt corporate networks with malware.”

Perry said IT can best head off the threat by implementing appropriate security solutions and social-networking guidelines for employees.

With security and usage policies in place, Perry said “there is no reason why companies who choose to allow their employees the option of visiting these sites should be overly exposed to these risks.”

But absent proper protections or basic monitoring, social networks can expose enterprises to such threats as the Koobface virus, which Trend Micro said is the largest Web 2.0 botnet . Koobface controls and commands around 51,000 compromised machines globally, according to the firm.

While some companies may choose to mitigate the risk by restricting access to social networks, Trend Micro said such a strategy could make things even worse.

“Trying to just prevent users accessing social networks from work could potentially increase the risk to an organization as users look for ways around computer security, possibly increasing the chance of exposure to security threats,” the report stated.

Trend Micro released a whitepaper outlining best practices for business use of social networking last year. The whitepaper, “Security Guide to Social Networks,” is available here in PDF format.

Notebook users a bigger threat?

In its latest survey, Trend Micro found that notebook computer users in all the countries polled are much more likely than desktop users to visit social networking sites.

On the specific issue of security, the survey found laptop users who can connect to the Internet outside of the company network are more likely to share confidential information via instant messenger, Webmail and social-media applications than those connected to a company’s network. The notebook issue was significantly more prevalent among users in German and Japan.

David Needle is the West Coast bureau chief at, the news service of, the network for technology professionals.