About half of companies have an actual social media strategy and 57% have a social media policy for their employees according to risk and business consulting firm Protiviti in their recently Internal Audit Capabilities and Needs Survey. As you might expect, businesses perceived their social media risk quite different from the reality. And that misperception starts with employees.
The risks of social media
The FBI says this about social media risk: “Humans are a weak link in cyber security, and hackers and social manipulators know this.”
In Protiviti’s study, it appears that businesses understand this as well. Businesses described the following as their biggest vulnerabilities as a result of social media:
- Brand / reputation damage
- Data security
- Regulatory compliance
- Data leakage
- Viruses / malware
It seems like most businesses are on the same page as the FBI when it come to the risks of social media, so it’s odd how poorly many businesses are mitigating these social media risks.
Curious mitigation of social media risk
57% of the companies in this study have a social media policy, but only half of those policies address proper use of community forums and only half explicitly stated the purpose of social media use in an organization. So 68% of businesses may use enterprise or public social media without telling their employees why they do it. 73% of businesses may never tell their employees how to use social media properly.
Despite this, 80% of responding businesses said that they were moderately to very effective at identifying, assessing and mitigating social media risk. Quite a disconnect between perception and reality.
Ignore the percentages for a second. They’re irrelevant and imprecise. What is important to understand is that businesses aren’t educating their employees on how to use social networks (both enterprise and commercial), that they’re not setting explicit boundaries or rules about communicating on social, and that they assume everything is okay. Realizing there is inherent risk and taking real steps to mitigate those risks is something most businesses haven’t accomplished yet.
In the study’s conclusion, they write that “formal processes remain a rarity.” Something for businesses to think about when leveraging social media in their businesses and assessing their social media risk.
What do you think? Do businesses properly plan for, identify and mitigate their social media risks?