Social Insecurity: 64% Of IT Pros Cite Serious Threat

Ponemon survey finds that IT professionals see serious risks associated with enterprise social network use--and only 29% say they have adequate protection.
10 Cool Social Media Monitoring Tools
Slideshow: 10 Cool Social Media Monitoring Tools
(click image for larger view and for slideshow)
IT professionals understand the importance of using social media in the workplace, but they worry that they don't have the right stuff--in the form of technology and policy--to mitigate the risks inherent in the use of social media, according to a Ponemon Institute report set for release Thursday.

Ponemon's "Global Survey on Social Media Risks," which was sponsored by Web security vendor Websense, includes data derived from a survey of 4,640 IT and IT security practitioners across the globe. The respondents had an average of 10 years experience in the field, and 54% hold positions of supervisor or above. Forty-two percent are from organizations of more than 5,000 employees.

The Ponemon report extrapolates that respondents consider social media a positive tool for encouraging collaboration and building relationships because 85% of respondents said it was acceptable to use social media tools to communicate with "friends" inside the company and 55% said it was acceptable to use the technology to communicate with "friends" outside the company. The use of the word "friends" in the survey--instead of, say, "colleagues" or "business partners"--is a bit of a disconnect, but that likely has more to do with how the survey was written than the way respondents perceive the function of social networking for business use and the roles of people who are using it.

Assuming that respondents do believe that the business use of social networking technology is an important tool for their organizations, they don't think they currently have the technology to effectively secure it. In the survey, 63% of respondents agreed or strongly agreed that employees' use of social media in the workplace represented a serious security threat to their organizations. Meanwhile, only 29% agreed or strongly agreed that their organizations have the necessary controls in place to mitigate or reduce the risk posed by social media use in the workplace.

[ Technology isn't enough: Social Networking Policy Requires Regular Checkups ]

The biggest risks, said respondents, come from employees downloading apps that may be laden with malware. This fear seems borne out by the fact that 52% of respondents said their organizations had experienced an increase in malware attacks as a result of employees' use of social media. Twenty-seven percent said these attacks increased more than 51%. Other risks cited by respondents come from unfettered content posting by employees.

When it comes to the most effective security tools for fighting security problems associated with social media, it seems like a mix of technology is in order. When asked to name technologies as essential or very important for reducing the risks caused by social media in the workplace, seven technologies were named by more than half of respondents: anti-virus/anti-malware ( 76% ), endpoint security systems (74%), secure Web gateways (73%), identity and access management (66%), mobile device management (60%), data loss prevention (52%), and network intelligence (51%). Device-level encryption (45%) and encryption solutions (45%) also ranked relatively high, with content-aware firewalls, IPS and IDS, and database security solutions named far less often.

In addition to an increase in malware, respondents noted that diminished employee productivity and Internet bandwidth, data loss, and exposure to inappropriate data were also consequences of their organizations' use of social media.

Interestingly, 65% of respondents said if their organizations do have an acceptable use policy covering social media, the policy is not enforced or they are unsure of whether their organizations enforce it. Reasons provided include lack of governance and oversight (44%), other security issues taking precedent (43%) and insufficient resources to monitor policy (41%).

Presumably unofficially, acceptable use includes social networking with the aforementioned friends inside the company (85%) and social networking with friends outside the company (55%). Also getting a nod by more than 50% of respondents was the use of social networking as an email or texting channel. Less acceptable, according to respondents, is downloading and watching videos during the workday, with only 23% saying that was considered acceptable use, and downloading apps or widgets from social media sites, with 8% citing the activity as acceptable. When it comes to posting "uncensored content," 11% said it is acceptable at their organization. The same percentage said posting uncensored blogs was acceptable. Only 6% said "none of the above" is considered acceptable use.

Attend Enterprise 2.0 Santa Clara, Nov. 14-17, 2011, and learn how to drive business value with collaboration, with an emphasis on how real customers are using social software to enable more productive workforces and to be more responsive and engaged with customers and business partners. Register today and save 30% off conference passes, or get a free expo pass with priority code CPHCES02. Find out more and register.

Editor's Choice
Brian T. Horowitz, Contributing Reporter
Samuel Greengard, Contributing Reporter
Nathan Eddy, Freelance Writer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing