Top Five Social Media Risks for Business: New ISACA White Paper

Social media governance” needed for managing risk without sacrificing opportunity

Rolling Meadows, Ill., US: ISACA today named the top five social media risks for business and recommended solutions to help businesses address security, customer service and corporate reputation risks raised by their employees’ use of social media – on the job and off.

In a complimentary new white paper titled “Social Media: Business Benefits With Security, Governance and Assurance Perspectives,” ISACA, a leading global association for enterprise governance of information technology (IT), urges organizations to actively address the following potential risks:

  • Viruses/malware

  • Brand hijacking

  • Lack of control over content

  • Unrealistic customer expectations of “Internet-speed” service

  • Non-compliance with record management regulations

Developed by a team of global ISACA experts, the white paper goes beyond the traditional look at social media in the workplace to address employees’ use of social media outside of work. It also provides detailed how-to tips for effective social media governance. A free copy can be downloaded at

“Historically, organizations tried to control risk by denying access to cyberspace, but that won’t work with social media,” said Robert Stroud, CGEIT, international vice president of ISACA and vice president of IT service management and governance for the service management business unit at CA Technologies. “Companies should embrace it, not block it. But they also need to empower their employees with knowledge to implement sound social media governance.”

Since tools like Facebook and Twitter don’t require new hardware or software from the IT department, they can be introduced by a business unit, marketing team or individual employees, bypassing the normal safeguards and risk assessment provided by IT, HR and Legal. This issue is reflected in IT department attitudes—62% of respondents to the 2010 ISACA IT Risk/Reward Barometer rated the risk posed by employees visiting social networking sites or checking personal e-mail as medium or high.

When Employees Get Social

Organizations need to consider employee behavior when developing their approach to social media policies and practices. There are four significant risks created when employees use social media, whether they are on the job or off:

Although social media provides a new entry point for technology risks such as malware and viruses, these risks are increased primarily due to lack of employee understanding of “risky behavior.” The white paper notes that any strategy to address the potential risks of social media usage should first focus on user behavior.

“The greatest risks posed by social media are all tied to violation of trust,” said ISACA Certification Committee member John Pironti, CISM, CRISC, and president of IP Architects LLC. “Social media is built on the assumption of a network of trusted friends and colleagues, which is exploited by social engineering at great cost to companies and everyday users. That is why ongoing education is critical.”

“Social Media: Business Benefits With Security, Governance and Assurance Perspectives” is an ISACA Emerging Technology white paper that examines the security, governance and assurance concerns with employee and business use of social networking and media. Reviewed by a team of ISACA members holding IT or risk management positions, the white paper addresses the benefits, risks and privacy issues surrounding social media and provides guidance on implementing controls, managing usage, maximizing value and minimizing risk. To download a free copy, visit

With more than 86,000 constituents in more than 160 countries, ISACA® ( is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance of IT, and IT-related risk and compliance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA® Journal, and develops international IS auditing and control standards. It also administers the globally respected Certified Information Systems Auditor™ (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control™ (CRISC™) designations.

ISACA offers the Business Model for Information Security (BMIS) and the IT Assurance Framework (ITAF). It also developed and maintains the COBIT®, Val IT™ and Risk IT frameworks, which help IT professionals and enterprise leaders fulfill their IT governance responsibilities and deliver value to the business.

Source: Eskenzi PR