The Information Systems Audit and Control Association (ISACA) report ‘Social Media: Business Benefits and Security,’ (SM-BBS) starts out with the premise that ‘the days of recommendations to keep social media usage out of the enterprise are gone.’ Social media use is now the rule not the exception. Does this mean that your company is doomed if it doesn’t have a Facebook page? Seemingly 65 of Fortune 100 companies do. ‘Social media’ is defined as any communication channel that embraces user feedback.
SM-BBS homes in on the risks associated with enterprise use of SM. Because use does not require any special hardware or software, SM use may escape the normal risk assessment, exposing the enterprise to improper and or insecure use. Vulnerabilities such as insecure applications on an employee’s personal social media page may cause unacceptable exposure on a corporate network. Moreover, ‘malicious outsiders could use employee social media pages to launch targeted attacks by gathering information to execute sophisticated social engineering campaigns.’ The report enumerates numerous IT and social risks and offers mitigation strategies. These should leverage structured approaches such as the Risk IT and CobiT methodologies promoted by ISACA.
The report concludes that ‘emerging communication technology offers great opportunities to interact with customers and business partners [but] there are significant risks to those who adopt this technology without a clear strategy that addresses both the benefits and the risks. Likewise there are risks and potential opportunity costs for those who think that ignoring this revolution in communication is the appropriate way to avoid the risks it presents.’ More from www.isaca.org.
© Oil IT Journal - all rights reserved.