ISACA Details Business Risks and Benefits of Social Media

Lora Bentley
Slide Show

ISACA: Top Four Social Media Risks for Business


In recent weeks I've talked with several different experts about the risks companies must consider when deciding how and when to jump into social media as part of a corporate strategy, whether its focus is customer service, marketing, research or some other goal.


John Cass at Pace Communications points out the importance of common courtesy - asking customers or partners for permission before blogging about them, paying attention to copyright and fair-use requirements, making clear when a post has been changed or updated, and so on. He also notes that a clear blogging strategy can answer a lot of questions before they even come up.


Phil Eschels, a partner in the Louisville, Ky., offices of Greenebaum Doll & McDonald who focuses on labor and employment law, understandably focused on what companies want to protect and avoid when crafting social media policies, so as to decrease the liability risks that come with a platform that reaches so many. Trade secrets and proprietary intellectual property should not be fair game for corporate blogs or Facebook pages, he says. Neither should employees post anything that can be viewed as discriminatory or libelous.


Last week, I found a free white paper on the ISACA website that sets out detailed explanations of the risks social networking creates as well as what companies need to do to combat them. It's interesting to note that from the beginning, the Information Systems Audit and Control Association admits that choosing to forego social networking altogether is not an option in today's business world. Indeed, the first two sentences state:

Gone are the days of recommendations to keep social media usage out of the enterprise. Businesses today find that social media use is no longer the exception, but rather the rule.

So then, the risks that social media create cannot be avoided, and they must be managed diligently.


According to ISACA, social media risks are created in three different ways:

  • Personal use at work.
  • Personal use outside work.
  • Business use.


For example, if an employee uses personal accounts to communicate work information, there's a risk of privacy violations as well as a loss of competitive advantage if trade secrets or other proprietary information is leaked, not to mention a risk of damaging the company's reputation. To combat these risks, companies should ensure that social media policies address the posting of work-related information, have procedures in place to enforce those policies and conduct training that will increase awareness of these policies and why they exist.


You can check out the full paper, "Social Media: Business Benefits and Security, Governance and Assurance Perspectives," in ISACA's Knowledge Center.

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.

Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.