The inclusion of social media tools into the workplace has created a plethora of opportunities for companies to build their brand, market their product or service and amass a loyal following. It’s also introduced a huge security risk, according to the folks at the Information Systems Audit and Control Association (ISACA).
The organization just released a free white paper that outlines the top five social media risks from businesses, from viruses and malware to brand hijacking. The risks are real, to be sure, but I think it’s important that things are placed in perspective.
ISACA’s top five risks are virtually the same risks that companies face even without social networking sites coming into play:
- Brand hijacking
- Lack of control over content
- Unrealistic customer expectations of “Internet-speed” service
- Non-compliance with record management regulations
Corporate networks are, for the most part, woefully spongy and not impervious to attack. In addition, content is portable and, as such, can be pulled from corporate networks with relative ease. Think about it – how many USB drives do you carry with you on a daily basis? And do you bring your iPod to work? Both are easy – and inconspicuous – portable hard drives, perfect for downloading corporate information in a snap.
Unless companies lock down their networks to make it difficult to extract data, the risk of that data leaving the company by any means – thumb drive or social media site – will exist.
In that same vein, company networks are equally open to viruses and malware, as long as hardware that has been used outside the corporate firewall is allowed to connect to the network. Laptops, netbooks – even those USB drives – can become infected outside the network. Unless proper – and continually updated – security measures are put into place and evenly enforced, a company runs the risk of infecting its network every time it allows a laptop to leave the building.
None of what I’m saying here is new. But it bears repeating that companies are vulnerable no matter what the medium. It’s not the medium that poses the risk — it’s whose using the medium. An employee can send out sensitive corporate information via social network just as easily as he or she can download it onto a USB drive. An employee can deride a company’s product or service in an e-mail just as easily as he or she can post it to Twitter or LinkedIn. Again, it’s not the medium that poses the risk.
Social media can create huge opportunities for a company to extend its brand beyond traditional parameters. It’s their decision whether they think the risk outweighs the benefits.
Click through to see five key threats social media can present for your business.
Content downloaded from social media sites or ads on sites could harbor malware, infecting the corporate network.
A company’s name or online presence could be taken over by an imposter, exposing customers and the enterprise to fraud or misrepresentation.
Employees could post sensitive corporate information to sites, exposing the company to competitive or legal threat.
A company’s move to the digital arena could change customer expectations for service.
Information presented online could bypass governance regulations, exposing the company to legal action.