Facebook, Twitter Hold Risks for Businesses: ReportBy Nathan Eddy | Posted 2010-12-09 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
Businesses need to make their people aware of the risks, policies and acceptable behaviors when using social media, an Ernst & Young report cautions.
A survey from financial analyst firm Ernst & Young, part of the
company’s 13th Global Information Security Survey, indicates social networking
is not high on the list of challenges for most of their participants—nearly
1,600 senior executives in 56 countries. The report noted while social media
platforms like LinkedIn, Facebook and Twitter allow for a great level of
professional collaboration and personal interaction, businesses need to make
their people aware of the risks, policies and acceptable behaviors related to
the use of such tools both internally and in the public environment.
Only 33 percent of respondents indicated that social networking is a considerable challenge to effectively delivering information security initiatives, while only 10 percent of respondents indicated the examination of new and emerging IT trends as a critically important function. "We believe this to be an indication that although most companies recognize the fact that there are risks and information security issues related to social media and Web 2.0, only a few have thoroughly examined the issue and developed an approach that will balance the business opportunity with the risk exposure," the report noted.
Survey participants’ activities of primary focus were achieving compliance with regulations (55 percent), protecting reputation and brand (51 percent), and managing privacy and protecting personal information (44 percent). Ernst & Young analysts suggested protected privacy-related data could become increasingly difficult to achieve without an effective process in place to evaluate the risks associated with new and emerging IT trends, which encourage the sharing of personal information.
"It is encouraging that only 15 percent of our survey participants indicated that they do not have a security awareness program in place and that 42 percent plan on spending more over the next year on security awareness and training," the report noted. "However, just 34 percent of respondents currently include information updates on the risks associated with social networking."
In an attempt to control data leakage of sensitive information, 45 percent of respondents indicated that they restrict or prohibit the use of instant messaging or e-mail for sensitive data. The report said the simplest way to reduce the risks associated with social networking and Web 2.0 is to restrict or limit the use of such tools in the work environment, but cautioned it is doubtful such an approach could be successful.