Forgot your password?
typodupeerror
Security IT

Facebook the Most Dangerous Social Tool For Businesses 142

Posted by samzenpus
from the friend-at-your-own-risk dept.
wiredmikey writes "According to a recent study Facebook is by far the most popular and most dangerous social media tool among small-to-medium-sized businesses, with 69 percent of respondents reporting that they have active accounts with this site, followed by Twitter, YouTube, and LinkedIn. Facebook is also the top culprit for malware infections and privacy violations, e.g. the leaking of sensitive company information. YouTube took the second spot for malware infection, while Twitter contributed to a significant number of privacy violations. For companies suffering financial losses from employee privacy violations, Facebook was again cited as the most common social media site where these losses occurred, followed by Twitter, YouTube, and LinkedIn."
This discussion has been archived. No new comments can be posted.

Facebook the Most Dangerous Social Tool For Businesses

Comments Filter:
  • by iONiUM (530420) on Wednesday September 15, 2010 @05:34PM (#33593152) Homepage Journal

    Dangerous in what form? I don't get that.

    For malware specficially, well I guess that isn't surprising, I have a facebook account and I always see my friends posting links that are clearly spam. I guess some other people see this and click on it (by accident or not) and then they get infected too, and so it spreads.

    • Re: (Score:3, Informative)

      by camperslo (704715)

      Malware is reportedly up about 50% this year. Wondering who the targets are?

      GData Software , a German anti-virus firm, details some malware numbers. [gdatasoftware.co.uk]

    • by dbIII (701233) on Wednesday September 15, 2010 @08:32PM (#33594784)
      Also dangerous in that your HR staff are mucking about on facebook all day instead of working using the excuse that they are getting background information on potential staff. That's a horrible excuse because hiring or firing decisions should not be made on the basis of the trivia that ends up on facebook pages. You get idiots hired because they look good in a photo or have the same hobby as the HR person. Within the normal bounds of mental health and with competant management personality should be irrelevant to most jobs anyway. Profiling beyond competance for the job is almost a complete waste of time.
      We take things like facebook too seriously. Nobody in the workplace should care about a teachers "drunken pirate" costume party photo for example, let alone the teacher losing their job over it.
      • Re: (Score:3, Funny)

        by drinkypoo (153816)

        the real problem is that most HR people are not worth the CHON they're made of. Unfortunately this is a real side-effect of our willing to leave people issues to others who we feel will do them better. well they might be more comfortable making decisions with the lives of others, but that's usually because they're a sociopath.

    • Re: (Score:2, Insightful)

      by sitarlo (792966)
      There are 1001 ways a social engineer/criminal/con artist can exploit information found on social networking sites. People who post personal or business information on sites such as Facebook or Twitter are stupid. Want to fight cybercrime? Make the internet anonymous again!
  • Slashdot in 2010 (Score:5, Insightful)

    by bonch (38532) on Wednesday September 15, 2010 @05:35PM (#33593170)

    Almost all of the last 20 or so stories have been about either social networking sites or Google and its products. Man, I remember when programming topics actually used to make it to the front page. You know, news for nerds.

    • by geekoid (135745) <dadinportland@yBLUEahoo.com minus berry> on Wednesday September 15, 2010 @05:44PM (#33593252) Homepage Journal

      welcome to being a market demographic.

    • Re:Slashdot in 2010 (Score:5, Informative)

      by DragonWriter (970822) on Wednesday September 15, 2010 @06:08PM (#33593468)

      Almost all of the last 20 or so stories have been about either social networking sites or Google and its products. Man, I remember when programming topics actually used to make it to the front page. You know, news for nerds.

      Being generous and counting Android (even though it was only briefly owned by Google between the time Google bought it and the time Google transferred it to the Open Handset Alliance) as a "Google product", and going further with that generosity and counting a story about HTC Android phones as being about Android rather than the specific phones and thus a "Google product", I count 7 of the 18 current front-page stories that are either about social networking sites or Google and its product (one of which is about a forthcoming Google social networking product.)

      Being even more generous and assuming that the two next most recent stories were also about social networking sites or Google and its products, that's still less than half of the last 20 stories.

      Aren't "nerds" generally supposed to be detail-oriented and numerate?

       

      • Actually, I guess it depends on what sections he reads, since Slashdot does offer some customizability in what you see on the front page. Someone who isn't interested in idle, games, etc, and reads the IT and/or technology sections, or even only reads one of the Slashdot sub-sites, might see a different set of stories than you do.

        • Actually, I guess it depends on what sections he reads,

          I don't think there is any combination of Slashdot sections for which the almost all of the most recent 20 stories (either now or when the post making the claim was posted) would concern either Social networking sites or Google products, though I will admit I haven't actually checked every possible combination of sections to see if there is any way to make the claim remotely approach the truth.

      • by syousef (465911)

        Being even more generous and assuming that the two next most recent stories were also about social networking sites or Google and its products, that's still less than half of the last 20 stories.

        Aren't "nerds" generally supposed to be detail-oriented and numerate?

        Yes but even if there was an exaggeration here, do we really need half our "stories" to be shilling for Google and social networking sites? If you add Apple products to the mix, you quickly see that this place has gone downhill. I use to read EVERY story on the front page at one point. Now I'm lucky if I care about 2 a day.

        • Yes but even if there was an exaggeration here, do we really need half our "stories" to be shilling for Google and social networking sites?

          Even counted generously, less than half the stories were about those topics, and not all of those were positive stories. Negative stories about something are hardly "shilling" for the subject of the story.

          If you add Apple products to the mix, you quickly see that this place has gone downhill.

          If you want a consistent mix of subjects, got to an outlet that has a narrow, s

        • Lebbo attempts to cast blockquote. Oh noes!!!! critical fumble!

    • Re: (Score:3, Insightful)

      by vux984 (928602)

      Man, I remember when programming topics actually used to make it to the front page. You know, news for nerds.

      Meh, the daily astroturf about Ruby On Rails a year or so back weren't any better. ;)

    • Re: (Score:3, Funny)

      Almost all of the last 20 or so stories have been about either social networking sites or Google and its products. Man, I remember when programming topics actually used to make it to the front page. You know, news for nerds.

      What's especially amazing is that Slashdot covers so many stories about popular sites that require having friends!

  • Hmm.. (Score:4, Funny)

    by Anonymous Coward on Wednesday September 15, 2010 @05:36PM (#33593186)

    Oh my lord... there's MALWARE on Facebook?? I thought all those links for free iPads were real! Noooooo!!!

    This shouldn't surprise anyone, really.

    • by mmaniaci (1200061)
      Anecdotal proofs don't hold much weight in the real world. Science on the other hand does.
      • Anecdotal proofs don't hold much weight in the real world. Science on the other hand does.

        Well, your post doesn't get 'Funny' in the /. world but "there's MALWARE on Facebook??" on the other hand does. Gotta know your audience.

    • by Bryansix (761547)
      Actually I highly doubt facebook.com is serving up malware. However they may be enabling it through their API and third party application support.
  • by maliqua (1316471) on Wednesday September 15, 2010 @05:54PM (#33593338)
    Companies should simply block social networking sites or have policies against there use. In my office the average user spends 135% of there work hours logged into facebook 135%?! most of them leave it logged in when they go home
    • Re: (Score:1, Offtopic)

      by turbidostato (878842)

      "Companies should simply block social networking sites or have policies against there use."

      How this can be offtopic about a news telling that social networking sites pose a financial danger for companies?

      It might be "-1 idiotic" but never off topic.

      • by maliqua (1316471)
        idiotic? Is it not the simplest solution, also one that will make your employees work rather than dick around on each others walls all day? Companies need to stop blaming these 3rd party sites as security breaches and start blaming the people who are in charge of securing there network and work stations. Facebook is a SOCIAL media tool employees in most businesses should have no reason to use it during work hours or on work owned computers.
        • One of my clients has around 50 workstations that are used only for season/temporary employees. None of the seasonal employees gives a crap about company policies - they just try to get away with whatever they can and still collect a check at the end of the week. Their workstations are configured to redirect to a php script on the server whenever they try to connect to a site other than those on their 'approved list' (they use a web-based app for customer service and shipping). They always deny they did any
    • by Culture20 (968837)
      There are people whose job title is Facebook Liaison. I knew someone a few years back whose whole job was building a Second Life presence. Marketing folk in every company are extremely hot for Facebook for obvious reasons.
      • by cynyr (703126) on Wednesday September 15, 2010 @06:18PM (#33593536)

        then unblock facebook on that one persons or groups computers, not site wide. should be easy to implement.

        • by Bryansix (761547)
          Not this generation. I don't care how scarce jobs are. If you block Facebook, they will quit.
          • by Jaysyn (203771)

            They did this at my office last year. While the admins weren't too happy about it, I'm pretty sure their productivity went up.

            No one quit over it though.

            Crap, I keep forgetting I'm not in "this generation" anymore.

          • So what? If they spend all day on Facebook, they aren't working and shouldn't be paid. The logical conclusion is to sift off the cruft by letting them quit; Saves paying a severance package, should they have one. In this time, there are plenty of people who need jobs. Everyone is replaceable.

            I know a local Uni which uses a time-based approach to this for their office staff. Social Networking and personal email is blocked outside of the Lunch period, and lunch is assigned to half our slots between 12 and 2p
            • by Bryansix (761547)
              See the problem here is not the employees. It is your managerial style. Saying that "Everyone is replacable" only breeds contempt for management. Sure if reality everyone has to be able to be replaced. But that means cross training, documentation, and communication. It DOES NOT mean you should be making an example out of every little thing. Moreover you have to look at employees as an investment and as the managers as enablers. If an employee is unproductive most often it is because of a lack of communicati
    • by tomhudson (43916)

      ! most of them leave it logged in when they go home

      And why are you not helping them by updating their status with all sorts of "interesting" posts and links, and sending out a bazillion "friend" requests on their behalf?

      It's the only way they'll learn.

    • by houghi (78078)

      Just use white lists on all PCs and place some 'general access' in the food area.

      All the proxy server needs to do is provide the user a page where his username is confirmed and a field as to why he would need access. Access is then automagically granted for that site and the site placed in a grey list.
      Once in a while somebody will check the grey list and add the sites in either black or white list.

      If a site is on the black list, a more 'official' request could place it on the white list.

      This all would have

    • for postings about upcoming events.
      - New products.
      - New discounts
      - New prices
      Remember FTA, business's have accounts on facebook. Not that workers are posting to facebook. Your only addressing part of the article.
    • Re: (Score:2, Informative)

      by blai (1380673)
      That's cool. I leave facebook on at the other end of ssh.
    • most of them leave it logged in when they go home

      If your coworker leaves his computer logged in and his facebook open, it's your obligation to start modifying his profile and posting cool updates.

  • by StikyPad (445176) on Wednesday September 15, 2010 @05:55PM (#33593350) Homepage

    "Oooh! A talking moose wants my credit card number. That seems fair!"

    The most dangerous tool is the one sitting in the chair.

    • by Anachragnome (1008495) on Wednesday September 15, 2010 @06:21PM (#33593564)

      "The most dangerous tool is the one sitting in the chair."

      Back in my auto shop days, we had a term for a certain diagnosis--The Loose Nut Behind the Wheel.

      It referred to either the driver/owner being the source of the mechanical problem (such as pulling the parking brake out to hang ones purse on, then merrily driving away), or the driver/owner was simply insane (we had our share, and oddly enough, sanity is not a requirement for a drivers license).

      Of course, this was a diagnosis we kept to ourselves. Explaining such a diagnosis to the driver/owner was usually awkward--"Sir, the reason your Ford Escort is never going to go straight again is because you weigh 600lbs. An alignment isn't going to fix anything. You just need to switch to low-octane fuel".

      • Re: (Score:3, Insightful)

        by houghi (78078)

        Here it is called PEBCAK [urbandictionary.com]

        • by mirix (1649853)

          'I D 10 T' error.

        • by Jaysyn (203771)

          Or an ID10T error.

        • Re: (Score:2, Interesting)

          by Anonymous Coward

          I prefer the term PICNIC (Problem In Chair Not In Computer) because people recognize the word and it has a comforting "sounds easy" connotation. Also as a bonus, somebody unfortunately inquisitive can be told how it is spelled (like it sounds) and won't immediately find a google term explaining it as they do for PEBCAK, or worse realize that their sticky note is calling them a name (ID 10t) and complain to the boss or HR.

          This is handy when noting help desk tickets because other savy IT staff will recognize

      • by syousef (465911)

        Explaining such a diagnosis to the driver/owner was usually awkward--"Sir, the reason your Ford Escort is never going to go straight again is because you weigh 600lbs. An alignment isn't going to fix anything. You just need to switch to low-octane fuel".

        "Good news sir. We have a fix for you and you don't have to pay us a cent. Now to the fix: How much does your wife weigh?"

      • I want to repurpose your term! I never knew so many people can't spell "lose"!
        Thanks for reminding me of a Sig I wanted for a couple of weeks.
        Lose : Goats :: Loose : Goatse

    • by antdude (79039)

      Is the talking moose's name, Bullwinkle?

  • Facebook and similar sites attract a lot of malware, true. How about not using a platform known to be hypersensitive to this malware when accessing these sites? Why is this simple and effective solution never proposed?

    Why oh why oh why does the average IT person not contemplate this effective, cheap - yes cheap - and sensible solution? It is almost as if there is a religious dogma against pointing a finger at Windows. Even the most die-hard Windows fanatic surely should see the sense in this approach? If yo

    • Re: (Score:3, Insightful)

      by war4peace (1628283)
      Do I have the impression you propose that people use one OS for their daily work and another OS for Facebook and the like?
      Now I might be considered a troll, but why oh why does the average Linux person (see, I can generalize as well!) always try to fix the tool but NOT the user?
      Irony apart, the issue with getting "infected" doesn't get solved by switching the Operating System. It might get partially solved or it might help somehow, but it's not a solution. There's no permanent solution, there's just commo
      • Re: (Score:3, Insightful)

        by knarf (34928)

        Repeat after me: NOT the tool, but the person. NOT the tool, but the person. NOT the tool...

        Why would I repeat something which is false? Repeating it does not make it true.

        If you want the truth and nothing but the truth you should realise that it is a combination of the tools used and the people who get to use them. If you still have any doubt about which of these tools is more susceptible to malware, well... good luck to you.

        About those people... what, in your opinion, is easier to change: habits, or tools

        • About those people... what, in your opinion, is easier to change: habits, or tools? If you say 'habits'... good luck to you again.

          Um, isn't that YOU are trying to do? Change the habit of using Windows? Don't say it's not a habit. Yes, sir, it is.
          Clicking on a link out of misinformation or not having common sense is something that can be changed through education. Altering a tool so it becomes 100% foolproof is impossible. Now I don't want to get into the whole "Windows vs Linux" retarded discussion, I've had enough of it :) - but let me point out that there are people who use "susceptible" tools and are fine, and people who use "bett

    • Re: (Score:2, Informative)

      by DogDude (805747)
      "I am truely flabbergasted by this resistance to change. If you stand to lose ${many} by allowing Windows on the 'net... why not prevent that loss"

      Because the potential loss from NOT using Windows would be even greater. You can't run a small-medium sized retail business without Windows... there's no robust small to mid-sized point of sale system that's not Windows based. There's no functional accounting software that's not Windows based. There are simply not enough applications for most businesses to
      • by AHuxley (892839)
        If a Windows developer can write the tools, a Linux user given time and the accounting insight could clone them.
        Find an accountant interested in computing. Get info from the tax department. Find the 30 or 500 pages that need to be sent in. Learn about the front end of raw data, see what the Windows app does and how it formats the end product. Talk to the front end hardware scanners/data entry/input makers and ask for details.
        If some Windows developer can work it out, so can a Linux user. At some poin
        • But can the linux user do it for less than $2000 (the high end of a small accounting software package) and support it and all bug fixes and patches for less than $500/yr (the high end of a maintenance contract)? Can you update the tax rates and schedules in all fifty states for $200 every single year?

          Remember, the opportunity cost to a company is about $75-$100/hr on a typical employee. At this scale, writing custom apps is not cost effective.

      • there's no robust small to mid-sized point of sale system that's not Windows based.

        My local minimart runs s/370.

        There's no functional accounting software that's not Windows based.

        Well, apart from SAP, Oracle Financials, Compiere, LegderSMB...

    • "I am truely flabbergasted by this resistance to change."

      Why?

      The AV industry would be doomed if everyone applied your fancy-schmancy "wisdom". Think of the jobs(and billions of dollars!!) lost.

      Facetiousness aside, it wouldn't surprise me in the slightest if companies like McAfee and Symantec were covertly behind some of the malware/virus releases. We already know as fact that some unscrupulous individuals will infect machines just to sell a fix (often bogus itself). Is it really that hard to believe, in thi

      • by AHuxley (892839)
        The fancy-schmancy "wisdom" of Windows reminds me of the early post ww2 years.
        NATO needed encryption, but the ~NSA/GCHQ where not going to allow any real encryption to be exported around the world.
        So they gifted safe networks but their units where unsafe on site. They leaked plain text near the unit.
        Poor tempest allowed the ~NSA/GCHQ to read all and the units where gifted to NATO.
        Windows seems to be the same leaky software solution that was gifted to the world.
    • Re: (Score:3, Informative)

      by Bryansix (761547)
      To be fair IE8 on Windows 7 with MS Security Essentials (all free with Win7 license) is actually a decently secure solution assuming it is set up that way from day one.
      • by Barny (103770)

        So is firefox with no-script, and it will stop the latest 0-day exploits too :)

  • Youtube? (Score:4, Interesting)

    by Scrameustache (459504) on Wednesday September 15, 2010 @06:01PM (#33593400) Homepage Journal

    How do you get infected with malware from youtube?

    • Re: (Score:2, Informative)

      by Anonymous Coward

      How do you get infected with malware from youtube?

      I'm thinking 2 ways: links in video descriptions/comments/etc and there was the recent XSS flaw.

    • Re: (Score:2, Funny)

      by Zero__Kelvin (151819)

      "How do you get infected with malware from youtube?"

      You start by running Windows ;-)

    • by RichM (754883)

      How do you get infected with malware from youtube?

      When somebody figures out how to abuse the HTML5 H.264 format.

      • How do you get infected with malware from youtube?

        When somebody figures out how to abuse the HTML5 H.264 format.

        You're talking about the future, they're talking about the past.

    • by ceejayoz (567949)

      Doesn't it require Flash?

    • Re:Youtube? (Score:4, Insightful)

      by TheRaven64 (641858) on Wednesday September 15, 2010 @07:27PM (#33594210) Journal
      By reading the comments - they can cause permanent brain damage, unless you have a proper firewall.
    • Mod parent up. I don't understand this either. Sure there are Flash exploits, but they're not hosted by YouTube.

      If you were infected with certain variants of Koobface, it would direct you to fake YouTube sites. The real YouTube had nothing to do with it.

      In July there was an XSS exploit in some of YouTube's comments. There was no malware/infection, the page itself would generate popups or redirect you. It lasted all of 2 hours.

  • Oh well (Score:4, Funny)

    by Locke2005 (849178) on Wednesday September 15, 2010 @06:04PM (#33593426)
    Sadly, slashdot remains last on both the list of sites from which to contract malware infections and the list of sites on which to meet people from which to contract an STD.
  • I thought they might actually talk about something meaningful. With businesses using facebook and its ilk for conducting business, I thought TFA might talk about how small businesses are using it incorrectly and turning off customers or something.

    It seems a lot more pertinent, as people tend to think that it is either a great tool for communication, both positive AND negative.

  • Okay, I'm no troll, but this is news to me. How does this happen? You all run antivirus software, and yet somehow actually *visiting* a site can infect you. So how does this work? Can you visit a site wearing a 'condom', or do you know, somehow, that you shouldn't click on something.

    No trolling, but as a Mac user I click what I like. How do you know what to click or not click?

    • by fluch (126140)

      So how does this work? Can you visit a site wearing a 'condom', or do you know, somehow, that you shouldn't click on something.

      You know, even a condom does not prevent pregnacy 100%. Neither does the pill. (My neighbors half year young daughter is a perfect example of the latter; which does not mean she is not loved by her parents, quite the contrary!) Same with anty virus programs. Of course you CAN get infected dispite running them. It is just less likely...

    • Re: (Score:2, Informative)

      by Anonymous Coward
      It doesn't happen, to be honest. If you see malware that infects the OS or user account today, chances are that:

      A) the machine is using XP / browser without process sandboxing (this requires Vista/7)
      B) the browser has admin privs (XP, or UAC disabled)
      C) browser plugins are exploited / plugins can run without request

      C is the default configuration for the three browsers but it can be changed. As a result, 99% of malware today is taking advantage of a plugin.
  • by Jonboy X (319895) <jonathan...oexner@@@alum...wpi...edu> on Wednesday September 15, 2010 @06:30PM (#33593666) Journal

    To summarize: Alarmist e-zine for PHB's confirms their suspicions that Facebook and YouTube are, in fact, the devil. Why is this on Slashd...oh, it's samzenpus. Never mind...

  • If I would have to make decisions in a company, I would block Facebook, Twitter, Youtube and a few other sites which are popular but not necessary for company life. I am aware that a certain amount of private activity is fine in corporate environment, but certain sites draw just far too much time on them on a regular basis.

    I for myself do not have a Facebook nor a Twitter account. And I use the Leechblock extension on Firefox to keep me of unnecessary sites during work hours which I otherwise would visit fa

  • by yuna49 (905461) on Wednesday September 15, 2010 @06:39PM (#33593744)

    Once again we have another poll which is somehow supposed to represent actual facts.

    This is a "study" by a company that sells computer security "solutions" to small and medium-sized businesses. Haven't we all learned by now that these reports are largely designed to scare PHBs into buying the products and services these companies peddle? There's absolutely nothing in TFA that enables us to determine how the firms were chosen, who was interviewed, how they were selected, and whether they have even a clue about how sites like Facebook and YouTube might be the culprits.

    Enough breathless reporting of stupid press releases, Slashdot editors. Just because SecurityWeek has no editorial scruples doesn't mean you shouldn't have them.

  • Who would have ever thought the most popular website in the world, that users can post links on, would have the most links to malware and spam. Oh wait, that just common fucking sense isn't it?
  • by 93 Escort Wagon (326346) on Wednesday September 15, 2010 @07:20PM (#33594134)

    I've seen people do some really dumb stuff on Facebook that they almost certainly wouldn't do elsewhere.

    A few weeks ago, there was a viral (in the true sense of the word) page that got popular really fast - I think it claimed to let you see who'd un-friended you, but I might have that bit wrong. Anyway, after an acquaintance got hit by this, I went to check it out. Basically this page said "here's how you do it - just copy and paste the following into your browser's address bar". This was followed by what was pretty obviously a bunch of hex instructions (likely obfuscated javascript, but maybe vbscript) that apparently downloaded harmful code to the user's computer - and since the code was entered by the user, it didn't raise any red flags (maybe only by IE, maybe by other browsers as well - I didn't take it any further).

    I can't imagine anyone in this day and age going to a random website and following these instructions - but on Facebook they were happy to! It was so breathtakingly stupid I had a hard time believing people fell for it; but they obviously did.

Imitation is the sincerest form of plagarism.

Working...