Mar 14, 2014 | Social Media
LinkedIn is one of the fastest growing social networks and is now used by employers to build contacts and find new customers and suppliers. The number of LinkedIn users has been swelling, and now the site boasts nearly 1 billion accounts. The professional network is an essential sales and marketing tool for many companies, and recruitment firms would find it very difficult to stay competitive without it.
The website extends a company’s reach and can be used for a variety of purposes. Company news can be announced, new products marketed, new employees found, and the site contains many interesting industry articles, providing hints and tips for busy professionals. Many users now search LinkedIn for information before using the search engines.
Companies now use the social network as well as their employees. In fact the boundary between the two has become somewhat blurred. For instance, if an individual spends personal time building up contacts, are those contacts connecting with the person or the company? In many cases it is a mixture of the two. So who actually owns those contacts? The employee or the employer? A recent court case in the UK sided with the company. However, without social media usage policies in place, a court case could go either way.
Recruitment consultant discovers his LinkedIn contacts are not his own
A recruitment consultant at Hays Recruitment had been building up contacts via his professional account. When he decided to leave his employer and set up his own business, he copied contacts to his personal account. These were people he had been dealing with frequently as his job demanded.
Hays objected to this activity and took the ex-employee to court over the matter. The judge agreed with Hays and ruled that LinkedIn contacts built during employment at Hays be handed over. The employee was also required to disclose all of the emails that had been sent to those individuals.
The employee, Mark Ions, maintained that by connecting with individuals they had disclosed their contact information and were no longer confidential. Hays maintain that Ions stole business contacts.
This landmark case highlights the potential problems with the use of social media accounts at work. Many companies actively encourage employees to the use LinkedIn to build up contacts, but then claim that those contacts are confidential and cannot be used by the employee for personal purposes.
Court cases such as this are likely to become much more common as the use of professional social networking sites increases. Another case went to the courts in July of last year. Whitmar Publications discovered that some former employees had used the company’s LinkedIn network to market the services of a rival business. Again the courts ruled in favor of the company. The former employees had breached an implied duty of good faith by using the list.
Other problems can arise from the use of the professional network. What happens if an employee of a company wants to find a new job? Can an employee upload a CV and tick the career opportunities box indicating he or she is in the market for a job?
The matter was taken before the courts recently, although the ruling did not exactly clear up the matter. While employed at BG Group, HR manager John Flexman indicated on his LinkedIn CV that he was assisting his current employer reduce its attrition rate. This was deemed to be a breach of confidentiality by BG Group. The company also claimed Flexman had breached its social media usage policies by indicating he was in the market for a job.
BG Group demanded that Flexman remove all details of the company from his profile, other than the company name and his job title. Flexman did not agree. The situation deteriorated and Flexman eventually felt he had no alternative but to resign. He then claimed constructive dismissal. In this case the court ruled in favor of the employee.
Social media usage policies must be developed by businesses
Some companies may have already introduced social media usage policies to cover the use of personal Facebook and Twitter accounts in the workplace, banning staff from spending company time accessing their own accounts. These legal cases highlight the importance of developing comprehensive policies covering all uses of social media websites at work, including contacts that are developed as a result of employment.
Employees must be informed about contact ownership. Any information that is in the public domain – i.e. could be found in a business directory or phone book – cannot be classed as confidential information. However, other information that has been obtained by employees during employment is different. This includes the email addresses of those contacts and their direct dial telephone numbers.
Since LinkedIn is a relatively new website, and legislation on employment law has yet to be introduced to address the issue, there are many gray areas; in particular, when personal accounts are used by an employee. Employers are advised to ensure that LinkedIn accounts are set up and maintained by the company, and employees are not told to create their own accounts for work purposes. All contact information then belongs to the company not the employee.
Policies on the use of LinkedIn and other social media websites should be clearly stated. These could be included with general Internet and email usage policies that are issued to all employees.
Social media usage policies are required to cover use and ownership of accounts, but it is important not to ignore the security aspect. Employees must also be told about acceptable use of the sites from a data security perspective, and instructed what can be uploaded and downloaded to accounts.
Mar 4, 2014 | Internet Security News, Web Filtering
Web visitors can be ultra-cautious and avoid websites that commonly contain malware. Don’t visit pornographic, gaming, betting, file-sharing, and streaming websites, and you will be able to reduce the risk of encountering malware. However, that doesn’t mean that you will never come across phishing websites and malware-ridden webpages.
Even very large, reputable websites are sometimes infected. How large? How about Yahoo: One of the biggest search engines and webmail providers on the Internet. Recently Yahoo was found to contain adverts that attempted to install malware on users’ computers.
Code was installed that examined users’ computers and checked to find out if the latest Java version was installed. Earlier versions of Java contained vulnerabilities that could be exploited. The latest version has fixed the security holes, but many users have not yet installed the latest version.
It is estimated that as many as 2 million people visited Yahoo and had their computers infected. A great many more individuals would also have had their computers compromised had they visited the website instead of Google. In this case, the individuals behind the infections – malvertisers – were putting users’ computers to work performing bitcoin calculations: a very profitable business if you have 2 million or more computers at your disposal.
Of course this is nothing new. Many websites are infected with malware. They just are usually not as big as Yahoo. However, hackers are getting bolder, and are now succeeding in infecting large websites with very good security measures in place.
Advertising networks are increasingly being infiltrated by malvertisers
Legitimate advertisers use advertising networks to syndicate their adverts across many thousands of websites. They are able to put their adverts in front of tens of millions of potential purchasers. Malvertisers, individuals or disreputable companies, are now doing the same. They make their adverts look respectable and get accepted by an advertising network. However, their ads contain links to malware-ridden websites, or code that probes for security vulnerabilities in users’ computers. They then inject their malware and put it to work.
Unfortunately, it is not a difficult process. In fact one doesn’t even need to be a hacker in order to do this. All that is required is an exploit kit that can be rented online. Take the Black Hole exploit kit for example. Using this kit, online criminals are able to inject code into the web browsers of site visitors. The renting of exploit kits is now commonplace and developers will even show people how to use the exploit kits to achieve their aims. Even people with very little knowledge of programming are able to use the kits to infect computers with malware.
The threat from these wannabe online criminals is considerable. If your company’s employees visit websites while at work, they could inadvertently click on an advert that directs them to a site containing malware, or one with advertising code on the page that probes for vulnerabilities. Even viewing an advert may result in a computer being infected.
There is a solution that protects against rogue adverts
There may be a high risk of infection, but that doesn’t mean that the risk cannot be effectively managed. In fact, managing risk is surprisingly easy. All that is required is software that contains an ad-blocker, and there is plenty of choice (NoScript, AdBlock and ScriptSafe for example). All of these are capable of blocking adverts and, if no adverts are displayed, users will not be able to click on malvertiser’s adverts.
Unfortunately, with all of these ad-blockers there is a problem. First of all, they are all browser-specific. That means every browser in an organization will need to have the ad-blocker installed to offer protection. They are also only available as plug-ins. This poses another problem for Sys Admins. Plug-ins are only safe if the latest version is installed, and updates are frequently released. Even these “safe” plug-ins contain vulnerabilities that can be exploited.
That means that every browser on every computer that connects to the network must have the plug-ins installed and then be frequently updated. On a small network of 20 computers this would be a considerable task. On a network with 1,000 desktop computers, 500 laptop computers, numerous tablets and mobile phones, it could potentially be a full time job for a small team of Sys Admins. Not a very practical solution it has to be said.
Is there a less labor-intensive alternative?
Fortunately, there is. The solution is to install a web filtering solution that contains an Ad-blocker. SpamTitan web filtering solutions for the enterprise contain an ad-blocker that will block adverts on all users’ devices, which includes mobile devices as well as desktops. A Sys Admin can configure the web filter to protect all users, but the software is not only about blocking adverts.
SpamTitan’s web filter will also prevent users from visiting websites known to contain malware and will block undesirable content such as pornography, gambling and file-sharing sites. SpamTitan’s web filter has been developed to give Sys Admins an exceptional level of control. Permissions can be set for the entire organization, groups of users or individuals.
A user in the IT department could be allowed to view any site, while a member of the accounts department could be prevented from visiting virtually all websites. Different web filtering settings can even be assigned for different times of the day, if required.
Such a granular approach is important as each member of staff may require different levels of access. Social media websites could be blocked for all members of staff except those in the marketing and IT departments for example.
Having all of these controls could potentially require a Sys Admin to spend hours learning how to operate the system, and weeks configuring it. Not with SpamTitan. The controls are intuitive, easy to set up, there is no steep learning curve, and configuring users’ settings is a relatively quick process. Protecting a network from malware, and users from viewing undesirable content, has never been easier.
