Organisations don’t have sufficient security for social media

Results have just landed in my inbox from a new global survey on social media risks. What’s interesting is that the survey revealed a dangerous gap in corporate social media security.

The study surveyed 4,640 IT security practitioners in the US, Canada, United Kingdom, Germany, France, Italy, Australia, Singapore, Hong Kong, India, Brazil, and Mexico with an average of 10 years’ experience in the field.

The most salient findings from the study:

  • 68 percent of respondents believe employees’ use of social media in the workplace represents a serious security threat to my organisation. However, only 24 percent believe they have the necessary controls in place to mitigate or reduce the risk posed by social media.
  • Many organisations (45 percent) do not have a policy that informs employees about the acceptable use of social media in the workplace or are unsure if such a policy exists (17 percent). Of those organisations that do have a policy, only 21 percent of respondents say the policy is enforced
  • The most acceptable uses of social media in the workplace are networking with friends inside the company (90 percent) and networking with friends outside the company (49 percent) followed by use of social network as an e-mail or texting channel (40 percent). Least acceptable are downloading and watching videos during the workday (13 percent) and posting uncensored blog entries (12 percent) and downloading apps or widgets from social media sites (9 percent).
  • According to 56 percent of respondents, viruses and malware infections are increasing as a result of social media use and 17 percent are unsure. Technologies considered by respondents to be most important to reducing or mitigating social media threats are anti-virus/anti-malware, secure web gateway and endpoint security solutions.
  • The rapid spread of social media may have caught many organisations off guard. 63 percent agree that employee use of social media puts their organisations’ security at risk. In contrast, only 29 percent say that they have the necessary security controls in place to mitigate or reduce the risk posed by social media.
  • Malware attacks have increased because of social media usage, and it’s growing. 52 percent of organisations experienced an increase in malware attacks as a direct result of employee use of social media, and 27 percent say that these attacks recently increased more than 51 percent. The United States, United Kingdom, Brazil, Germany, and Singapore report the highest increases.
  • Even if they have a policy that addresses the acceptable use of social media in the workplace, 65 percent say that their organisations do not enforce it or they are unsure. The top three reasons for not enforcing these policies are: lack of governance and oversight (44 percent); other security issues are a priority (43 percent); and insufficient resources to monitor policy compliance (41 percent).
  • Countries most likely to see social media as a serious threat to their organisations are Canada, Hong Kong, and Mexico. Countries least likely to see social media as a threat are France and Italy. Organisations in Germany have the most confidence in their ability to address the social media threats.
  • 60 percent of employees use social media for at least 30 minutes per day for personal reasons. The United States, United Kingdom, France, Italy and Mexico have the highest use of social media for non-business reasons. Organisations in Germany have the highest use of social media for business purposes.

“The use of social media in the workplace is growing at a rapid pace”, said Spencer Parker, Group Product Manager at Websense, the company who sponsored the survey with Ponemon.

“Savvy businesses are using blogs, social networks, wikis and other vehicles to quickly share information with their target audiences. While antivirus and firewalls are traditional pillars of a security defence, a new security pillar is required for dynamic web content classification, advanced threat blocking, and data theft protection.

“Currently many UK organisations (45 percent) do not have a policy that informs employees about the acceptable use of social media in the workplace. Organisations need to educate employees about how their social media usage could impact the company, develop social media acceptable use policies, set appropriate quotas, and most importantly, invest in the right security technologies that examine the content and context of social media sites in real time.

“Security that provides this real-time protection and can respond to online threats as they emerge are key to keeping employees take advantage of the benefits of social media tools safely and securely.”

Christian Harris is editor and publisher of BCW. Christian has over 20 years' publishing experience and in that time has contributed to most major IT magazines and Web sites in the UK. He launched BCW in 2009 as he felt there was a need for honest and personal commentary on a wide range of business computing issues. Christian has a BA (Hons) in Publishing from the London College of Communication.