2 Types of Social Media and Social Networking Risks for Enterprises

People get really worked up when discussing the dangers of social media and social networking. There are reasons to be concerned, but no need to panic.

Novel ways of interacting on-line are new to everyone, including security professionals and risk managers. I’ve been thinking about the various risks for enterprises associated with social media and social networking. In my mind, the risks fall into two categories in a business setting:

  • Risks to organizations who use social media platforms for marketing campaigns. In this scenario, the organization interacts with consumers on social networking sites, such as Facebook and Twitter, rather than focusing on bringing consumers to the websites under the organization’s direct control. The battle is fought on untrusted turf, if you will. This exposes the organization to several risks, including brand tarnishing, impersonation attacks, and the use of vulnerable IT infrastructure. For my overview of supporting social media marketing campaigns from a security perspective, see my earlier post on this topic.
  • Risks to organizations whose employees make use of social networking sites. In this scenario, the users of social networks are at risks due to the link-sharing culture of such sites, whereby they may be targeted by malicious websites and may be social engineered into installing malware or into giving up sensitive data. The organizations are also at risk when the employees inadvertently leak proprietary, regulated or otherwise sensitive information. Related risks are situations where employees reveal personal data that can be used to attack the individuals or their employers.

There are good reasons for enterprises to be concerned about the risk associated with social media and social networking. To understand what can be done about them, it’s important to understand not only the role that social networking plays in business and personal lives, but also how the associated risks can be classified. If you’re interested in my thoughts on the topic, please see my earlier social networking posts.

Lenny Zeltser

Updated

About the Author

Lenny Zeltser is a seasoned business and technology leader with extensive information security experience. He builds creative anti-malware solutions as VP of Products at Minerva. He also trains incident response and digital forensics professionals at SANS Institute. Lenny frequently speaks at industry events, writes articles and has co-authored books. He has earned the prestigious GIAC Security Expert designation, has an MBA from MIT Sloan and a Computer Science degree from the University of Pennsylvania.

Learn more