The reasons why most employers block social-network use at work
Sep. 7, 2011
Email spam, nasty viruses, loss of sensitive corporate information and fear of employees messing around doing absolutely nothing productive on Twitter or Facebook are the main reasons that most employers enumerate for blocking social media websites in the workplace.
And some say it could be stopping them from benefiting of new collaborative technologies, says ClearSwift Research. Of course, most employers don't agree with that statement.
ClearSwift surveyed 1,530 employees and 905 company managers in firms across the globe about social media in the workplace.
The survey revealed that about 59.8 percent of employers worried that giving their employees free access to social sites would bring in email spam, viruses and worms, 49 percent feared the loss of confidential data through employee carelessness, or hacking at 45 percent, while many also worried that it had a negative impact on productivity (40 percent) and posed a threat of reputational damage to the company if used inappropriately (37 percent).
Overall, 91 percent of companies in the United Kingdom said that concerns about security and data loss were preventing technology adoption.
ClearSwift is an information security company and stated that this caution was holding companies back from the significant advantages of social media. According to the survey, these include improving internal communication, making employees happy, keeping people up to date with new information and improving contact with clients.
"Successful use of Web 2.0 is still seen as critical to future success by both groups, and there is ongoing investment in this area," the report stated. "Technology adoption is, however, being hampered by security concerns, with high-profile data loss incidents generating scepticism about new collaboration technologies."
To keep tabs on staff Internet utilization, employers used a range of tactics-- 71 percent issued a best practice policy on internet use, 68 percent said they monitored employee internet activity and 56 percent totally blocked access to certain social networking sites in the workplace.
But ClearSwift's survey suggested that blocking or clamping down on social media made staff uneasy and a bit sad. "On average, employees feel disconnected from the risks of Web 2.0. They have little sense of what they are being protected from, and therefore respond negatively to monitoring and security measures. Since they see little rationale for blocking and monitoring, they are likely to disconnect from their employers if policies are perceived as unreasonable."
In particular, younger employees found social media bans at work difficult to deal with. Only 35 percent of 18 to 24 year olds and 44 percent of 25 to 34-year-olds would happily stay at a job if they found their employer's social media policy too restrictive.
And about 43 percent of companies had actually experienced a security incident resulting from employees using social media sites.
In other internet security news
SpamHaus says it has finally won in a long-running U.S. court case against it by e360 Insight, an email spammer it blacklisted for spamming over five years ago.
In 2006, e360 Insight took a lawsuit against SpamHaus in the United States over the blacklisting of its operations. SpamHaus, which is based in the United Kingdom, argued on the advice of e360's lawyers that it was outside the jurisdiction of U.S. courts.
Judge Charles Kocoras allowed the case against SpamHaus to proceed despite this and awarded a default judgment in favor of e360 Insight for a whopping $11.7 million at the time.
The default judgment was used by e360 Insight in a failed attempt to pressure ICANN into removing SpamHaus' domain records. Judge Kocoras ruled the sanction was too broad and rejected the bid.
The original judgment was then appealed and sent back to another district court for a second hearing, where much reduced damages of $27,000 were awarded on Sep. 1st, two years after e360 Insight filed for bankruptcy, citing the legal cots of fighting the case as one of the reasons for the failure of the business.
The defunct firm was characterized by SpamHaus as a Chicago-based one-man bulk email marketing firm. e360 Insight, which was owned by David Linhardt, allegedly spam vertized bargaindepot.net via junk mail messages that violated the U.S. CAN SPAM Act.
SpamHaus' lawyers appealed for a second time to argue that the damages awarded against the anti-spam organization were still too high. The U.S. Court of Appeals ruled in favor of SpamHaus on Friday, reducing damages to the token value of $3 and ordering e360 Insight to pay SpamHaus' defense costs.
The ruling criticises e360 Insight's conduct throughout the case, particularly for its failure to come up with any evidence for the supposedly astronomical financial losses SpamHaus's actions had caused it to suffer and for repeatedly failing to file legal papers on time.
By failing to comply with its basic discovery obligations, a party can acquire defeat from the jaws of certain victory. All that e360 needed to do was to provide a reasonable estimate of the harm it suffered from SpamHaus's conduct.
Instead, e360 engaged in a pattern of multiple delays that ultimately cost it the testimony of all but one witness with any personal knowledge of its damages. That lone witness lost all credibility when he painted a wildly unrealistic picture of e360's losses.
Having failed at its opportunity to present its case, e360 must content itself with nominal damages on each of its claims, and nothing more. "We VACATE the judgment of the district court and REMAND this matter with instructions to enter judgment for the plaintiffs in the amount of three dollars," said the court decision.
Goldman concludes that the SpamHaus case illustrates that courts are ultimately likely to favour filtering services and ISPs rather than bulk-mailing firms in cases involving spam blacklisting.
"Overall, SpamHaus ended up traveling the long road and ultimately defeating e360, but it's nice to see it prevail. As the Holomaxx vs Yahoo and Microsoft cases indicate, lawsuits brought by emailers against ISPs or filtering services face a long and uphill road, which should lead to a dead end," he writes.
This is of course a strong victory for all IPSs and hosting companies, and a losing day for spammers.
In other internet security news
It looks like Google has been victimized on its own domain. A company based in the Netherlands appears to have issued a digital certificate for Google.com to someone other than Google itself who may be using it to try to re-direct Internet traffic of users based in Iran (of all places).
On Sunday, someone reported on a Google support site that when attempting to log in to Gmail the browser issued a warning for the digital certificate used as proof that the site is legitimate, according to a thread on a Google support forum site.
"Today, when I tried to login to my Gmail account I saw a certificate warning in Chrome," someone using the screen name "alibo" wrote. "I think my ISP or my government did this attack because I live in Iran and you may hear something about the story of a Comodo hacker!"
Alibo then posted a screenshot and the text of the SSL certificate. The screenshot page was not accessible, however.
In this particular case, the browser of the person reporting the issue warned that there was a problem with the digital certificate. But it's unclear what triggered the warning in the first place while other browsers may not trigger anything.
In such an event, a user could end up on a site that purports to be google.com but isn't. The digital certificate definitely is fraudulent. This posting details how to verify that a certificate is real and notes that it was issued in mid-July.
The SSL certificate was issued by DigiNotar, based in the Netherlands. Representatives from the company did not immediately respond to an email seeking comment yesterday, and an automated message said the offices were closed for the evening and offered no voice-mail option.
A phone call and email to Vasco Data Security, parent company of DigiNotar, were not immediately returned either.
The situation is similar to one that happened last March in which spoofed certificates were found involving Google, Yahoo, Microsoft, and other major sites and they were traced back to Iran. In that incident, the fraudulent digital certificates were acquired through reseller partners of certificate authority Comodo.
These attacks further illustrate a fundamental weakness with the current website authentication system in which third parties issue certificates that prove that a site is legitimate when making an "https://" connection. And yes, the 'padlock' is closed, signaling a secure internet connection.
The list of rogue certificate issuers has increased significantly over the past few years to approximately 650 organizations, which may not always follow the strictest security procedures. Furthermore, each one has a copy of the Webmaster's keys.
There is no automated process to revoke fraudulent certificates either, nor is there a public list of certificates that companies like Comodo have issued, or even which of its resellers or partners have been given a duplicate set of the master keys.
Worse, there are no mechanisms to prevent fraudulent certificates for Yahoo Mail or Gmail from being issued by compromised companies, or repressive regimes bent on surveillance.
Today's flawed system gives browser makers a large amount of responsibility towards end users. Any list of so-called 'certificate authorities' they include will be trusted by billions of Web browsers around the world, unless users take the time to change the settings.
You can link to the Internet Security web site as much as you like.