Study: Organizations Waking Up To Social Media Security Risks


Social media is funneling all sorts of useful information into workplaces, but it's not without its risks. These extend not just to malware and data leakage, but also to the very real possibility that employees could spend all day on Facebook without getting any work done.

And with social media taking hold so quickly, many organizations are now coming to grips with the fact that giving their employees unfettered access to social media isn't a good idea.

According to the Ponemon Institute's new Global Survey on Social Media Risks", released Thursday, 63 percent of respondents said they believe employees' use of social media brings added security risks, while only 29 percent were confident that the security technology they have in place is sufficient to deal with these risks.

"Social media is a huge playing field for connectivity that cybercriminals can use to their advantage," said Tom Clare, senior director of product marketing at Websense, which sponsored the study. "How to protect data is now a senior management discussion topic."

The study surveyed 4,640 IT and IT security professionals in the U.S., Canada, U.K., France, Germany, Italy, Australia, Singapore, Hong Kong, India, Brazil and Mexico, who have an average of 10 years of experience in the field. Fifty-four percent of respondents hold managerial and executive positions, while 42 percent come from organizations with 5,000 or more employees.

While social media does have business-related benefits, particularly in sales, marketing and human resources, it's also notorious for exerting a trance-like effect on employees when they're using it for non-work related purposes.

This is reflected in the survey results: 89 percent of respondents said they've seen employee productivity drop due to social media, while 77 percent acknowledged seeing corporate bandwidth levels take a hit.

Survey respondents also indicated that social media can open the door to malware. Fifty-two percent of survey respondents said they've seen a rise in social media related malware, while 23 percent said they haven't and 25 percent said they aren't sure. Antivirus, anti-malware, secure Web gateway and identity and access management are useful in combating social media induced malware, according to the study.

Real time content security is also important for companies that are using social media, as examining data in real time as it's created and consumed can help prevent sensitive information from leaking, according to Clare.

"Traditional defenses such as antivirus aren't enough -- you need real time analysis," Clare said. "You can't just go at this with static signatures and policies."

Organization still need antivirus and firewall to block known threats, and e-mail and web gateways with built-in threat protection covers the types of threats that social media can introduce, Clare said.

Bandwidth management is the last piece of the puzzle, at least when it comes to ensuring that employees don't spend all day watching movies of their friends' new frolicking puppies and kittens.

"Allowing social media into the organization isn't a binary decision. If you say yes, you need all of these layers," said Clare.