Corporate executives are increasingly worried that the use of Facebook and Twitter by employees could lead to the exposure of critical corporate data, according to a study released today.
The annual Proofpoint, Inc. study on the security of outbound information found that executives are spending more and more time worrying that employees could unwittingly be including too much proprietary corporate information in e-mails, blog posts, social networks, multimedia channels and text messages.
According to the study, 34% of U.S. companies surveyed have been affected by the exposure of sensitive or embarrassing information during the past year. And 45% are "highly concerned" about the possibility of such information leaking out via social networking sites.
The June survey of 220 e-mail decision makers at U.S. companies with more than 1,000 employees also found that 17% of companies have investigated the possible exposure of information on popular social networks like Facebook or LinkedIn. And 10% reported that they have disciplined employees for violating social networking policies in the past year, while 8% have fired a worker for such offenses.
Just last week, the U.S. Marine Corps officially banned the use of social networking sites like Facebook and Twitter on military networks. One reason cited in the administrative directive: social networks provide an easy conduit for information leakage to adversaries.
"Businesses are still evaluating both the threat and opportunities presented by social networking," said Dan Olds, an analyst with The Gabriel Consulting Group. "It's a way to get their message out to real people, but it can also be an avenue where confidential or embarrassing information can leak out as well. And this can be as innocent as an employee posting on Facebook that he's worried about layoffs, or that they are extra busy because of customer complaints about their product. If these things get disseminated enough, it can cause real problems."
Olds also pointed out that companies have to walk a fine line between advising employees to be cautious of what they post online and overstepping their bounds.
"Businesses can't be seen as encroaching on their employees' free speech rights," he added. "They need to put out reasonable guidelines and point out how innocent postings can be misconstrued. But they have to rely on the good sense of their employees to do the right thing. If they try a heavy-handed approach, it will backfire and result in lower morale and bad publicity."