Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

SMBs Embrace Social Media and Pay the Price

One third of small-to-medium-sized businesses (SMBs) experienced a malware or virus infection via social networks through July of this year, and 23 percent actually lost sensitive data via these networks, according to Panda Security’s first annual Social Media Risk Index.

One third of small-to-medium-sized businesses (SMBs) experienced a malware or virus infection via social networks through July of this year, and 23 percent actually lost sensitive data via these networks, according to Panda Security’s first annual Social Media Risk Index. Thirty-five percent of the respondents that were infected by malware from social networking sites suffered a financial loss, with more than a third of those companies reporting losses in excess of $5,000.Social Media Risk Index

According to the survey, SMBs’ top concerns with social media include privacy and data loss (74 percent), malware infections (69 percent), employee productivity loss (60 percent), reputation damage (50 percent), and network performance/utilization problems (29 percent). However, these concerns are not deterring SMBs from utilizing social media in business situations. Seventy-eight percent use these tools to support research and competitive intelligence, improve customer service, drive public relations and marketing initiatives or directly generate revenue.

Facebook: Top Source for Malware Infections

Facebook is by far the most popular social media tool among SMBs, with 69 percent of respondents reporting that they have active accounts with this site, followed by Twitter (44 percent), YouTube (32 percent) and LinkedIn (23 percent).

Facebook is also the top culprit for companies that experienced malware infection (71.6 percent) and privacy violations, e.g. the leaking of sensitive company information (73.2 percent). YouTube took the second spot for malware infection (41.2 percent), while Twitter contributed to a significant number of privacy violations (51 percent). For companies suffering financial losses from employee privacy violations, Facebook was again cited as the most common social media site where these losses occurred (62 percent), followed by Twitter (38 percent), YouTube (24 percent) and LinkedIn (11 percent).

Restrictive Social Media Policies Common

To minimize the risks associated with social media, 57 percent of SMBs currently have a social media governance policy in place, with 81 percent of these companies employing personnel to actively enforce those policies. This figure is in surprising contrast to larger organizations, only 40 percent of which have such policies according to the 2011 Global State of Information Security Study by CIO, CSO and PricewaterhouseCoopers. In addition, 64 percent of the SMBs reported having formal training programs to educate employees on the risks and benefits of social media.

The majority of respondents (62 percent) do not allow the personal use of social media at work. The most common disallowed activities include playing games (32 percent), publishing inappropriate content on social media sites (31 percent) and installing unapproved applications (25 percent). In addition, 25 percent of companies said that they actively block popular social media sites for employees, mainly via a gateway appliance (65 percent) and/or hosted Web security service (45 percent).

What should companies do?

Alex Thurber, SVP Worldwide Channel Operations for McAfee’s Mid Market business suggests that companies give employees the tools to use social media responsibly. “Although users can’t trust every link that people post or control, companies can put forward best practices to arm employees with the tools they need to be productive and safe. Between this type of education, and technology that can block dangerous links and applications, Web 2.0 can be used safely for business,” writes Thurber.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Nation-State

The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cyberwarfare

Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Malware & Threats

Security researchers are warning of a new wave of malicious NPM and PyPI packages designed to steal user information and download additional payloads.