U.S. and UK firms are getting serious about small business security and data protection as a result of social networking, according to findings recently released by cloud-based small business network security provider, Webroot.
"Social networking and social media clearly has created a serious awareness in the SMB space around Internet use," said Gerhard Eschelbeck, CTO of Webroot.
In its survey of more than 1,000 businesses from the U.S. and U.K. with 500 or fewer employees, Webroot found that 81 percent have established an employee Internet policy. Additionally, 50 percent of the respondents said their Internet policy does not permit employees to visit any social networking sites via company computer or laptop.
The Colorado-based small business security firm found that SMBs are not, for the most part, implementing Internet use policies to prevent employees from wasting time. Instead, it's about small business network security and data protection.
"Clearly, the potential impact of social networks as a threat vector has hit home for IT administrators," Eschelbeck said. "One in six of those we surveyed said a social networking site or Web 2.0 application was the source of an infection or attack, and over half of companies said their network was infected with spyware this year. Every company needs to develop a policy for social networking use and should also deploy reliable Web security services for ongoing protection against zero-day threats."
Eschelbeck said 53 percent of firms surveyed were very concerned with the potential for infection by malware in their small business computing environment via the use of social networking sites, which he noted was unsurprising given so many of them reported past infections. Additionally, he said 42 percent of firms were mostly concerned about data leakage through social networking sites, especially employees inadvertently posting confidential information.
"It's not a surprise that those two things are at the heart of what companies are concerned about," Eschelbeck said.
He noted that only 12 percent of companies surveyed indicated they had seen evidence of confidential data being released as a result of social media. Eschelbeck noted that means more than 100 of the companies Webroot surveyed had experienced data leakage as a result of social networking.
Breaking down the numbers more finely, Webroot found that 39 percent of SMBs have an Internet use policy that prohibits the use of Facebook, 30 percent of such policies prohibit use of Twitter and 27 percent prohibit the use of video-sharing sites like YouTube.
About 21 percent of the small business computing policies were slightly more lenient and allowed employees to visit social networking sites during specific times, like during lunch breaks or after work hours. Additionally, 16 percent of policies granted certain departments, primarily marketing, to visit specific social networking sites.
While Eschelbeck said he was very pleasantly surprised to find that so many small business security departments had instituted Internet use policies, he noted that it's only a first step.
"Only 32 percent of companies have infrastructure in place to actually enforce those policies," he said. "The Internet use policy is a very good first step and a mandatory first step to create awareness throughout the company, but then the next step is enforcement."
He added that a policy must be combined with employee training and technology to support and enforce the policy to be effective.
Thor Olavsrud is a contributor to SmallBusinessComputing.com and a former senior editor at InternetNews.com. He covers operating systems, standards and security, among other technologies.