The recent popularity of social networking sites such as Facebook, MySpace and Bebo are costing UK corporations close to £6.5 billion annually in lost productivity, according to a poll conducted by Information security consultancy - Global Secure Systems (GSS) and Infosecurity Europe 2008 www.infosec.co.uk.

The poll was carried out amongst 776 office workers, who admitted to spending at least 30 minutes a day visiting social networking sites whilst at work, that’s a minimum of 10 hours a month which equates to 3 weeks of every year with two respondents who were so hooked that the spend 3 hours visiting these sites everyday!  The end result is potentially billions of pounds in lost productivity maintain GSS, plus the extra demand on bandwidth which is an additional cost to a business in terms of efficiency, maintenance and resources.

In a recent meeting held by Infosecurity Europe 2008 with 20 CISOs one of their biggest IT concerns for 2008 was how to manage social networking sites at work, with many estimating that between 15% and 20% of their current bandwidth is being taken up with social networking sites and for many the best move forward is to ban these sites altogether.

Claire Sellick – Infosecurity Europe Event Director said “It would appear that most CISO and IT Directors loathe social networking sites and if they had their way would ban them completely, but what is also coming across loud and clear is that the HR departments actually welcome the use of these sites – so there is a lot of internal pushing and shoving going on between HR and IT over how best to manage these sites.”

One FTSE100 CISO reported that they now block Facebook as it was consuming 30% of their bandwidth and they are looking to block both MySpace and e-bay as they consume 10% and 5% of the corporate Internet browsing bandwidth.

According to recent research by Computerweekly.com 63% of businesses are planning to monitor or limit staff access to these sites and 17% plan to ban access at work completely over the next 6 months.

David Hobson MD of GSS said “Social networking sites are now integral to the way that many of the latest and youngest recruits into the workforce communicate and work, so for some sectors social networking sites may have a part to play in terms of competitive advantage or used for research or as a marketing tool.  It comes down to a fine balancing act – and mostly a case of introducing a “reasonable use” policy.”

“However, what is apparent are the serious security implications associated with social networking, where hackers, exploiters and extortionists are worming their way into these sites extracting all sorts of information on the members – our advice as always to anyone using these sites is to give as little personal information away as possible.” said Hobson.

GSS claims to have saved thousands of pounds a year by practicing what they preach by limiting access to Facebook and other social networking sites on its company network with Internet filtering software.

"Our Internet bandwidth requirements recently came up for review and it was suggested we would need an upgrade, costing a few thousand pounds more a year," said David Hobson, managing director of GSS.

"After analysing the traffic patterns, however, we realised that around 25 per cent of our Web usage was for social networking sites such as Facebook. After locking down this traffic and just allowing staff to view these sites during their lunch hour or after work, we found we didn't actually need to upgrade our bandwidth after all and have saved a considerable amount in the upgrade costs!" he added.

At Infosecurity Europe 2008 the subject of security and how to manage social networking vulnerabilities will be covered in a number of seminars and there is a keynote panel with Giles Hogben, ENISA, David Lacey, Member of the BCS Security Forum Strategic Panel and Martyn Croft, Head of Corporate Systems, The Salvation Army.

“Organisations have a very long way to go in getting to grips with the risks presented by social networking. Lost productivity is the tip of the iceberg. The threat of social engineering to hijack sensitive information is real and growing. And current acceptable use policies are far from acceptable: they are poorly written, maintained, communicated and enforced. There are also some big, political issues that have to be addressed such as how far to police or trust staff, and how to maintain thought leadership across highly networked groups of staff.” Said David Lacey, Member of the BCS Security Forum Strategic Panel.

"The Salvation Army, as a Christian church and charity, has a mission to spread the Christian message and to reach out to those in need - and we'll employ any tools we can to achieve that aim, whether we're working in the community or even in cyberspace.  Social networking sites can be a great tool for reaching out to people, but they can easily consume vast amount of precious resources like staff time and network bandwidth and we need to ensure that all our resources are used wisely and effectively.  We try to achieve an appropriate balance and have to ensure that our essential services are not compromised either by overuse of social networking sites, or by new vulnerabilities exposed through these websites."

• ENISA's 5th Anniversary: An Interview With the Executive Director, Mr. Andrea Pirotti
• ENISA Cloud Computing Risk Assessment - Three initial thoughts