Do social sites represent unique security threats?

Posted on May 26th, 2011 by Admin

Approximately half of all U.S. businesses block employee workstation access to social media sites such as Facebook, Twitter and YouTube. In health care the percentage that block may be even higher.

This obviously hinders the effectiveness of social media strategies when employees – who are the organization’s greatest asset and should be its strongest supporters – are barred from interacting in these spaces during work hours.

Mayo Clinic does not block access to these social networking sites, and never has (with a brief exception of one morning about three years ago.) Earlier this year I asked Shawn Bishop, one of our Center for Social Media staffers who formerly worked for 21 years in Mayo’s IT department, to connect me with some of his colleagues in workstation management and network security so we could discuss these issues and how Mayo Clinic handles them to preserve and open environment.

I interviewed Jeff Boisen and Andrew O Connor (who are shown in the video below), along with their colleague Ron Flotterud. I’ll let you hear directly from them, and then I’ll summarize some key points.

  • Viruses and Malware are real threats, but not just on social sites. As Jeff said, hackers can inject malicious code on any Web site. The only way to completely prevent infection would be to block all Internet access, and even then a virus could be introduced by a jump drive brought in from the outside connected to a USB port on a network computer.
  • Network security requires a multilayered approach, as Jeff describes, but these security measures are part of the cost of having Internet access at all (see point #1 above.) The security risks from social sites are not unique.
  • User education is crucial. Facebook users, for example, need to be careful about which applications they install on their profiles. Likewise, employees can be taken in by e-mail phishing scams. Strong user education is part of what we plan to make available through the Social Media Health Network.

In summary, social networking sites do not present unique security risks. Any Web site can have malicious code. Having strong network security is important, but it isn’t a reason to block social sites.

While I didn’t capture Ron via video, he did say that Network bandwidth is a legitimate issue, not so much with Facebook and Twitter but with YouTube. The bigger problem, though, surrounds major news events that offer live streaming, such as a presidential inauguration, World Cup soccer or NCAA March Madness. Obviously network management professionals need to monitor bandwidth issues and take action if usage peaks could cause problems. That response could be temporarily restricting access to sites, or it could be purchasing more bandwidth.

We are asking Jeff, Andrew and Ron to answer questions and respond to comments here. We hope this post and the resulting conversation can be a resource for organizations contemplating opening employee access to social networking sites.

Tags: FB, IT, Security, viruses, YouTube

You must be logged-in to the site to post a comment.