Top three risks companies face using social media

social-network-ownership

Social  networking has exploded in the past few years. And it is not only in the teenage or the young adult set where it  has exploded. In all demographics and all age brackets, business as well as social life, social networking is big and it is only predicted to get bigger. There is no stopping this giant juggernaut and for the most part that is a good thing. It seems that people are having a lot fun on these types of web site so what can possibly go wrong? While for the most part they are there for fun and enjoyment, there are serious implications when the consequences are not fully understood by organizations.

These social sites are 21st Century phenomena, though, along with that promise and opportunity come risk and implications when users access these networks from the office and share information about themselves. Social networking is viral and, in some cases, anonymous in nature, leading to social sites being viewed as fertile targets for hackers and criminals alike. Reasons being that social media itself allows the users to personalize their online identity and easily share information.

Risks

lack of visibility and control

Many organizations have limited or no control of social networking. Reference to below link, this might stem from ignorance of the technology or simply a naive approach to protect the organization from social network perils. These organizations usually use URL filters to either allow complete access to a site and every bit of content therein – or fully restrict access. The problem lies in identifying and controlling what users access once they get unto the site, including inappropriate material and compromised documents. Most organization lack the ability to see and analyze content once users are on the site in order to enforce policy at that level.

broadening attack surface

People have a misconception that malicious code is only coming from the dark abyss of the web, like pornography or gaming sites. How wrong this is: according to the Websense State of Internet Security, Q1-Q2 2009 survey, almost 80% of the malicious codes come from legitimate sites.  Traditional security mechanisms are defenseless against these threats. They have “mutated” into such sophisticated states that they are able to slip through the gaps of anti-virus and URL filters. These could result in a user downloading a malware application that could undisclose a company’s trade secrets.

potential for data loss

Social networking is about making connections and sharing experiences and information, however, sometimes that information is not meant to be made public. Thus, take heed of the potential risks when posting on these social sites.  It is not uncommon that users intentionally post confidential information on the site . Imagine a software programmer inadvertently posts a proprietary software code to social networking sites, disclosing intellectual property. All these could seriously impact the organization’s reputation or even put the company at the competitive disadvantage.

needing a unified organizational approach

A unified approach is the best way to ensure a comprehensive protection against what social network throws at the organizations. Organizations today need to find new ways to leverage the power of Web 2.0 without worrying about malware, inappropriate content disclosure of sensitive information.  These should include user security awareness training which should also cover the common social network malware scams and social engineering techniques used to procure personal or login information. Of course the use of strong passwords should be mandatory. Web monitoring tool should also include Data Leakage Protection tool that prevent accidental or intentional data disclosures.

Ultimately, social networking is here to stay, in personal and business domains; IT executives need to think hard when it comes to maximizing the potential benefits of social networking and minimizing the risks.

Who says life is going to easy?