2 Types of Social Media and Social Networking Risks for Enterprises

People get really worked up when discussing the dangers of social media and social networking. There are reasons to be concerned, but no need to panic.

Novel ways of interacting on-line are new to everyone, including security professionals and risk managers. I’ve been thinking about the various risks for enterprises associated with social media and social networking. In my mind, the risks fall into two categories in a business setting:

  • Risks to organizations who use social media platforms for marketing campaigns. In this scenario, the organization interacts with consumers on social networking sites, such as Facebook and Twitter, rather than focusing on bringing consumers to the websites under the organization’s direct control. The battle is fought on untrusted turf, if you will. This exposes the organization to several risks, including brand tarnishing, impersonation attacks, and the use of vulnerable IT infrastructure. For my overview of supporting social media marketing campaigns from a security perspective, see my earlier post on this topic.
  • Risks to organizations whose employees make use of social networking sites. In this scenario, the users of social networks are at risks due to the link-sharing culture of such sites, whereby they may be targeted by malicious websites and may be social engineered into installing malware or into giving up sensitive data. The organizations are also at risk when the employees inadvertently leak proprietary, regulated or otherwise sensitive information. Related risks are situations where employees reveal personal data that can be used to attack the individuals or their employers.

There are good reasons for enterprises to be concerned about the risk associated with social media and social networking. To understand what can be done about them, it’s important to understand not only the role that social networking plays in business and personal lives, but also how the associated risks can be classified. If you’re interested in my thoughts on the topic, please see my earlier social networking posts.

Lenny Zeltser


About the Author

Lenny Zeltser develops products and programs that use security to achieve business results. He is the CISO at Axonius and Faculty Fellow at SANS Institute. Lenny has been leading efforts to establish resilient security practices and solve hard security problems for over two decades. A respected author and practitioner, he has been advancing tradecraft and contributing to the community. His insights build upon real-world experience, a Computer Science degree from the University of Pennsylvania, and an MBA degree from MIT Sloan.

Learn more