CIOs and IT managers are in many ways fighting a losing battle when it comes to blocking employee access to social media services and other websites on corporate networks. Every day, employee make an average of 6.2 attempts to access blocked social networking sites, such as Facebook and Twitter, according to a new report from Allot Communications, an Israeli enterprise IP service provider. Whether those attempts are intentional or the result of links in messages, redirects from other sites or ads, IT is responsible for the integrity of its systems.
The vast majority of the failed attempts to access blocked sites were directed to Facebook, which represented 54 percent of all blocked social media traffic. Twitter represented 25 percent of blocked traffic during a six-month period that ended in April 2015, followed by Google with 8 percent and Pinterest at 3 percent, according to the research. For the study, Allot collected data from two of its customers with more than 10,000 employees each, and two service provider customers that sell security services to more than 100 small- to medium-sized business.
The nearly 100,000 employees surveyed for the report also made an average of 5.5 attempts to access blocked email and IM sites per day. Allot found that those companies blocked IM traffic 10 times more frequently than overall Web traffic because it often contains more malicious content.
"These findings show CIOs that the various applications used by corporate employees are a backdoor to major security threats, aside from potentially reducing business productivity," says Yaniv Sulkes, assistant vice president of marketing at Allot. CIOs and IT managers should consider social media, IM, cloud storage and anonymizers when they establish corporate acceptable use policies (AUPs), according to Sulkes.
Allot's research found that 92 percent of blocked Web traffic was related to AUP enforcement, not intrusion detection systems. However, even a well-established AUP isn't enough to stop employees from attempting to access suspect sites.
"Establishing the policy is not enough, it needs to be enforced and this requires solutions and technologies which provide application visibility and control," says Sulkes. "CIOs should have visibility into applications used in the corporate environment and act on it to diminish potential online threats."