The inclusion of social media tools into the workplace has created a plethora of opportunities for companies to build their brand, market their product or service and amass a loyal following. It’s also introduced a huge security risk, according to the folks at the Information Systems Audit and Control Association (ISACA).
The organization just released a free white paper that outlines the top five social media risks from businesses, from viruses and malware to brand hijacking. The risks are real, to be sure, but I think it’s important that things are placed in perspective.
ISACA’s top five risks are virtually the same risks that companies face even without social networking sites coming into play:
- Brand hijacking
- Lack of control over content
- Unrealistic customer expectations of “Internet-speed” service
- Non-compliance with record management regulations
Corporate networks are, for the most part, woefully spongy and not impervious to attack. In addition, content is portable and, as such, can be pulled from corporate networks with relative ease. Think about it – how many USB drives do you carry with you on a daily basis? And do you bring your iPod to work? Both are easy – and inconspicuous – portable hard drives, perfect for downloading corporate information in a snap.
Unless companies lock down their networks to make it difficult to extract data, the risk of that data leaving the company by any means – thumb drive or social media site – will exist.
In that same vein, company networks are equally open to viruses and malware, as long as hardware that has been used outside the corporate firewall is allowed to connect to the network. Laptops, netbooks – even those USB drives – can become infected outside the network. Unless proper – and continually updated – security measures are put into place and evenly enforced, a company runs the risk of infecting its network every time it allows a laptop to leave the building.
None of what I’m saying here is new. But it bears repeating that companies are vulnerable no matter what the medium. It’s not the medium that poses the risk -- it’s whose using the medium. An employee can send out sensitive corporate information via social network just as easily as he or she can download it onto a USB drive. An employee can deride a company’s product or service in an e-mail just as easily as he or she can post it to Twitter or LinkedIn. Again, it’s not the medium that poses the risk.
Social media can create huge opportunities for a company to extend its brand beyond traditional parameters. It’s their decision whether they think the risk outweighs the benefits.