A Reuters blog today likened social networking to Jurassic Park. While this is probably the first time anybody has connected dinosaur-related themes to Web 3.0 technologies like social networking, in this case it was probably accurate.

The premise of the note was that social media sites are like Michael Crichton’s fictional dinosaur park—really, really cool technology, but not much in the way of security and safety precautions. This is a problem that cannot be ignored any longer. Like the elephant in the room—or in this case, the tyrannosaurus in the room—it’s too big to look the other way, and it’s not going away any time soon. Social media is here to stay, and with something on the order of a third of Internet users taking advantage of it, security managers have to get on with the business of creating a workable policy.

Why should businesses be concerned about social networking sites? It is after all, something that people play with on their own time (or at least, should play with on their own time), and doesn’t really have anything to do with the business. Or does it? The fact is, social networking is no longer just social. There are two factors at work here that warrant attention. First, on the other side of the office, mostly unbeknownst to the IT and security people, the marketing department is making very good use of social networking as a corporate marketing and communications tool. Companies use Twitter to keep customers and partners apprised of new releases, updates, special promotions and other information. They use LinkedIn to meeting other people interested in making deals, and they even use Facebook to make corporate pages meant to drive traffic to the main site. Most corporations now also have blogs, and even interactive forums where customers can participate in discussions with company staff and other customers. Yes, all those things were originally designed “just for fun,” and the creators of these social tools very likely had no idea that their creations would wind up in so many corporate toolboxes. Yet, here they are.

The second factor at work is that when employees are using social networking for personal reasons, there is often an unintentional carryover into the corporate realm. People make careless references to their employers in their blogs that may be harmful. They post personal information, and they may post corporate information that ought not be posted. And, there may even be links between personal and corporate documents that can be exploited.

The blogger cites the example of the recent episode when a hacker broke into the Google Mail account of a Twitter executive’s spouse. The account was linked to Google Apps, which gave the hacker access to sensitive company documents. Google Apps isn’t a social networking site, it’s a cloud computing-based group of applications-as-a-service. But the observation is still valid and somewhat scary for security people, and highlights the fact that there is an underlying necessity for employees to be careful in their personal networking, so as not to create a threat to corporate networking. Connecting personal accounts to corporate resources has to be against policy—and as always, use strong passwords, and be cautious about posting personal information on social networking sites.