The Corporate Risks of Social Media

Charlene OHanlon

The inclusion of social media tools into the workplace has created a plethora of opportunities for companies to build their brand, market their product or service and amass a loyal following. It's also introduced a huge security risk, according to the folks at the Information Systems Audit and Control Association (ISACA).

The organization just released a free white paper that outlines the top five social media risks from businesses, from viruses and malware to brand hijacking. The risks are real, to be sure, but I think it's important that things are placed in perspective.

ISACA's top five risks are virtually the same risks that companies face even without social networking sites coming into play:

  1. Viruses/malware
  2. Brand hijacking
  3. Lack of control over content
  4. Unrealistic customer expectations of 'Internet-speed' service
  5. Non-compliance with record management regulations

Corporate networks are, for the most part, woefully spongy and not impervious to attack. In addition, content is portable and, as such, can be pulled from corporate networks with relative ease. Think about it-how many USB drives do you carry with you on a daily basis? And do you bring your iPod to work? Both are easy-and inconspicuous-portable hard drives, perfect for downloading corporate information in a snap.

Unless companies lock down their networks to make it difficult to extract data, the risk of that data leaving the company by any means-thumb drive or social media site-will exist.

In that same vein, company networks are equally open to viruses and malware, as long as hardware that has been used outside the corporate firewall is allowed to connect to the network. Laptops, netbooks-even those USB drives-can become infected outside the network. Unless proper-and continually updated-security measures are put into place and evenly enforced, a company runs the risk of infecting its network every time it allows a laptop to leave the building.

None of what I'm saying here is new. But it bears repeating that companies are vulnerable no matter what the medium. It's not the medium that poses the risk -- it's whose using the medium. An employee can send out sensitive corporate information via social network just as easily as he or she can download it onto a USB drive. An employee can deride a company's product or service in an e-mail just as easily as he or she can post it to Twitter or LinkedIn. Again, it's not the medium that poses the risk.

Social media can create huge opportunities for a company to extend its brand beyond traditional parameters. It's their decision whether they think the risk outweighs the benefits.

Add Comment      Leave a comment on this blog post
Jun 16, 2010 5:06 PM Kelly Monroe Kelly Monroe  says:
As an IT consultant I am fully aware that IT management is struggling with whether social media is productive or obstructive for companies and their employees. Software is being developed and policy and restrictions are being decided everyday by IT managers. The security of company networks are at stake but the potential for innovation using social media is a large enough carrot for the discussion of how to properly utilize the medium continues. Palo Alto networks came up with a whitepaper,, which will explore the issues surrounding social media in the workplace. It is important to not only understand the immediate benefits of doing business how one lives, but the threat it presents to a company's greater ROI and productivity when it comes to the server's safety and security. If your IT Department wants to block social media apps on the company network... and Reply
Jul 7, 2010 3:07 PM Anonymous Anonymous  says:
Social Media, when used properly and in the right context, can be a very useful tool in boosting businesses. Using media sites though, puts a company's network security and privacy at risk, and causes problems for its IT department. Some of the threats include Malware, brand hijacking, lack of control over content and a number of other things. It is therefore important to have social media policy in place. IT managers should explore issues surrounding social media in the workplace for them to make informed decisions about blocking social media sites, and to create a sound social media policy for their companies. Check out the following whitepapers from Palo Alto Networks: Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.