I think we all agree that powerful tools must be handled with care.

A nail gun is an invaluable tool for building houses, but would you let your kids, or even your office staff play with them? Definitely not, unless they have a reason to use nailguns (other than “for fun”), can demonstrate that they know how to use them without nailing themselves to the floor, and have at least read the handy reference manual, “Nailguns for Dummies”.

Michael Geist wrote about the power of Facebook (click HERE) and social networking sites in his self-described modest attempt to protest the Canadian government’s intent to pass reforms to federal copyright legislation this past month. Within a period of two weeks from starting it he watched his modest initiative snowball into a movement comprising 25,000 members on Facebook. This, together with independent efforts by others, apparently led the federal Industry Minister Jim Prentice to announce a delay in the proposed legislation.

Michael Geist must have felt something like Dr. Peter Venkman from Ghostbusters did after the first time the team tried to use their Proton Pack Beam to catch a ghost. So, how can such a great tool be dangerous? …Remember, “Important safety tip: Don’t cross the beams.”

This great example of how social networking sites can be used to achieve a desired business or social outcome surprised me to some extent. I have been observing the growing conflict between security professionals and business leaders who have vastly differing views on the risk-reward trade-offs of using social networking sites such as Facebook, MySpace, LinkedIn, etc.

To business leaders, anything that lets its sales and marketing people get a better idea of how likely customers are to buy their product or service is a good thing. To security professionals, all they see is a “free love” cult that has no regard for long term consequences of their actions.

But I see this as yet another example of how security issues depend a great deal on the situation.

Mr Geist was able to use Facebook in a very powerful and effective way. However, the amount of risk to him in this exercise depends on how careful he was in what information he divulged on the Facebook site.

If he had been careless enough to give out details of his personal life, including hints on his own practices related to copyrighted materials (eg. Does he download music from Limewire, copy images from web sites for his kids’ science projects?, etc.), his initiative may have backfired on him, and he may have become a target for people in any number of special interest communities. That’s a risk he faced and, either explicitly or implicitly, he accepted. In fact being a journalist, he faces those risks in everything he writes.

It’s not just how much information you put in a single post on such a site. These sites, and any that they link to, provide a rich environment for people looking to gather information about you, including hackers, spammers and even stalkers or more hostile individuals.

How far do you want to stick your neck out to have your cause heard? It turns out that you don’t really have to risk much, but your decisions on what to divulge about your views, practices and knowledge of other sensitive topics are often what make the difference between safe, effective use of these sites and risky use. This is what I believe most business owners and parents don’t really understand. They either fear them or love them, without knowing exactly why.

As a comparison, let’s look at the difference between social networking sites and other “tools” used in the office, and at home. With the advent of e-mail, there was certainly a big impact on how businesses and individuals communicated. Some people learned how to use e-mail very effectively to achieve business outcomes, or to achieve their own desired social outcomes.

Most of us have ended up using e-mail with a marginal positive impact on communications (some would debate this point). Nevertheless, some people are still using e-mail in very risky ways. They click on links in spam or cute video attachments, unwittingly causing their computers to become infected with viruses, stealing personal information or passwords, or even using their computer’s processing power to launch attacks on others. Attackers are like biting insects that can inject you with an anesthetic before they suck out your blood. You don’t feel it at the time, but that doesn’t mean you aren’t under a serious attack.

Just as with social networking sites such as Facebook, e-mail can be useful or harmful. But nobody has been successful in halting it’s use, and short of reconstructing the Internet, it is virtually impossible at this point to go back and make e-mail inherently more secure for the masses. Just as with the challenges Facebook presents, e-mail’s instantaneous, fast and free nature made it easy to spread information quickly, and with it, new risks.

So, today we hear of great success stories that used Facebook, or tragic suicides of teenagers harrassed by anonymous MySpace friends. The only way powerful tools can be used safely is when the users understand what consititutes risky situations, and how to avoid them.

Instead of banning Facebook and other social networking sites, security professionals, business managers and parents need to become more practical in their approach, to make sure people are aware of the risks and how to reduce them.

I have a survey running to get a better idea of how the use of these sites is being addressed by management of organizations. Click HERE to participate in the survey, or go to the Polls Archive page of this site (click HERE) to see other surveys you can participate in.

In future, I also plan to offer e-books, audio books and presentations to help educate people on how to leverage the tools around them in ways that minimize the chances of putting someone’s eye out, or damaging the business.