Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

ISACA Names Top Five Social Media Risks for Business

Companies around the world are increasingly using social media for business marketing, support, and collaboration but also exposing themselves to risks such as non-compliance, data loss and legal issues.

Companies around the world are increasingly using social media for business marketing, support, and collaboration but also exposing themselves to risks such as non-compliance, data loss and legal issues.

ISACA today in a complimentary white paper titled “Social Media: Business Benefits With Security, Governance and Assurance Perspectives,” named the top five social media risks for business and recommended solutions to help businesses address security, customer service and corporate reputation risks raised by their employees’ use of social media.

“Social media is built on the assumption of a network of trusted friends and colleagues, which is exploited by social engineering at great cost. That is why ongoing education is critical.”

ISACA, a global association for enterprise governance of information technology with over 86,00 members, urges organizations to actively address the following potential risks:

• Viruses/malware

• Brand hijacking

• Lack of control over content

• Unrealistic customer expectations of “Internet-speed” service

• Non-compliance with record management regulations

Developed by a team of global ISACA experts, the white paper goes beyond the traditional look at social media in the workplace to address employees’ use of social media outside of work. It also provides detailed how-to tips for effective social media governance.

“Historically, organizations tried to control risk by denying access to cyberspace, but that won’t work with social media,” said Robert Stroud, CGEIT, international vice president of ISACA and vice president of IT service management and governance for the service management business unit at CA Technologies. “Companies should embrace it, not block it. But they also need to empower their employees with knowledge to implement sound social media governance.”

Since tools like Facebook and Twitter don’t require support from the IT department, they can be introduced by a business unit, marketing team or individual employees, and bypass IT, HR and Legal. This issue is reflected in IT department attitudes—62% of respondents to the 2010 ISACA IT Risk/Reward Barometer rated the risk posed by employees visiting social networking sites or checking personal e-mail as medium or high.

According to a report published earlier this year by network security company, Palo Alto Networks, healthcare and financial services firms use an average of 28 social networking applications and p2p. The report showed that these heavily regulated industries are as “connected” as universities in terms of social networking and other Web 2.0 or “rogue” apps, and have little control over social networking applications and risks as such application usage continues to increase.

“The greatest risks posed by social media are all tied to violation of trust,” said ISACA Certification Committee member John Pironti, CISM, CRISC, and president of IP Architects LLC. “Social media is built on the assumption of a network of trusted friends and colleagues, which is exploited by social engineering at great cost. That is why ongoing education is critical.”

A free copy can be downloaded at www.isaca.org/research.

Related Reading:

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Big-game malware hunters at Volexity are shining the spotlight on a sophisticated Chinese APT caught recently exploiting a Sophos firewall zero-day to plant backdoors...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...