Do you allow social media sites

I was wondering how everyone handles social media sites (facebook, twitter, youtube, etc) at their companies.

We only allow it by request and it needs to be approved by management. There's some debate on whether it should be opened for all

I'm not a security expert, but it seems risky

thoughts?

Find more posts tagged with

Comments

LordQarlyn

Social media sites are a social engineer's goldmine. Too many people input everything about themselves on them. Not to mention, they are bandwidth intensive. In developed countries that may not be as big deal but here bandwidth costs $600 per Mbps, so companies have to have small pipelines. Social media apps can spread malware, notably Trojans, but Locky ransomware was spread by images in Facebook and LinkedIn. So, yes they have risks, they can waste time, and they can clog bandwidth.

We used to have a generous social media policy, Facebook for all its flaws is still a good tool to stay in touch with loved ones. But as our company grows here, and people abuse it, we've had to cut down. I've set caps for bandwidth for all social media sites to 5% of our pipeline excepting LinkedIn, allowing for case by case exceptions. Safety and training can use YouTube for training videos, for example.

tedjames

We allow it but only with management approval if there is a legitimate business need. Otherwise, staff can always check their social media accounts with their personal smart phones.

Danielm7

Most social media is allowed at my workplace, streaming audio/video is not, some other restrictions. But if you want to check FB on some downtime, go crazy. If the bandwidth is in check, then it's a management problem if someone abuses it.

UnixGuy

Most companies allow them these days...something about work life balance etc etc

mnashe

thanks for all replies. good stuff

MalwareMike

To follow what UnixGuy said, most of the companies I have worked for allow it. The only place I knew who really blocked sites was a bank I worked at...which makes sense.

tedjames

I worked a six-month contract at Dell in 2006. At the time, they blocked everything right now to Yahoo mail and LinkedIn. My last state agency didn't block anything. However, they monitored traffic pretty heavily. How one of my co-workers got away with streaming Netflix, I'll never know.

jamshid666

I currently work for a federal agency, I'm lucky when I can get to a legitimate site let alone anything like social media.

cyberguypr

My company is very strict about about web access. We allow it but monitor it diligently. Due to documented incidents involving data exfil we block social, personal email, and file sharing sites as the risk is above our appetite. We also block streaming because it was being abused. As for everything in life, there’s a process to build a business case and request an exception for all of these. We provide an isolated guest network for people to hook up their personal devices if they chose so.

E Double U

Pretty liberal where I am and many things (gambling, ****, social media, streaming) are not blocked. A decision was made to block webmail though because of some recent incidents. So I cannot access my Gmail, but just last week while checking a Splunk dashboard we saw lots of traffic from a user going to an orgy site lol.

I recall having a discussion with a colleague about this one user that got some virus pop-ups after visiting some "adult-oriented" sites and he told me that we couldn't officially tell him it isn't allowed. We can give warnings about the potential harm of certain types of sites, but not that the specific category is not allowed. He said people are allowed to use their computers as they wish outside of normal working hours. I argued that company equipment should follow company policy regardless of time and then I discovered that there was no policy violation. We really respect work-life balance here, well, that is unless you want to check your personal email

blargoe

No access to any social media or email unless you are a recruiter, marketing, or an executive.

DZA_

Like most folks on the thread, my employer blocks most social websites however I did see some fall through the cracks like Vimeo and surprisingly Spotify. My previous employer had the flood gates open where as on the production network, you could browse all social media websites. At this same company (MSP), I had to unblock a website called "ZipperCellblock" that a music licensing company (our client) needed access to as they were their client. We got weird requests for whitelists approvals every now and then.

shednik

We're limited very little where I work now, but I've been at places that were pretty strict.

jcundiff

cyberguypr wrote: »

My company is very strict about about web access. We allow it but monitor it diligently. Due to documented incidents involving data exfil we block social, personal email, and file sharing sites as the risk is above our appetite. We also block streaming because it was being abused. As for everything in life, there’s a process to build a business case and request an exception for all of these. We provide an isolated guest network for people to hook up their personal devices if they chose so.

this is us as well

umarbhatti

I am working on a Fed Gvt project so when i use that machine all sites are blocked apart from pre-approved site.
Non-Gvt workstation all sites are open (thats a benefit of being in IT)
For end users, social media is blocked. Everyone has smart phones these days anyway

sonyvaio18

This is all good stuff, thanks!