F-Secure: Data security is not main reason for restrictions on using Facebook

Mikko Hyppönen

print this

Today, many companies restrict their employees’ access to various social utilities on the Internet, claiming that the reasons for limiting access are related to data security.
      However, Chief Research Officer Mikko Hyppönen from the Finnish security company F-Secure is confident that the real reason for restrictions and bans is the use of time.
      ”If the tasks of employees are not directly associated with the use of such services, employers fear that people remain surfing on the Internet, even though they should be doing something else”, he says.
      In addition to the social networking website Facebook, other popular websites include the instant communication service Microsoft Messenger, the video sharing website YouTube, and the social networking website MySpace.
     
Last week, F-Secure advised companies to create different passwords for e-mail and social networking websites. This has been interpreted as implying that the service itself - for example Facebook - is risky. However, Hyppönen wants to correct this assumption.
      ”It is true that any networking service could transmit viruses and other malware. However, we have to bear in mind that when it comes to Facebook or YouTube, the threat is not posed by the service itself but the links distributed by the service”, Hyppönen stresses.
     
For example, one can post up on the Internet a popular video or its copy under different names, attaching to them links which give an access to an uncensored version of the same film.
      However, the link could lead to another site which is not connected to YouTube.
      ”When you click the link, your computer could automatically receive some malware through a hole in its security system”, Hyppönen explains.
      Furthermore, users’ passwords can be stolen from Facebook, whereafter it is possible to send them upgrades telling them to click a link that contains a security risk.
     
In practice, such risks are much smaller than believed, according to Hyppönen.
      Hyppönen advises companies to consider carefully what kind of equipment and systems could grant access to these services, in order that they could be made as safe as possible.
     
In general, the most common browsers, including Internet Explorer or Firefox, come under attack.
      ”If an employer wants to limit the employees’ access to these services, it could be advisable to provide them with some other browser or a computer that can be used for surfing”, Hyppönen notes.
      ”The password of a company network should never end up in the wrong hands. On the other hand, it is no great problem if someone intercepts the passwords used in order to read an electronic journal or to enter one of the myriad online forums”, Hyppönen continues.
      Over the past year, the number of questions sent by companies asking for information about social networking websites has increased appreciably.
      ”Companies are considering how they could benefit from such services and get visibility for their business. Even the security issue is being discussed”, Hyppönen says.
     
The interest has led to an increase in various security services.
      ”We have to offer other alternatives in addition to access control. One solution is filtering”, says Chief Technology Officer Jukka Lauhia from Trusteq, an expert company specialised in access control and identity mangement.
      Lauhia agrees with Mikko Hyppönen’s opinion that the real reason for access control is not data security but the futile use of working time.
     
According to a survey conducted by Helsingin Sanomat and published on August 19th, more than half of 28 Finnish companies questioned acknowledged that they had various restrictions or bans in place on the use of Facebook or Messenger.
      Only 11 respondents reported that they do not have any such restrictions.


Links:
  F-Secure

Helsingin Sanomat