August 3, 2010

Social Networking was Not Created with Security in Mind


Willie SuttonFacebook, LinkedIn, and Twitter were created for social networking — not security.  These sites—with their rapid flow of new content and communications—are powerful tools for networking and research.   But they’ve also opened up gaping security holes.   The dangers associated with social networking are magnified in businesses, as organizations are exposed to data loss risks in real time.  This problem becomes increasingly complex when you consider the speed in which the Web evolves and its adaptation as a business tool.

The famous bank robber Willie Sutton said that he robbed banks because, “That’s where the money is.” Today’s hackers attack large organizations because, “That’s where the data is.” Organized criminals—and many companies—see data as the world’s newest form of currency.

 The Websense 2H-2009 Threat Report revealed:

  • 39% of malicious Web attacks included data-stealing code.
  • 57% of data stealing attacks occurred over the Web.

If you are responsible for security, you need to monitor and secure the use of Web 2.0 in your environment. When thinking about IT security and social networking, you should consider the following:

  • How are you managing data leakage prevention over web-based email?
  • How are you currently managing risks associated with personally identifiable data (PII)?
  • How are you enforcing compliance with regulations such as Gramm-Leach-Bliley Act, PCI, and HIPAA?

And keep in mind that Acceptable Use Policies (AUP) can be hard to identify on social networking sites. This is because many URL filters only look at top-level domains such as and Much of the content on these sites is user-generated and is typically posted in real time. If the filter is only set to allow people to use social networking sites, there will be risk attached to every link posted.

Here is where Web data loss prevention (DLP) is crucial to maintaining a safe social networking environment. Web DLP focuses on data loss through the Web.  It helps protect users, data, and the corporate computing environment simultaneously through a single secure Web gateway (SWG). Integrated  gateways also open up space in data centers, save on power and cooling costs, and reduce capital expenses.  Aside from safely incorporating social networks in the organization, this approach can also simplify deployment and policy management by having the same settings used across Web security and Web DLP functions. 

Websense allows organizations to constructively use Web 2.0 while helping prevent the risk of malware and the constant threats that are delivered through even the most legitimate sites. The Websense TRITON™ architecture integrates both Web and application content analysis and can provide user and destination awareness to enable effective policy creation.

 Click here to learn about enterprise-level Web DLP with Websense Web Security Gateway Anywhere.


Forcepoint-authored blog posts are based on discussions with customers and additional research by our content teams.

Read more articles by Forcepoint

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.