Advisory body names top five social media business risks

And offers tips on how to mitigate them in and out of work

Employees at risk from social engineering

IT governance industry body, the Information Systems Audit and Control Association (Isaca), has named the top five social media risks for business.

These are malware; brand hijacking; lack of content control; unrealistic customer expectations of ''internet-speed" service; and on-compliance with record management regulations.

A complementary white paper, Social Media: Business Benefits With Security, Governance and Assurance Perspectives [pdf], tackles the risks to security, customer service and corporate reputation raised by employees’ use of social media both in the workplace and outside. Isaca also recommends some solutions to help businesses address these risks.

“Companies should embrace [social media], not block it. But they also need to empower their employees with knowledge to implement sound social media governance,” said Robert Stroud, vice president of Isaca and IT service management at CA.

IT leaders are aware of some of the potential risks of social media: 62 per cent of respondents to Isaca's 2010 IT Risk/Reward Barometer rated the risk posed by employees visiting social networking sites or checking personal email as medium or high.

Risks associated with social media are increased primarily due to lack of employee understanding, says the report, and notes that any strategy to address the potential risks of social media usage should first focus on user behaviour.

“Ongoing education is critical,” said Isaca member John Pironti and president of law firm IP Architects. “Social media is built on the assumption of a network of trusted friends and colleagues, which is exploited by social engineering at great cost to companies.”