A recent blog post by Forrester Research addresses an issue that seems to be on IT professionals' minds (and the topic of discussion forums such as this one) these days - should they allow employees to access social-networking sites?  Although Forrester makes the point that IT professionals have good right to be concerned about granting such access  -- since the risks associated with it are real - the answer is still yes.

Forrester outlines what it believes are the three main threats posed by social networking sites:  The potential for letting malware and phishing attacks into the organization, since these sites have become new hot spots for cyber attackers to hide dangerous code; data loss, because the company has no way to control what information employees post to these sites; and damage to a company's image that can happen when unauthorized Facebook pages or Twitter feeds are posted by someone other than a company official, with the intent of damaging the company's reputation.

However, Forrester maintains that allowing social networking into the workplace is inevitable, and it's better to establish some guidelines for the use of these sites now instead of trying to modify established employee behavior after the fact.

The research firm recommends IT professionals establish acceptable-use policies for social networking sites that help mitigate some of the risks. For example, Forrester says not everyone in the company will need the same level of access to social networking sites --while sales and marketing may need to visit multiple sites and post to them many times a day, other employees may just require read-only access. IT professionals should also consider prohibiting any software downloads from these sites, since that's how malware typically finds its way onto users' PCs. Companies should also make clear what types of information can and cannot be posted on these sites, as per corporate policies.

As with any such policy, IT managers should communicate these guidelines clearly with employees, and make them aware of the consequences should they be ignored (for example, employees could be responsible for compromising the company's security), says Forrester. In addition, companies may want to use security technology to help enforce social-networking policies, such as Web filters. Sometimes letting employees know that such technology is monitoring which sites they visit is enough to keep policies enforced, they say.