Few Canadian IT security professionals are taking the rapid spread of social media technologies in business seriously, said San Diego, Calif.-based security firm Websense Inc.
According to a Websense-sponsored survey of 421 Canadian security professionals, 70 per cent of respondents believe employees’ use of social media puts their organizations at risk. But the survey also found that only 31 per cent of responding security pros said they have the necessary security controls and policies in place to handle the new threats.
“In the old days, you tried to monitor employee Internet usage,” said Fiaaz Walji, the Canadian country manager at Websense. “I think now that our lives are lived on the Internet … security is at the top now.”
Walji said that while productivity, legal liability and bandwidth are all key issues for IT security professionals, the shift to a more social media tools in the workplace leads to a huge increase in user generated content. This has led to an increase in viruses and malware infections in enterprises which allow social media access and should catapult security as the top issue surrounding Internet usage.
The data, which was conducted by the Ponemon Institute, also found that social media policies were rarely enforced. About 36 per cent of respondents said they do not have a policy that informs its employees about acceptable social media use and another 25 per cent of respondents were actually unsure if a usage policy even existed.
“Clearly there’s a gap there from a security perspective,” Walji said.
For IT professionals, he said, righting this ship will involve getting stakeholders in every department across the business that uses social media.
“Whether it’s legal, HR, marketing, or sales, you need some champions in each department,” he said. “The key is educating. People don’t understand the risks involved with social media. IT might have a better grasp on it (than other departments).”
Walji added that a combination of paper-based policies and security tools that help enforce those policies will also be necessary at most organizations.
Other studies suggest that IT appears to be ambivalent to social media.
In a 2009 survey of over 1,400 CIOs by Robert Half Technology, more than half of the respondents said that their companies banned social media use by employees. Another 19 per cent said their companies limited social media activity to business use only.
When the staffing firm updated its social media survey this May, only 31 per cent of the CIOs polled said their companies ban social media outright.
“I don’t see IT taking the function over,” said Joseph Yanoska, vice-president of technology at Cleveland-based American Greetings Interactive. He thinks marketing should control the technology, since “it’s ultimately a tool to help the relationship with customers.”
But Paul Gillin, founder of Framingham, Mass.-based social media consultancy Paul Gillin Communications, doesn’t think that means IT should be less involved than it was when, for instance, companies began adopting ERP systems 15 years ago. “IT was very involved in that despite the fact that ERP was an accounting technology,” he said. Social media, he added, “is the future of how companies will operate, will engage with customers. IT should have an important role in it.”
– With files from Michael Fitzgerald, Computerworld U.S.