eWEEK is fortunate to work with an advisory board made up of senior-level IT professionals. The corporate partners, as they're known, come from companies large and small, in a variety of different industries, and they help eWEEK editors and reporters stay grounded in what's really important to enterprise IT.

To foster collaboration among the group's members and between the group and eWEEK's staff, I set up a social network using the Ning platform. (This post isn't about Ning specifically, but it should be said that Ning made it incredibly easy to set up a robust social network, complete with forums, video and the like.) Many of the CPs jumped right on, but several said their companies had blocked the use of all social networks save the corporate-minded LinkedIn. One CP said his company had not blocked social networks but did discourage their use. Why? Because employees do too much socializing on social networks, he said.

Productivity booster or brain drain, that is the question. But should companies also be worried about the security implications of social networks? Clint Boulton recently reported on a debate at the Gartner Symposium ITxpo on whether Facebook should be banned at work. Gartner analyst Nikos Drakos said Facebook should be banned because employees could reveal confidential company information, while Gartner's Ray Valdes countered that employees could just as easily reveal that information by phone or e-mail.

Symantec recently put out an "Ask the Expert" PDF document wherein Kevin Haley, director of product managment for Symantec Security Response, describes some specific social networking threats. Indeed, socially engineered hacks and phishing are a threat on social networks, as they are via phone and e-mail, but Haley also talked about the fact that social networks' customization and third-party app capabilities are as beneficial to hackers as they are to upstanding users.

Haley provided some advice to companies making use of social networking sites, including:

• Be careful with information you put on your profile--don't reveal anything you wouldn't want made public.
• Be selective about the people you allow on the network.
• Perform ongoing security awareness training with users.
• Keep current on security trends.
• Keep IT infrastructure--including anti-virus software--up-to-date.
• Make use at least of CAPTCHAs and, better yet, of a behavior-based anti-virus solution.

It's also important to develop policies on the use of social networks--and of blogs and wikis, for that matter--both in and out of the office. (There have been several cases, for example, where people have gotten fired for posting something on a personal MySpace page.)

What is your company's policy around social networking? And,do you think social networks are a productivity boon or bane? Please let me know.