Facebook, Twitter a Risk for Small Businesses: Report

A survey from Panda Security finds social networking sites can be dangerous for SMBs, but their benefits remain alluring.

A survey from cloud security specialist Panda Security of 315 small to medium-size businesses with up to 1,000 employees revealed 33 percent of these companies had experienced a malware or virus infection from social networks, with 23 percent citing employee privacy violations resulting in the loss of sensitive data. In addition, 35 percent of survey respondents that were infected by malware from social networking sites suffered a financial loss, with more than a third of those companies reporting losses in excess of $5,000.

The survey, Panda's first annual Social Media Risk Index, found SMB's top concerns with social media include privacy and data loss (74 percent), malware infection (69 percent), employee productivity loss (60 percent), reputation damage (50 percent), and network performance/utilization problems (29 percent).

However, these concerns are not deterring SMBs from reaping the business benefits of social media as 78 percent of respondents reported that they use these tools to support research and competitive intelligence, improve customer service, drive public relations and marketing initiatives and directly generate revenue. "Social media is now ubiquitous among SMBs because of its many obvious business benefits, yet these tools don't come without serious risks," said Sean-Paul Correll, threat researcher at Panda Security. "In Panda's first annual Social Media Risk Index, we set out to uncover the top SMB concerns about social media and draw a correlation to actual incidence of malware infection, privacy violations and hard financial losses."

Facebook was found to be the most popular social media tool among SMBs: Sixty-nine percent of respondents reported that they have active accounts with this site, followed by Twitter (44 percent), YouTube (32 percent) and LinkedIn (23 percent). The popular social networking site was also cited as the top culprit for companies that experienced malware infection (71.6 percent) and privacy violations (73.2 percent).

YouTube took the second spot for malware infection (41.2 percent), while Twitter contributed to a significant amount of privacy violations (51 percent). For companies suffering financial losses from employee privacy violations, Facebook was again cited as the most common social media site where these losses occurred (62 percent), followed by Twitter (38 percent), YouTube (24 percent) and LinkedIn (11 percent).

To minimize the risks associated with social media, 57 percent of SMBs currently have a social media governance policy in place, with 81 percent of these companies employing personnel to actively enforce those policies. In addition, 64 percent of companies reported having formal training programs in place to educate employees on the risks and benefits of social media. The majority of respondents (62 percent) did not allow the personal use of social media at work.

"While a relatively high number of SMBs have been infected by malware from social sites, we were pleased to see that the majority of companies already have formal governance and education programs in place," Correll said. "These types of policies combined with up to date network security solutions are required to minimize risk and ultimately prevent loss."

The most common disallowed social media activities include: Playing games (32 percent); publishing inappropriate content on social media sites (31 percent); and installing unapproved applications (25 percent). In addition, 25 percent of companies said that they actively block popular social media sites for employees, mainly via a gateway appliance (65 percent) and/or hosted Web security service (45 percent).