A Contrarian View of Social Networking

Sure, LinkedIn and Facebook present security, privacy and productivity challenges. But if the sites are so bad, then why have so many security and privacy leaders joined them?

More doom and gloom news about social networking on the wires this week: The sites are allegedly costing nearly 6.5 billion pounds a year in lost productivity in the United Kingdom, says security consultancy Global Secure Systems and Infosecurity Europe. According to a press release, 776 office workers admitted spending at least 30 minutes a day visiting social networking sites at work. This comes on the heels of a report from Sophos that we covered last week, tracking how much time employees supposedly waste on Facebook.

Funny, though, CSO also just published an article about how a couple of the U.S.'s top security leaders have found sites such as LinkedIn and Facebook to be a useful tool for doing their jobs. Bill Boni of Motorola says LinkedIn makes him a more effective security leader, and CISO-turned-consultant Howard Schmidt—who seems to spend more time networking than anyone else I know—says the personal information he has learned about business contacts through Facebook has helped him forge stronger ties. (They offer advice on mitigating the security risks in "Social Networking Tips from Security Leaders" by Kate Walsh.)

Right before I went on maternity leave last spring, I was debating whether these sites were worth it. I even wrote a blog entry, "Poll: Is the Security World LinkedIn?", in which I asked the security community whether I ought to join. The results were mixed. A majority of people who answered the poll said LinkedIn was valuable, but some people posted very valid concerns about how the site, for instance, uses names from your address book to help you build a network, or about how the information you provide could be used as a profiling tool. True, all true, and at the time I decided to take a pass.

I came back from leave last fall to a new world. My boss actually asked me to join not one but two social networks as part of my job staying in touch with industry leaders and promoting our content. Since then, I've become fairly comfortable with LinkedIn, which is basically just an online resume. Facebook I'm not so sure about, but it's an interesting place to experiment with gathering opinions and sharing news.

My knee-jerk reaction is still that these sites are a bad idea, security-wise and privacy-wise. They also tend to suck time—it takes a whole lot of self-restraint to log on just long enough to do something work-related, then log out and move onto the next thing. But the reality is that every time I poke around in the connections of my connections, I'm surprised at the number and quality of security and privacy professionals who have decided the sites are worth it. For whatever reasons, the security world seems to have embraced LinkedIn, while the privacy world has gravitated to Facebook—but leaders from both areas are definitely embracing social networking.

Despite all the morose headlines about social networking as a killer of privacy and security, I'm inclined to start thinking that if the leaders in these industries are using the sites, they must not be such a bad idea. As for the naysayers? As Howard Schmidt put it to CSO's Kate Walsh: "My response to those in the security business lamenting the existence of Facebook and MySpace is to ask them if theyve ever been on it.

So I ask you now: When can we stop assuming that social networks are just a waste of time that's not worth the risk? Or perhaps a more forward-looking question: How can we tell when social networking is actually helping an employee do her job, versus keeping her from her job or even making her employer vulnerable? This morning I posted a link to a CSO story on Facebook; that's work, about public information. A game of Scrabulous on Facebook—well not so much work, right? Unless, of course, Howard Schmidt challenges me to a game.

Copyright © 2008 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)