The results from a new Websense-sponsored Ponemon “Global Survey on Social Media Risks” have revealed a dangerous gap in corporate social media security.
The study surveyed 4,640 IT and IT security practitioners in the United States, Canada, United Kingdom, Germany, France, Italy, Australia, Singapore, Hong Kong, India, Brazil, and Mexico with an average of 10 years’ experience in the field. Fifty-four percent are supervisors or above and 42 percent are from organizations with more than 5,000 employees.
We believe the following are the most salient findings from the study:
UK findings
• 68 percent of respondents believe employees’ use of social media in the workplace represents a serious security threat to my organisation. However, only 24 percent believe they have the necessary controls in place to mitigate or reduce the risk posed by social media.
• Many organisations (45 percent) do not have a policy that informs employees about the acceptable use of social media in the workplace or are unsure if such a policy exists (17 percent). Of those organisations that do have a policy, only 21 percent of respondents say the policy is enforced.
• The most acceptable uses of social media in the workplace are networking with friends inside the company (90 percent) and networking with friends outside the company (49 percent) followed by use of social network as an email or texting channel (40 percent). Least acceptable are downloading and watching videos during the workday (13 percent) and posting uncensored blog entries (12 percent) and downloading apps or widgets from social media sites (9 percent).
• According to 56 percent of respondents, viruses and malware infections are increasing as a result of social media use and 17 percent are unsure. Technologies considered by respondents to be most important to reducing or mitigating social media threats are anti-virus/anti-malware, secure web gateway and endpoint security solutions.
Key global findings
• The rapid spread of social media may have caught many organizations off guard. 63 percent agree that employee use of social media puts their organizations’ security at risk. In contrast, only 29 percent say that they have the necessary security controls in place to mitigate or reduce the risk posed by social media.
• Malware attacks have increased because of social media usage, and it’s growing. 52 percent of organizations experienced an increase in malware attacks as a direct result of employee use of social media, and 27 percent say that these attacks recently increased more than 51 percent. The United States, United Kingdom, Brazil, Germany, and Singapore report the highest increases.
• Even if they have a policy that addresses the acceptable use of social media in the workplace, 65 percent say that their organizations do not enforce it or they are unsure. The top three reasons for not enforcing these policies are: lack of governance and oversight (44 percent); other security issues are a priority (43 percent); and insufficient resources to monitor policy compliance (41 percent).
• Countries most likely to see social media as a serious threat to their organizations are Canada, Hong Kong, and Mexico. Countries least likely to see social media as a threat are France and Italy. Organizations in Germany have the most confidence in their ability to address the social media threats.
• 60 percent of employees use social media for at least 30 minutes per day for personal reasons. The United States, United Kingdom, France, Italy and Mexico have the highest use of social media for non-business reasons. Organizations in Germany have the highest use of social media for business purposes.
In this study, we asked IT and IT security practitioners in these countries about the following issues:
The importance of social media in meeting business goals today.
The existence of enforceable policies governing the use of social media tools in the workplace.
The security risks created by employee usage of social media tools.
The use of enabling security technologies to reduce or mitigate social media.
Comment from Spencer Parker, Group Product Manager at Websense:
“The use of social media in the workplace is growing at a rapid pace. Savvy businesses are using blogs, social networks, wikis and other vehicles to quickly share information with their target audiences. While antivirus and firewalls are traditional pillars of a security defence, a new security pillar is required for dynamic web content classification, advanced threat blocking, and data theft protection.
Currently many UK organisations (45 percent) do not have a policy that informs employees about the acceptable use of social media in the workplace. Organisations need to educate employees about how their social media usage could impact the company, develop social media acceptable use policies, set appropriate quotas, and most importantly, invest in the right security technologies that examine the content and context of social media sites in real time. Security that provides this real-time protection and can respond to online threats as they emerge are key to keeping employees take advantage of the benefits of social media tools safely and securely.”