Social Networking Risks for Corporations

Social Networking Risks for Corporations

By Carl Timm

The rapid explosion of social networking is starting to affect corporations. Believe it or not, employee use of social networking sites while at work isn’t the only reason corporations are running into problems; corporations themselves have started using social networking sites for a multitude of reasons, such as marketing, employee communications, and emergency response services, just to name a few.

The reliance on social networking use has introduced some serious vulnerability issues for these corporations. Below is a list of some of the vulnerabilities corporations are now facing:

Attackers love using social networking sites to steal people’s identities. Since people share personal information so freely on these sites, it’s not hard to gain enough information to steal an identity. You may be wondering how this could be a risk for a corporation. The answer is pretty obvious. If an employee’s identity is stolen, that identity can be used by an attacker to create fake employee identity credentials, such as ID cards and business cards. Attackers can then use these credentials to gain access to corporate offices.

Data leakage introduces a serious risk for companies. When employees post on their social networking sites information about projects they are working on or new cool things their companies are developing, they don’t necessarily realize they are posting company proprietary information.

Legal ramifications are an often overlooked risk that corporations face when employees post to their social networking sites while at work. Should an employee indulge in such activities as sexual harassment, not only can the employee face legal actions, but the corporation could be held liable as well.

Cyber bullying really opens corporations up to potential lawsuits. If an employee posts derogatory statements about another employee while at work, both the employee and the company can be held liable should the co-worker file a lawsuit. This would also hold true if an employee posted derogatory statements about a non-employee.

Discrimination is an additional risk posed by the use of social networking sites. The risk primarily affects the area of Human Resources. Should a company use information posted on social networking sites to make decisions about candidates they are recruiting, the company faces violation of The Employment Practices Data Protection Code.

A very costly risk to corporations is reputation damage. This can occur from an employee posting inappropriate photos. Think about it. Would you want a consultant who has posted pictures of himself or herself in inappropriate situations coming in to help you restructure your organization? Most people wouldn’t. Another example of reputation damage occurs when an employee who is no longer happy with work starts posting derogatory statements about the company. This actually happens a lot more often than most people think. Either one of these situations can prove to be very costly to the reputation of a company, which in turn can affect revenues.

A company’s social networking can make it prone to Internet threats such as viruses, spyware, and malware. It’s no big secret that social networking sites have become a major distribution channel for such items. You do your best to protect your corporate network from these attacks, but simply allowing employees access to these social networking sites can bypass the security measures you’ve put in place.

This brings up the all-important question, “What can we do to protect our corporations?” The answer most will give is to simply block the use of social networking at work. This is a viable solution; however, it’s not always the best answer. A good number of corporations today are using social networking sites to market, enhance employee communication, and utilize a cheap alternative to a mass distribution system.

When determining whether to allow access to social networks or not, corporations really need to perform a risk analysis to determine whether it’s more beneficial to allow or to block these sites. Corporations that allow access to social networking sites should create a Social Networking Acceptable Use Policy to define how employees are to use these sites. The corporation will then need to monitor the use of social networking sites.

There is no way to completely eliminate the risks a corporation faces by allowing use of social networking sites. However, by taking a few precautionary measures, corporations can greatly reduce those risks.

Carl Timm is the co-author of Seven Deadliest Social Network Attacks (publishing this April). He is the Regional Director of Security for Savvis Communications. He has worked in the information security area for over 16 years, providing security and IT governance consulting services for Fortune 500 companies.