One third of small-to-medium-sized businesses (SMBs) experienced a malware or virus infection via social networks through July of this year, and 23 percent actually lost sensitive data via these networks, according to Panda Security’s first annual Social Media Risk Index. Thirty-five percent of the respondents that were infected by malware from social networking sites suffered a financial loss, with more than a third of those companies reporting losses in excess of $5,000.
According to the survey, SMBs’ top concerns with social media include privacy and data loss (74 percent), malware infections (69 percent), employee productivity loss (60 percent), reputation damage (50 percent), and network performance/utilization problems (29 percent). However, these concerns are not deterring SMBs from utilizing social media in business situations. Seventy-eight percent use these tools to support research and competitive intelligence, improve customer service, drive public relations and marketing initiatives or directly generate revenue.
Facebook: Top Source for Malware Infections
Facebook is by far the most popular social media tool among SMBs, with 69 percent of respondents reporting that they have active accounts with this site, followed by Twitter (44 percent), YouTube (32 percent) and LinkedIn (23 percent).
Facebook is also the top culprit for companies that experienced malware infection (71.6 percent) and privacy violations, e.g. the leaking of sensitive company information (73.2 percent). YouTube took the second spot for malware infection (41.2 percent), while Twitter contributed to a significant number of privacy violations (51 percent). For companies suffering financial losses from employee privacy violations, Facebook was again cited as the most common social media site where these losses occurred (62 percent), followed by Twitter (38 percent), YouTube (24 percent) and LinkedIn (11 percent).
Restrictive Social Media Policies Common
To minimize the risks associated with social media, 57 percent of SMBs currently have a social media governance policy in place, with 81 percent of these companies employing personnel to actively enforce those policies. This figure is in surprising contrast to larger organizations, only 40 percent of which have such policies according to the 2011 Global State of Information Security Study by CIO, CSO and PricewaterhouseCoopers. In addition, 64 percent of the SMBs reported having formal training programs to educate employees on the risks and benefits of social media.
The majority of respondents (62 percent) do not allow the personal use of social media at work. The most common disallowed activities include playing games (32 percent), publishing inappropriate content on social media sites (31 percent) and installing unapproved applications (25 percent). In addition, 25 percent of companies said that they actively block popular social media sites for employees, mainly via a gateway appliance (65 percent) and/or hosted Web security service (45 percent).
What should companies do?
Alex Thurber, SVP Worldwide Channel Operations for McAfee's Mid Market business suggests that companies give employees the tools to use social media responsibly. "Although users can’t trust every link that people post or control, companies can put forward best practices to arm employees with the tools they need to be productive and safe. Between this type of education, and technology that can block dangerous links and applications, Web 2.0 can be used safely for business," writes Thurber.