As businesses increasingly try to figure out how to use social networking tools in the enterprise , an IT governance group has released a ranking of the top five risks social media poses to companies.
The study, which lists the biggest risks businesses need to prepare for when they are using social media, was released on Monday by ISACA, a 43-year-old international organization previously known as the Information Systems Audit and Control Association that researches IT governance and control.
John Pironti, an ISACA Certification Committee member, noted that many business executives have considered some of the risks, but few have considered all of them.
"I think that the blinders have been on at a lot of enterprises," Pironti told Computerworld . "They're trying to figure out what to do about this. I think companies are as scared as they generally are with any new technology, like Wi-Fi and jump drives.
They're taking a different attitude this time. They're not just turning it off but they're acknowledging that they just can't stop the use of it. They understand that it's going to be used so how do they do it safely?" he said.
The top risks, which are laid out in an ISACA research paper , are virusesand malware , brand hijacking and lack of control over corporate content. Rounding out the top five are unrealistic expectations of customer service at "Internet-speed" and non-compliance with record-management regulations.
Pironti said ISACA isn't warning companies not to use Web 2.0 tools or to not fully embrace social networking. However, he said they need to go into it with their eyes wide open to the benefits as well as the risks.
And he added that most of the risks stem from users not understanding how their own behavior could possibly impact the company. Pironti noted that it comes down to a need for organizations to educate users about how posting something could breach company security, hurt the company's image or even open the company up to being hit by malware.
"With social media, there are so many platforms and environments to learn," said Pironti. "What are the implications of what could happen? People don't think of the damage that could occur to an organization."
"They see it as a way to explore relationship with work people. We take some of the social out of their lives by asking people to work longer hours. They're looking for a balance -- to still have a relationship with friends and peers," Pironti said.
And since workers, either on their own or with a corporate blessing, will use social networking sites such as Facebook and Twitter , Pironti said they need to understand the line between social and business. They also need to have set corporate guidelines about what information can be shared what needs to stay inside corporate walls.
However, Pironti said company execs also need to be aware themselves that workers are using social networking sites and tools so they need to have a hand in it to better protect themselves. Executives can't be aware of what is being said about a company unless someone is paying attention.