It is easy to plant infected flash drives as a way for hackers to compromise computer networks. (Duncan Alfreds, Fin24)
Cape Town - Blocking social media for employees might be tempting for managers looking to boost productivity but such a policy may backfire, says a new security report.
According to the Cisco 2015 Annual Security Report, blocking access to social media sites in the workplace may put organisations at greater risk than if users were allowed to browse these sites.
"Blocking social media only gives the illusion of tighter, more impenetrable security defences. When users are not aware of why such policies are in place, they may bypass security, for example, by accessing the network through their own devices to browse social media," said Greg Griessel, consulting systems engineer of Security Solutions at Cisco, South Africa.
"The arguments that social media may stifle productivity are valid. On the flip side, it doesn't really make sense to pass up an opportunity to engage with staff on social media - especially if the business is using these platforms to communicate with its audience," said Griessel.
The solution lies in education, he said.
If employees understand why policies are in place, they are less likely to form behaviours that put the company at risk.
"By implementing clear, easy to understand policies, users will be equipped with the knowledge they need to achieve their goals without bypassing security. These policies should provide clear recommendations and appropriate resources for timely assistance and should make users aware of the potential impact of flouting security rules."
Be more wary of social engineering
Insulating a company's IT network for security reasons could also prove futile as social engineering could still expose a business to hackers anyway.
Hackers are increasingly 'deploying' USB drives on company premises in the hope that a worker will fire up the device on a local computer.
Trustwave cyber security expert Leon Van Aswegen has previously told Fin24 how his organisation conducted an experiment to see how easily destructive this type of social engineering could be.
"We would actually go and visit the client and we distribute USB sticks: Leave it in the bathrooms, leave it the meeting rooms; put it on the desks," Trustwave cyber security expert Leon Van Aswegen previously told Fin24.
"On the USB is a piece of code, if you open it up... people want to do the right thing. You make it look legitimate - put your pictures on there, make it look like its personal images and the person wants to return it to you because you're going to lose your data," said Van Aswegen of how the social engineering trick works.
"As soon as a click on a folder or anything, the script runs and you know that data is lost," he said.
Do your employers block Facebook, Twitter, YouTube or other social media? Let us know what you think about it.
- Follow Duncan on Twitter