SMBs suffer from social networking anxiety. At least, that’s the takeaway from the 1st Annual Social Media Risk Index for Small to Medium Sized Businesses, a new survey report from Panda Security, a provider of cloud security with U.S. headquarters in Orlando, Fla.
The survey of 315 SMBs found that 75 percent of respondents harbor serious concerns about the threats posed by social networking sites, with 35 percent reporting a social network-related malware infection that resulted in financial loss.
Although only 25 percent of the companies surveyed block employees outright from accessing social media sites, 57 percent have social media governance policies in place. And the majority of companies in that group (81 percent) police employee use of social media to enforce those policies. Lenny Zeltser believes many of these approaches are antiquated.
Zeltser is one of the channel’s most well-versed security pundits. In addition to leading the security consulting team at IT infrastructure services provider Savvis Inc., based in Town & Country, Mo., he is also a regular on the conference circuit and an avid blogger (blog.zeltser.com). “The notion of cutting out social media is akin to telling people not to use the Web,” he says. Instead of encouraging SMBs to sterilize their employees’ Internet usage, Zeltser is a proponent of more practical approaches to mitigating risk. Here are five that channel pros can employ:
- Offer security-based training. Education is key, according to Zeltser. “Security-awareness training should incorporate a section about safely using social networking sites,” he says, “with examples about common threats.”
- Prevent browsing as an administrator. Despite Zeltser’s experience in IT, he rarely browses social networking sites on a PC when logged in as an administrator. Instead, he browses via a user account, with limited access to PC/network settings and controls. “Set up [permissions and accounts] so users do most of their social networking interactions through nonadmin rights,” he advises, to help prevent malware from gaining access to and infecting certain areas of a PC.
- Block malicious sites. While Zeltser doesn’t necessarily condone blocking users from accessing social networking sites, he does see value in blocking sites known to be malicious—those “users might be tricked into visiting,” he says.
- Track site visits. By tracking which sites are visited, you may be able to “discern infection” or prevent future infection.
- Strengthen the environment. Some customers will fail at avoiding an attack, so ensure that sensitive data is segmented from the environments in which users reside.
Using common sense and a methodical approach will enable your clients to be less controlling of their employees and more agile in combating attacks.