Malware top risk of employee social networking

Malware has topped the list of a new white paper from IT governance group ISACA, listing the top five risks involved in employees accessing social networking tools in the workplace.

The report, entitled Social Media: Business Benefits With Security, Governance and Assurance Perspectives, pointed to the huge popularity of sites like Facebook and Twitter proving increasingly attractive to online criminals.

Next on the list came brand hijacking, followed by lack of content control, non-compliance with rules over record keeping, and unrealistic expectations of internet performance.

Whilst it is generally acknowledged that allowing access to social networks in the workplace increases the risk to the company's systems, the picture is becoming more complicated by the number of employees using their own hardware to access the company network, and the increasing practice of using social networks for business purposes.

For this reason, ISACA urges that the traditional line adopted by many companies of simply blocking access is no longer a viable solution. Instead, it says sensible levels of access should be allowed, and companies should take responsibility for better educating employees as to the risks involved.

"Historically, organisations tried to control risk by denying access to cyberspace, but that won't work with social media," said ISACA vice president Robert Stroud, in a statement.

"Companies should embrace it, not block it. But they also need to empower their employees with knowledge to implement sound social media governance."

The document also highlighted that whilst the biggest risk to companies malware is an external threat, the rest of the list are all factors relating to employee behaviour and their understanding of what actually constitutes "risky behaviour".

"The greatest risks posed by social media are all tied to violation of trust," said ISACA Certification Committee member John Pironti.

"Social media is built on the assumption of a network of trusted friends and colleagues, which is exploited by social engineering at great cost to companies and everyday users. That is why ongoing education is critical."