IT pros blamed for social networking breaches

 

Gallery

By Barry Collins

Posted on 28 Nov 2007 at 16:16

PC Pro exclusive: IT professionals are worse than ordinary employees when it comes to breaching corporate security with social networking sites.

IT pros are almost twice as likely to use social media tools at work than regular employees, according to a new survey from Microsoft and security firm, Facetime. A fifth of those have replied to a complete stranger over such services and 17% have downloaded an application without checking its security.

And even though they should be well versed in the dangers of ID theft, IT professionals are more careless with their personal data on such sites. Four out of ten have joined networks replete with strangers (compared to just 29% of regular employees), 35% have posted their date of birth, and 27% have published their home address on sites such as Facebook and MySpace.

Microsoft says the attitude of IT professionals is alarming. "We assume IT pros are more technical and aware of things like phishing, but our research suggests the contrary," says Stephen Lamb, IT security evangelist at Microsoft.

Facetime suggests that complacency may be to blame. "We [IT pros] think we know it all, and we don't put enough thought into security," says Chris Boyd, security research manager at Facetime. "I had a call from an IT professional who was caught by a MySpace music group hack. This guy said 'I know what I'm doing' but he switched his brain off."

Boyd admits that the only way to completely mitigate security risks from certain social networking sites is to blacklist them. However, Microsoft - which runs its own social networking site and is an investor in Facebook - claims better user education can reduce the danger.

"People don't appreciate the risks," says Lamb. "We need to raise awareness that things people believe are only open to a group of friends are in the public domain."