Social Media Marketing

Per Hellqvist (Sweden) - Social Networks Trick and Treat

"The Social Network" is opening all over the world and it is clear that social networks are here to stay and influence the behavior of people, organizations and IT. For many people they are the perfect mix of the work and leisure, professional and personal life and businesses have rushed to adopt social networks in their marketing efforts to gain new business.

Symantec did a survey some time ago and it shows that simply having a presence on social networks is good for business. 52% of respondents said that a company's presence on social media positively impacts their opinion of the company. 32% wouldn't want to work for a company that banned them from social networks at work. 46% of the people admitted that they accessed social media at work for personal reasons. 28% use social media 3 times or more each day. Some would even forego a bathroom break rather than give up their social media!

However, for IT management social networks remain a major security concern. During the past years social media has become more established, and the ability for IT management to block access to social media not very likely today.

Two years ago we surveyed IT Security professionals and found that 77% were concerned about the security risks of their end users using social networks at work. In our 2010 State of Enterprise Security Report we could see that social media was still a major concern; 84 % of CIOs and CISOs considered social networking sites to be a serious threat to their security.

And with reason, social media presents many opportunities for attackers to find personal information that can be used in social engineering to target specific individuals. Attackers can track social media activity to learn personal information such as friends, hobbies, and location information (where they work, are they on vacation, etc.). Even worse, users can leak sensitive information on social media, either by accident or on purpose. And of course social media is an active attack vector for spam and malware. Whether it's a mass attack or targeted, when users are surrounded by friends it's simple to get them to click on seemingly legitimate links.

What is IT doing about it? Two years ago, 28% blocked social media. Today, only 5%. In our recent survey, 42% of employees we surveyed said their company had no policies about social media in the workplace. The companies may be worried, but they are doing nothing to educate users and guide them in the safe behavior needed when using social media. That's putting your head in the sand, you can't stop social media, but you can address the risk.

Companies can significantly reduce risk by developing a social media policy that lays out specific employee policies or guidelines. They can also use technology to develop and automate IT policies. But it's the ability to enforce a policy or continuously monitor the company's status against the policy over time that provides the real value.

The influence of social media cannot be denied and in many cases it can be beneficial to businesses to participate in social networking. However, a balance needs to be struck between legitimate and productive use of social media and IT security. By using a combination of policies, technology, and employee education, organizations can achieve that balance and still enjoy all the benefits of social networking.


By Per Hellqvist, Senior Security Specialist Symantec Sweden and Kevin Haley, Director, Symantec Security Technology and Response




« Smita Sharma (UAE) - The False Cloud: Moving Beyond the Buzzwords


Gary Hull (Australia) - The Power Struggle »