Can Twitter and Facebook Be Both Social and Secure?

It’s not hard to argue that social networks have a security problem.

Since the beginning of the year, we have seen worms make their way through Twitter and sensitive internal documents leaked from the micro-blogging service. This month, security firms announced that the social network is being used to spread the Koobface worm, which infected the computers of Facebook users last year. And MySpace? It’s the original virtual vector for spreading malicious code.

The point is starting to sink in for many companies, according to a survey completed by security firm Sophos. While only a single-digit percentage of companies block social-networking sites because they are worried about malware, more than 21 percent of the 700 information-technology administrators polled for the survey had received some form of malicious software through such sites.

By far, the most significant reason companies blocked social-networking sites was to prevent workers from slacking off. About a third of companies blocked social networks for productivity reasons, while data leakage considerations essentially tied with worries over malware.

“There are loads of threats (on social networks),” says Graham Cluley, senior technology consultant for Sophos. “They have grown so fast that they are stumbling over their shoelaces as they are trying to run. We are trying to tell them to slow down.”

Today, avoidance seems to be the strategy for dodging the dangers posed by social networks. About a third of all companies totally block access to social networks, from 36 percent of companies blocking MySpace to 29 percent of companies blocking LinkedIn. One out of five companies also block some users from accessing the networks or block out any use during certain times.

Banning access to the sites, however, is not a long-term solution, says Cluley. “People are going to require more access to social networks, either to be closer to their customers or because that’s how young people work nowadays,” he says.

The survey is part of Sophos’s Security Threat Report for the first half of 2009.