Employers are increasingly blocking access to Facebook because they're concerned about the time wasted and the information leaked when workers use social networks on company time.
About half of all companies block employee access to Facebook, putting policies and access controls in place to keep workers working and not connecting with their Facebook friends, according to security company Sophos. In a poll of 600 workers, 43% said their company was blocking access to Facebook, while an another 7% reported that usage of the Web site was restricted and only those with a specific business requirement were allowed to access it.
Eight percent said their company does not block access to Facebook because they fear employees' angry response.
"Companies are split on the question of Facebook. Some believe it to be a procrastinator's paradise, which can lead to identity theft if users are careless," said Graham Cluley, senior technology consultant at Sophos, in a statement. "Others either view it as a valuable networking tool for workers or are too nervous of employees backlash if the site is suddenly blocked. Companies need to make their own minds up as to whether they want to allow their users to access Web sites like Facebook and MySpace during office hours."
If workers are allowed access to social networking sites, then it's important that they are taught best practices to make sure they're not putting personal and corporate data at risk, Cluley said. "Five minutes spent learning the ins-and-outs of Facebook's privacy settings, for instance, could save a lot of heartache later," he said.
Facebook, and its affect on companies and identity theft, has been much in the news lately.
Last week, Sophos released the results of a social engineering test that its researchers ran on Facebook. Researchers noted then that 41% of users readily hand out personally identifying information to complete strangers. They found this out when researchers created a profile on Facebook for a small plastic frog they named Freddi Staur, which is an anagram of "ID fraudster." Divulging only a small amount of information about himself, "Freddi" sent out 200 requests to a wide variety of other Facebook users, asking them to join the frog's friend list.
Of the 200 people contacted, 87 responded and agreed to be friends -- despite the fact that Freddi wasn't even a real, live person.
Another study was released Monday that showed that workers using social networking sites, like Facebook, on company time are costing employers more than $5 billion a year and putting corporate networks at risk of attack. The study, which was done by SurfControl, also showed that employers are concerned about what information workers are sharing while they're on the job.
The latest Sophos poll was in line with that, noting that 66% of workers are concerned their colleagues are sharing too much information on Facebook, which could lead to identity theft and targeted phishing attacks against the company.
"More businesses are restricting access to these kinds of sites," said Cluley. "Employees may not like it, but these Web sites can represent a security risk if used carelessly. Unless there's a work purpose, many firms do not see any reason why staff should need to access them during work time."