September 20, 2010, 1:28 PM — A new survey from California-based email security firm Proofpoint finds more organizations are dealing with data loss and security breaches due to employee use of social media sites. Proofpoint polled 261 IT decision makers at organizations with more than 1000 employees. Respondents were asked about the frequency of data loss events in the past 12 months, as well as their concerns, priorities and policies related to email, the Web, social media and other sources of data loss risk.
The survey found 20% of companies polled had investigated the exposure of confidential, sensitive or private information via a post to a social networking site. In many instances, the events have been severe enough to lead to job loss or disciplinary action, with seven percent of companies reporting termination of an employee for social networking policy violations. Another 20% disciplined an employee for not following social networking policy.
Does your organization have rules for social media use? See 4 tips for writing a great social media policy
Social networking sites such as Facebook and LinkedIn were cited by 53% of respondents as a high concern when it comes to the risk of information leakage. However, not all companies are concerned enough to make the sites off limits. Only 53% explicitly prohibit the use of Facebook and 31% explicitly prohibit use of LinkedIn (See also: Brand protection: The expanding CSO portfolio and Brand protection and abuse: Keeping your company image safe on social media sites).
Microblogging service Twitter was mentioned by 17% of companies as a source of investigation due to the exposure of confidential, sensitive or private information. Additionally, 51% said they are highly concerned about the risk of information leakage on Twitter (See 5 Facebook, Twitter scams to avoid and 5 more Facebook, Twitter scams to avoid).
According to Craig Shumard, CSO with Cigna Corp., the nation's fourth-largest health services provider, social networks are viewed as both a tremendous benefit to employees, as well as a security concern. But the risks they pose are not really new.