A new Canadian survey on social media risks has revealed a dangerous gap in corporate social media security.

The research, conducted by the Ponemon Institute and sponsored by content security provider Websense, was part of a global survey of more than 4,640 IT and IT security practitioners with an average of 10 years’ experience in the field. These practitioners were located in Australia, Brazil, Canada, France, Germany, Hong Kong, India, Italy, Mexico, Singapore, United Kingdom, and the United States.

The survey found that 70% of more than 400 IT and IT security respondents in Canada said that social media in the workplace represents a serious security risk, yet only 31% report having the necessary security controls in place to mitigate it. More than 51% of Canadian respondents report an increase in malware due to social media use.

Technologies considered by respondents to be most important to reducing or mitigating social media threats are anti-virus/anti-malware (79%), endpoint security (79%), and identity and access management (76%).

Key findings

• The rapid spread of social media may have caught many organizations off guard: 70% agree that employee use of social media puts their organizations’ security at risk. In contrast, only 31% say that they have the necessary security controls – such as secure web gateways – in place to mitigate or reduce the risk posed by social media.
• Malware attacks have increased because of social media usage, and it’s growing: 51% of organizations experienced an increase in malware attacks as a direct result of employee use of social media.
• To mitigate the risks created by social media, certain technologies are preferred. Technologies considered by respondents to be most important to reducing or mitigating social media threats are anti-virus/anti-malware (79%), endpoint security (79%), and identity and access management (76%). But only secure web gateways with real-time content analysis and data loss prevention can block advanced malware and data theft attacks, many of which seek entry through social media.
• Even if they have a policy that addresses the acceptable use of social media in the workplace, 37% say that their organizations do not enforce it. Many organizations (36%) do not have a policy that informs employees about the acceptable use of social media in the workplace or are unsure if such a policy exists (25%). Of those, organizations that do have a policy, only 37% of the respondents say the policy is enforced.
• Organizations believe that IT bandwidth has been diminished as a result of social media use. The top two negative consequences of an increase in social media use were diminished productivity (96%) and reduced IT bandwidth (68%), which increase costs. In fact, 53% worry about exposure to inappropriate content and 46% are concerned about an increase in virus or malware infections.
• Social media in the workplace is used primarily for non-business purposes: 64% of respondents say that employees spend more than 30 minutes each day on non-business social media activities. In contrast, 49% estimate that more than 30 minutes is spent on social media for business purposes each day.