IT Pros Lack Tools to Protect Enterprises From Employee Social Media Use
IT professionals consider social media as a positive business tool
within the enterprise, but they were concerned they didn't have the
right technology and policies to deal with the dangers, a recent report
The "Global Survey on Social Media Risks" from the Ponemon Institute
released Sept. 29 surveyed 4,640 IT and IT security practitioners
across the globe on the problems organizations face with increased use
of social media. While respondents said they believed social networking
technology played an important role within the organization, 63 percent
agreed, or strongly agreed, that these tools represented a serious
security threat to their organizations. Only 29 percent said their
organizations had the necessary controls in place to mitigate or reduce
The biggest risks came from employees downloading malicious apps. This
could take the form of employees downloading an instant messaging
client that had malware embedded, or installing apps on social
networking sites that trick users into downloading malware on the
system. A little over half, or 52 percent, of respondents said their
organizations had experienced an increase in malware attacks as a
result of employees using social media. About 27 percent said the
attacks had increased by more than 51 percent.
"The challenge they face is how to ensure the use of social media vehicles does not jeopardize the security of their organizations' networks," Ponemon Institute wrote in the report. Respondents were also concerned about the lack of controls on what employees could post online as well as the fact that employees could be exposed to inappropriate data. Malware and data control weren't the only negative aspects of social media, the survey found. Respondents cited diminished employee productivity and excessive usage of Internet bandwidth as other issues.
Employees are using social media tools more often for non-business purposes than business, purposes, the report found.
More than half, or 65 percent, of respondents were unsure if the organization had an acceptable use policy for social media, or said the policy was not enforced. While 44 percent said there was a lack of governance and oversight, 43 percent felt other security issues took precedence. Another 41 percent said there were insufficient resources to monitor policy.
About 85 percent of respondents said it was acceptable to use social media tools to communicate within the company and 55 percent felt it was acceptable to use the technology to communicate outside the company. More than half felt social networking could be used as an email or texting channel. The survey used the word "friends" instead of "colleagues" or "business partners."
"Based on this response, we believe organizations consider social media a positive tool for encouraging collaboration and building internal relationships," the report's authors wrote.
Unacceptable use included downloading and watching videos during the
workday or downloading apps and widgets from social media sites. Only
23 percent said videos were acceptable and 8 percent thought widgets
were not a problem. Only 11 percent said it was acceptable to post
"uncensored content" on social networking sites and another 11 percent
said the same about posting to uncensored blogs. A mere 6 percent of
respondents felt all the above activities were acceptable within the
Security vendor Websense sponsored the study. Websense said the "dynamic social Web" requires real-time content security to analyze information as it is created and consumed. Signature and fixed-policy Web technologies such as antivirus do not provide appropriate threat protection, the company said in the report. About 73 percent of the respondents identified secure Web gateways as an important way to reduce social media threats.
Organizations need to understand the social media risks by creating a risk assessment, the Ponemon Institute recommended. Employees need to be educated about how their social media usage could affect the company and create a comprehensive policy on what constitutes acceptable usage.
Survey participants had an average of 10 years experience in the field, and more than half held positions at the supervisor level or higher. Approximately 42 percent of the participants worked in organizations with more than 5,000 employees.