One expert's breakdown of security issues created by social networking sites, BitTorrent and other Web 2.0 technologies A recent survey released by security software firm Symantec found 66 percent of Millennial employees, those born after 1980, admit to using Web 2.0 technologies, such as Facebook and YouTube, while at work. The same poll found younger workers also regularly store corporate data on personal devices, such as PCs and USB drives.Meanwhile, 75 percent of corporate IT managers surveyed by Symantec said they have policies that restrict corporate data and information on personal devices and 85 percent of corporate IT managers had policies restricting download and installation of software on work PCs for personal use.Security managers may need to rethink their risk assessment and strategy to adapt to the technology habits of today’s workforce. So, exactly which technologies are commonly used by younger generations in the office? And what are the specific threats they pose to an organization?Aaron Wilson, assistant vice president, chief technology officer and acting chief engineer in the Managed Security Services division of Science Applications International Corp., a security and consulting firm based in San Diego, CA., compiled this list of the technologies that are now pervasive — and what you should be aware of when managing your network. Peer to Peer (P2P) File SharingExamples: Torrents, KazaaThreat: Possible malware, transmission of copyrighted/sensitive data, productivityPrevention: Intelligent content proxy, UTM (unified threat management), host-based protectionPossible scenario: An employee with an improperly configured P2P application could inadvertently share their entire hard drive, exposing all of the data to millions of other P2P users.Social Networking Example: MySpace, YouTube, FaceBook, blogsThreat: information exposure, possible malware, productivityPrevent: user training, intelligent content proxy, website rating tech, host-based protectionPossible scenario: Users posting pictures of to their blogs from the workplace. Consider pictures of secured areas which could pose a threat to national security (think airport). In the commercial world, pictures and details of unreleased products can fuel competitors and damage sales.[For recent examles of technical threats against social networking sites, see A Photo That Can Steal Your Facebook Account and Sophos: Facebook Malware Attack Puts Work Computers at Risk.] Instant Messaging(IM)Example: AIM/MSN/ICQ/Yahoo/IRC, and phone textingImpact: Depends on what’s being discussed. Do you know? Username/password, data leaking, file sharing, social engineering.Tech: Deploy your own enterprise IM/VOIP solution with crypto, logging, policies. Train employees.Possible scenario: Support staff using unencrypted IM to send root passwords, IP information, drag/drop network diagrams, etc, all of which could be intercepted and used against the company. Removable MediaExample: USB thumbdrive, camera/phones, iPod/pda, laptop, WifiImpact: information exposure, difficult to trackTech: Digital Rights Management (DRM) and to a lesser extent Data Leak Prevention (DLP)Possible scenario: One of the best known examples would be the USB drives found at a bazaar in Afghanistan containing US military secrets in 2006. Related content news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Regulation Regulation news UK data regulator warns that data breaches put abuse victims’ lives at risk The UK Information Commissioner’s Office has reprimanded seven organizations in the past 14 months for data breaches affecting victims of domestic abuse. By Michael Hill Sep 28, 2023 3 mins Electronic Health Records Data Breach Government news EchoMark releases watermarking solution to secure private communications, detect insider threats Enterprise-grade software embeds AI-driven, forensic watermarking in emails and documents to pinpoint potential insider risks By Michael Hill Sep 28, 2023 4 mins Communications Security Threat and Vulnerability Management Security Software news SpecterOps to use in-house approximation to test for global attack variations The new offering uses atomic tests and in-house approximation in purple team assessment to test all known techniques of an attack. By Shweta Sharma Sep 28, 2023 3 mins Penetration Testing Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe