Connect with us

Hi, what are you looking for?



Fortune 100 Firms Challenged by Social Media Compliance Violations: Study

A new report from Proofpoint’s Nexgate research team found that many Fortune 100 companies are not doing a good job of policing compliance violations tied to their social media accounts.

A new report from Proofpoint’s Nexgate research team found that many Fortune 100 companies are not doing a good job of policing compliance violations tied to their social media accounts.

The report, entitled the ‘State of Social Media Infrastructure, Part II’, outlines how Fortune 100 social media pages are failing to keep up with the pace of social communication while following various federal regulations. The study is based on research conducted over a 12-month period between July 2013 and June 2014 that focused on the social media presence of Fortune 100 companies.

“The average firm suffered from a total of 69 unmoderated compliance incidents during our 12 month research window,” according to the report. “These incidents that went virtually unnoticed by internal compliance staff since they were posted and not removed from public social pages. An unknown number of additional incidents occurred but were removed by compliance staff before our scanners evaluated each account at the end of the period.”

These compliance violations can come from both employees and members of the public, the report notes. Employees accounted for 12 incidents per firm, while public commenters accounted for 57. Only 47 percent of branded posts were routed through marketing and content publishing platforms despite the fact that most Fortune 100 brands own these tools, suggesting employees are either unaware, ignoring or deliberately circumventing their company’s approved publishing workflow, according to Proofpoint.

The challenge facing these organizations can be significant. According to the report, the average Fortune 100 firm has more than 320 branded social media accounts as well as thousands of followers and employees potentially interacting in discussions on social media such as Facebook, Twitter and LinkedIn.

“FINRA [Financial Industry Regulatory Authority] financial service and FDA [U.S. Food and Drug Administration] healthcare regulations are examples of standards with specific provisions covering Commenter postings,” the report explains. “These requirements require much larger scale compliance operations than regulations applied only to Brand posts.”

Nine different U.S. regulatory standards triggered incidents, including FINRA Retail Communications, FINRA Customer Response and SEC Regulation Fair Disclosure, according to the report. Financial services firms accounted for the largest volume of incidents, averaging more than 250 per firm.

Advertisement. Scroll to continue reading.

“Compliance violations pose a particular threat as they have serious financial and regulatory consequences,” said Devin Redmond, vice president and general manager of Nexgate for Proofpoint, in a statement.

The report recommends organizations establish a committee responsible for compliance with social media policies. The team should include the organization’s internal social media users – such as the marketing and sales department – and security team.

“The primary role of this crossfunctional team is to assign clear roles and responsibilities within the organization for policy, training, enforcement, and audit,” according to the report.  

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.