Social Networks Pose Security Risks To SMBs

Fewer than half of small and midsize businesses actively enforce social network security policies, finds Panda Security.

Mathew J. Schwartz, Contributor

September 14, 2010

2 Min Read

Slideshow: Cloud Security Pros And Cons

(click for larger image and for full photo gallery)

One-third of all small and midsize businesses (SMBs) have been infected by malware or viruses that spread via social networks -- most often via Facebook, followed by YouTube and Twitter. As a result, 35% experienced a financial loss.

Those findings come from a survey, conducted by Panda Security, of 315 IT personnel who have responsibility for setting or enforcing network policies at companies with between 15 and 1,000 employees. None of the surveyed organizations used Panda's products.

According to Sean-Paul Correll, a threat researcher at Panda Security, "social media is now ubiquitous among SMBs because of its many obvious business benefits, yet these tools don't come without serious risks."

For example, the survey found that social networks are responsible for a sizeable number of "human error" privacy violations. In fact, 23% of organizations reported losing sensitive data via social networks thanks to their employees. Facebook was the most typical social networking channel for privacy violations, followed by Twitter, YouTube, and LinkedIn.

Still, in this day and age, it's nearly impossible for a business to not have a social networking presence. Indeed, the study found that 78% of businesses surveyed use social media tools, with businesses having active accounts most often with Facebook (70%), followed by Twitter (44%), YouTube (32%), and LinkedIn (23%). The social networks were most often used for personal use, but even so, roughly half of firms also used them for research, competitive intelligence, customer service, and marketing. About one-third also use them for sales purposes.

Furthermore, from a security standpoint, the news from the survey is far from bleak. "While a relatively high number of SMBs have been infected by malware from social sites, we were pleased to see that the majority of companies already have formal governance and education programs in place," said Correll.

A majority -- 64% -- of SMBs have security education programs covering social networks. However, only 57% of SMBs currently have a security policy governing the use of social networking, and 81% of that group employs personnel to actively enforce those policies. This means that only 46% of organizations actively enforce social networking security policies.

Interestingly, 25% of SMBs simply block all social media during working hours through a gateway appliance (65%) and/or through a hosted web security service (45%). But during non-work hours, 69% of SMBs allow employees to use social networking tools on corporate computers.

About the Author(s)

Mathew J. Schwartz


Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights