What is real cost of social networking?

Johannesburg, 18 Feb 2011
Read time 5min 20sec

Social networking sites like Facebook, Twitter, MySpace and LinkedIn are rapidly becoming an everyday part of the business environment. These platforms are even viewed as essential business tools in many organisations. With the increased use of various social networking platforms, it is vital to control risk and quantify the real cost. Uncontrolled use across the company will lead to costs spiralling out of control and can open one up to unnecessary information security risk.

Information is a key driver and has become the lifeblood of every modern organisation. With the ever changing environment in which business is conducted, it is more important than ever to ensure that information is protected and risk is minimised.

Preventing staff from accessing social networks is no longer an option, company executives merely have to apply sound security measures to ensure their information is protected and costs are controlled. It is critical for all companies to create the correct environment where all staff are empowered to be the guardians of information.

The entire continent has seen an explosion of bandwidth; this has brought about masses of new, na"ive and uneducated Internet users. These 'new' users are more susceptible to the ever changing risks and strategies being employed to get users to part with sensitive information, and it is essential that these risks are mitigated in a systematic manner. The objective must be to identify the challenges that organisations face and implement all possible solutions to mitigate the risk that the human factor poses in an organisation's information security strategy.

“We have been told by several clients that they had previously decided to block social networking sites, especially after noticing the extensive use of these sites. They soon discovered that since blocking these sites, users were finding ingenious but dangerous and risky ways of accessing these sites. This opened them up to very nasty network vulnerabilities and threats,” says John Mc Loughlin, managing director of a local IT security specialist company J2 Software.

“In addition, at one of our mid-range clients we quickly discovered that there was an average of well over 10 hours per week per employee spent on these sites. This amounted to just over 20% of their total work time being wasted. This essentially meant that a full time employee was working less than 80% of the time; owing to a single Web site. I am sure the staff would not be happy if they were only paid 80% of their salary.”

The total cost associated with this type of activity is not always taken into account. These are not only the direct costs such as bandwidth wastage, but also include other factors such as productivity loss and potential reputational risk, which can be far more costly if it were to get out.

He says these advances have brought about great opportunity, but along with it is the rise of even greater risk and potential for exploitation. “This risk is to be felt by both the new unsophisticated individual user and specifically users within corporate or governmental organisations. It is critical that ICT governance, risk and compliance (GRC) become a part of the very essence or DNA of any organisation. This will ensure long-term information security and business sustainability.”

According to a number of recent studies, the 'Insider Threat' has loomed to become the most feared information security risk in most organisations today. Regardless of the technologies that an organisation may deploy to mitigate the risk of information security breaches and control costs, the critical factor is always people.

“The time is right to discuss the major challenges that managers face when attempting to uphold their information security and compliance strategy, while allowing access to the modern business platforms which have permeated our existence. We are living in the age of sharing and it is the perfect time to share experiences and solutions in an aim to help overcome the complexity of these issues,” he explains.

Building information security into the DNA of any organisation is the key to achieving compliance, controlling costs and mitigating risk, but it also presents the biggest challenge, especially for large and complex organisations. Even in organisations where other aspects of security are paramount, eg, national security in defence environments, the internal regulation of information security policies can prove to be more difficult to enforce.

Driving down the cost of compliance is not only the key to competitive advantage, but also to compliance being taken seriously and becoming part of a cost effective executive risk management strategy. If compliance, control and enforcement is too time consuming and complex it will be ignored or short cuts will be taken.

The buy-in process needs to start at board level and then progress down to the general employee level. Achieving this is not easy and the challenges differ according to the level of maturity of the organisation.

There must be a balance between business risk, business operations and business competitiveness. This also requires the organisation to use tools which are proactive as opposed to reactive. Responsibility for compliance should be uniform throughout the organisation, but the supervision and monitoring of such compliance must not be delegated too far down the chain.

“Unseen risks cause damage, and unfortunately, one cannot manage what one cannot see. This is a simple phrase to keep in mind when implementing the governance, risk and compliance strategy. Incidents will inevitably occur, but ongoing proactive automated enforcement, staff education and end-user buy-in will minimise the likelihood and impact of unforeseen risks.

“If your people know the risks, are educated in what is acceptable and you take steps to proactively monitor what is happening across the organisation, you will be able to protect against risks - and control costs,” he concludes.

For more information, contact J2 Software on 0861 00 J TWO (5896) or e-mail

J2 Software

J2 Software is a leading South African information technology security company. While most organisations are now starting to realise the impact of data theft and abuse of IT resources by employees, J2 recognised the need to protect against this activity some time ago. J2 Software was born after the founders identified an opportunity in the information technology market in South Africa and the rest of Africa. They saw a growing need for information security solutions that were comprehensive, simple to deploy, easy to use and good value for money. After tireless searching and investigation J2 Software was officially launched in 2006.

Shortly after inception, the customer list of J2 Software started to grow rapidly; and this continues to be the case to this day. J2 Software has provided services and solutions to numerous renowned, forward-thinking companies with sites running in South Africa, Angola, Botswana, Kenya, Malawi, Mauritius, Mozambique, Tanzania, Uganda and Zambia.

J2 Software provides solutions and services to various organisations that have a requirement to secure their sensitive information as well as implement, monitor and enforce internal security policies. In recent times organisations are placing a far higher priority on the security, accountability and control of their most prized asset, their information.

Adding to this is the ever growing pressure being placed on companies and their directors to maintain the security and control of the sensitive data of their clients, as well as the necessity to conform to various local and international compliance regulations.

With the continued rise of identity theft and confidential data leakage the need for our product offering is not only and advantage, but an absolute necessity.

Editorial contacts
IT Public Relations Ivor van Rensburg (082) 652 8050
J2 Software John Mc Loughlin (011) 794 2537
See also