Group lists top five social media risks for businesses

Threats include malware, brand hijacking and losing control over information, says ISACA

As businesses increasingly try to figure out how to use social networking tools in the enterprise, an IT governance group has released a ranking of the top five risks social media poses to companies.

The study, which lists the biggest risks businesses need to prepare for when they are using social media, was released on Monday by ISACA, previously known as the Information Systems Audit and Control Association, a 43-year-old international organization that researches IT governance and control.

John Pironti, an ISACA Certification Committee member, noted that many business executives have considered some of the risks, but few have considered all of them.

"I think that the blinders have been on at a lot of enterprises," Pironti told Computerworld. "They're trying to figure out what to do about this. I think companies are as scared as they generally are with any new technology, like Wi-Fi and jump drives.

"They're taking a different attitude this time. They're not just turning it off but they're acknowledging that they just can't stop the use of it. They understand that it's going to be used, so how do they do it safely?" he said.

The top risks, which are laid out in an ISACA research paper, are viruses and malware, brand hijacking and lack of control over corporate content. Rounding out the top five are unrealistic expectations of customer service at "Internet-speed" and noncompliance with record management regulations.

Pironti said ISACA isn't warning companies not to use Web 2.0 tools or to not fully embrace social networking. However, he said they need to go into it with their eyes wide open to the risks as well as the benefits.

And he added that most of the risks stem from users not understanding how their own behavior could possibly impact the company. Pironti noted that it comes down to a need for organizations to educate users about how posting something could breach company security, hurt the company's image or even open the company up to being hit by malware.

"With social media, there are so many platforms and environments to learn," said Pironti. "What are the implications of what could happen? People don't think of the damage that could occur to an organization.

"They see it as a way to explore relationships with work people. We take some of the social out of their lives by asking people to work longer hours. They're looking for a balance -- to still have a relationship with friends and peers," Pironti said.

And since workers, either on their own or with a corporate blessing, will use social networking sites such as Facebook and Twitter, Pironti said they need to understand the line between social and business. They also need to have set corporate guidelines about what information can be shared what needs to stay inside corporate walls.

However, Pironti said company execs also need to be aware that workers are using social networking sites, and they need to have a hand in it to better protect themselves. Executives won't be aware of what is being said about a company unless someone is paying attention.

Sharon Gaudin covers the Internet and Web 2.0, emerging technologies, and desktop and laptop chips for Computerworld. Follow Sharon on Twitter at  @sgaudin or subscribe to Sharon's RSS feed . Her e-mail address is

Copyright © 2010 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon