May 21, 2012, 10:06 AM — At any given moment today, on-the-clock employees are updating their social media status, reading feeds and networking on business media sites. Moments can stretch to minutes: A recent study by the Ponemon Institute found that 60% of social media users spend at least 30 minutes a day on these sites while at work.
Social networking has become the preferred channel of communication, and while companies initially resisted on-the-job use of social media, many now embrace it as good for business. They understand that enterprise social media tools can spark collaboration among co-workers, strengthen employee productivity and improve communications. Public social networking sites may help an organization attract customers and employees, improve customer service and manage its brand image.
Slideshow: 11 Promising Enterprise Social Networks
The inherent risks of social networking, however, can be very bad for business. Chief among them: Social media can be a very effective on- ramp for malware attacks. Other threats include network breaches, intellectual property theft, leakage of sensitive business information and hijacking of Websites and social media accounts.
Containing these risks requires a security strategy that fuses policies governing the use of social media with technology that monitors and protects the corporate network. It is essential to reinforce policies and technology with thorough and continuous employee training on acceptable use of social media.
A first step in creating a social media security strategy is classification of business data so that employees understand precisely what is -- and is not -- sensitive information. This process also should specifically delineate who is authorized to access corporate content and how that information can be used.
Policies will vary by employee role and by social media site. For instance, a worker may be permitted to include employer affiliation and job title on a public profile on a business media site, but not on a personal one; HR staff may be allowed to provide more company information because doing so is essential to recruiting.
Remember that hackers now target mobile devices such as smart phones and tablet PCs. Businesses should specify whether employees are permitted to access social networking sites from these devices and which apps may be used to do so.