ISACA: The five greatest risks of social networking
Of all the risks associated with employees' social networking activities, the five biggest, according to the Information Systems Audit and Control Association, are: Viruses and malware, brand hijacking, lack of control over content, unrealistic customer expectations of "Internet-speed" service and non-compliance with record management regulations.
In a white paper on social media, ISACA offers tips on how to leverage the benefits of social networking sites while mitigating the risks. The association maintains that it's more or less futile to try to block employees from the Internet, so the best strategy is to develop social networking policies with employee behavior in mind
The paper spells out four risks that result from employee use of social media, and it describes the impact of each. The first risk is that workers might send company-related information over their social networking accounts, which could violate privacy rules, damage the company's reputation or give competitors an advantage. The second risk is that they could post information or photos about themselves that link them with the company, which could damage the brand or reputation. The third is that they might spend too much time on social media at work, which could cost productivity, increase the risk of viruses and malware, and waste bandwidth. Last, workers could use company-issued smartphones or other devices to access social networking sites, which could lead to data leakage or loss.
"The greatest risks posed by social media are all tied to violation of trust," said John Pironti, member of the ISACA Certification Committee. "Social media is built on the assumption of a network of trusted friends and colleagues, which is exploited by social engineering at great cost to companies and everyday users."
For more:
- see the ISACA press release
- see the white paper: Social Media: Business Benefits With Security, Governance and Assurance Perspectives
Related Articles:
Survey: Many CIOs getting stricter about social networking
Feds push social media, but should you?
Tracking employees on social networks
Comments