Use of Mobile Devices and Social Media Threaten IT Security

July 26, 2010 ( – The increasing use of mobile devices and social media, as well as an increasingly mobile workforce, are “dramatically altering the cybersecurity landscape” for employers, according to a report from Cisco.

In its 2010 Midyear Security Report, Cisco said IT groups struggle with mobile device management because there are so many devices in a variety of forms in employees’ hands – and with them comes an endless array of software platforms, mobile applications, and service providers. Users also constantly switch devices to take advantage of the latest technology development, and inevitably, they lose devices or allow them to be compromised or stolen.   

Cisco said it would be ideal if IT could manage all mobile devices in use in the company through their entire life cycle, but due to the consumerization of IT, they don’t have that control, nor do they have the resources to attempt to micro­manage each individual device that is not issued or supported by the company.  

“To be sure, serious threats—such as worms and malicious code—are in the future for mobile devices,” the report said.  

Cisco also noted that social networking is growing in today’s workforce. In particular, the “millennials” or Generation Y – people defined as 30 years old and younger – may be spending less time using traditional business tools like email in favor of social networks. A survey from Cisco found that when workers want access to social networking technologies, they’ll get it even if it means circumventing corporate policy.   

The Cisco “Collaboration Nations” study surveyed IT decisionmakers as well as employees from organizations around the world and reported that 50% of end users admitted they ignore company policy prohibiting use of social media tools at least once a week, and 27% said they change the settings on corporate devices to access prohibited applications. 

“Generation Y was raised with mobility at their fingertips, and IT needs to adapt its strategies accordingly,” the report said.  

In addition, according to Cisco data examining how its customers’ employees use Facebook, 7% of Facebook users spend an average of 68 minutes per day playing the popular interactive game FarmVille. Mafia Wars was the second most popular game; the 5% of employees who play Mafia Wars rack up 52 minutes of play daily.   

Cisco said these numbers raise the question of whether companies should limit access to interactive games, and by association, the social networking sites on which they operate. According to the company, it’s safe to assume that online criminals are developing ways to deliver malware via popular applications, and heavy users often search the Web for cheats and tricks for better play, so they may fall victim to malware-laden links or spam messages offering such shortcuts.

Developing Mobility and Social Networking Policies  

According to Cisco’s 2010 Midyear Security Report, a recent study sponsored by Cisco and conducted by leading business schools in Europe and the United States showed that organizations are lagging in governance and IT involvement when it comes to their social networking strategies: 

  • Only one in seven of the companies participating in the study have established formal processes for adopting social networking tools for business purposes; 
  • Only one in five businesses said they had policies in place for the use of social networking tools; 
  • Only one in 10 survey respondents said their IT departments had direct involvement with social media initiatives. 


Cisco said companies should set strict controls for access to business data. Businesses should ask tough questions about who truly needs such access, and start conservatively by restricting as much access as possible, then relax requirements on a case-by-case basis.  

The report also suggested companies create a formal corporate policy for mobility. Find out how mobility is happening in the corporate environment, and create an acceptable-use policy that outlines the devices that are supported by the enterprise. The policy should be flexible enough to cover both immediate and future security concerns, and should be communicated to the workforce.  

In addition, according to the report, at minimum, companies should institute a process for allowing questions about social media usage to be directed to the correct decision-makers in the organization.  

The Cisco report is here.