A recent report by Global Secure Systems and Infosecurity Europe UK found that social networking sites like Facebook, MySpace and Bebo cost businesses as much as 6.5 billion pounds (AU$14 billion) a year in lost productivity, according to an article in the SiliconRepublic.

The report - which surveyed 776 office workers of their social networking habits - most workers claimed to have spent at least 30 minutes a day on social networks.

The SiliconRepublic article (a link to the actual report wasn't available as of yet) had these two interesting tidbits as well:

Infosecurity Europe held a meeting of 20 Chief Information Security Officers, who claimed that social networking sites on the top of their to-do lists for security and that the sites alone were eating up between 15 and 20 percent of their companies' bandwidth. One CISO even reported his company had blocked Facebook for consuming 30 percent of the company's bandwidth at work.

Claire Sellick, Infosecurity Europe's Event Director, said very bluntly: "It would appear that most CISO and IT Directors loathe social networking sites and if they had their way would ban them completely, but what is also coming across loud and clear is that the HR departments actually welcome the use of these sites - so there is a lot of internal pushing and shoving going on between HR and IT over how best to manage these sites."

Here at CIO, we've had a pretty healthy debate about the issue of Facebook within the context of the enterprise. It first started when our publisher emeritus, Gary Beach, wrote a column saying he'd shunned Facebook as an application for kids and would invite IT luminaries and CIOs to join him on LinkedIn, the social network aimed at professionals. On the other hand, our editor in chief, Abbie Lundberg, has fallen head over heels for Facebook, as evinced by her confessions of a Facebook addict.

I argued CIOs should be on Facebook and LinkedIn for both professional and personal reasons, while Senior Editor Tom Wailgum proclaimed he simply didn't have the time for Facebook altogether.

In all those accounts, however, we never directly debated the merits of banning it within corporate walls. I, for one, believe it would be a mistake. I don't accept the productivity loss argument. Every new technology is what an employee makes of it. IM is a perfect example. The employees who chat with their friends all day are inefficient, distracted workers (who, let's face it, won't last at the organization), while the employees who chat with their colleagues, business partners, customers and other contacts are probably incredibly productive.

The security question is more interesting (and valid). While there are security risks with social networks, I don't see them as being substantively different than the risks of web-browsing in general (a conclusion I came to after researching a Facebook widget that installed malware on users' computers). So unless you're willing to ban web access - and, in doing so, risk losing your best talent to competitors with more progressive usage policies - it seems counterintuitive to single out the social networks. It's the job of corporate IT departments to educate their users on what is and what isn't safe on the web. I see no reason that educational process can't be extended to social networks.

By banning social networks, companies would, in effect, discourage employees from making connections with each other, and with customers (the latter, by the way, usually leads to sources of revenue). That, to me, seems risky.