Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Should access to LinkedIn be universally allowed in an enterprise?

Posted on 2014-03-07
2
259 Views
Last Modified: 2014-04-04
Hi

An enterprise allows / disallows access to certain actegory of websites using their internal proxy. There is a growing demand for allowing access to linkedIn universally for all employees.

What are the risks of doing so from information risk management perspective and what controls can IT place to mitigate those risks?
0
Comment
Question by:fahim
2 Comments
 
LVL 17

Expert Comment

by:pjam
ID: 39912389
As a rule Facebook, YouTube, LinkedIn et all are blocked here.
0
 
LVL 17

Accepted Solution

by:
OriNetworks earned 500 total points
ID: 39912566
This appears to be more of an open ended question rather than one that can receive a direct answer here. Some companies just simply block all forms of social media since it does not usually directly contribute to the productivity of the business. The biggest risk is sharing sensitive data for example uploading a workflow of a sensitive project to a social media group for discussion. If the site is blocked it would be more difficult to share that information either accidentally or on purpose. Regardless this vulnerability exists for many other sites anyway such as pastebin.com where users can randomly upload chunks of text such as database records.

Having a strong policy, constant reminders/training, and enforcing that policy when violations occur are all very important. There are also vendors that offer software and network inspection hardware that can try to keep track of this activity and block or report suspected violations. This is particularly important if the company must abide by laws such as SOX and HIPAA in the U.S. where a leak of data can be VERY expensive to the company but that may be a little too far if we are only talking about giving access to LinkedIn, although it is commonly used as a phishing resource to collect company secrets through social engineering.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this increasingly digital world, security hacks are no longer just a threat, but a reality. As we've witnessed with Target's big identity hack 2013, Heartbleed in 2015, and now Cloudbleed, companies and their leaders need to prepare for the unthi…
February 24, 2017 — On February 23, Travis Ormandy, a vulnerability researcher at Google, reported on Twitter (https://twitter.com/taviso/status/834900838837411840) that massive stores of data have been leaked by CloudFlare, a company that provide…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

837 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question