According to a recent study published by Forrester Research -- based on interviews conducted with 150 IT professionals -- 96 percent of those questioned said that they see a significant value in adopting social networking and other so-called Web 2.0 sites, but fewer than 5 percent reported that they have taken any specific security measures to help protect users of the technologies.
Most observers maintain that despite the inherent security risks, companies shouldn't block employees from accessing social networking URLs and other Web 2.0 properties, such as legitimate multimedia file sharing sites. Doing so may only serve to frustrate workers and cut off potentially valuable business opportunities that could be garnered using the applications, they said.
However, IT departments must be prepared to ward off the many types of threats that will emerge from use of the sites, including malware and targeted spear-phishing schemes.
"Companies need to adjust their security policies for Web 2.0 world today, they need to tailor their Internet use policies and create rules that include social Web sites, blogs, and all the other types of sites being created out there, the usage policies need to be spelled out specifically and enforced," said Paul Henry, vice president of technology evangelism at network gateway maker Secure Computing.
"Beyond that they need technical safeguards to back those policies, but the outlook for all this is still pretty grim," he said. "Most companies are barely providing sufficient protection in the context of Web 1.0."