For a lot of organizations the use of social media is a “can’t live with it and can’t live without it” situation. Risk assessment is conducted to determine the effects of social media. Risk is assessed by identifying threats and vulnerabilities, then determining the likelihood and impact for each risk.
Regarding social media risks, common risks that are mentioned often are as following:
Reputation Damage: An organization’s reputation, brand, and goodwill are an asset to the organization. But if this asset is affected in a negative way, then that organization’s customers no longer wish to conduct business with them.
Information Leakage: If Information held by an organization is impacted in a negative way, it may lead to financial losses.
Data Loss: Any data held by the corporation may be at risk. This includes propriety information or intellectual property.
Piracy and Infringement: Social media is used to advertise the pirated content such as an e-book, any type of software, digital copies of music, movies, and computer based training videos and further social media provide the access links to the IP, which is usually posted in blogs and forums.
Corporate Espionage: Attackers can use social media to directly steal trade secrets or use social media as a vehicle to eventually gain access into the organization to acquire such secrets. That access could be as a result of wayward or disgruntled employee posts.
Reconnaissance: Social networking creates an exposure point. The professional social networking site such as LinkedIn provides interesting insights about an organization’s technology. Discussion forums offer a source for determining the technology being used within an organization.
Organizational Financials: Premature release of the financials by the employees in social media con becomes a regulatory issue, especially with a Self-Regulating Organization or the Securities Exchange Commission.
Control over published data may be a subject of the social media site but the owner of a social media site can also censor the content on its site. The process of moderating the content reduces the risks of violating laws, incurring legal liability such as defamation, and dissemination of inaccurate information. Social media can be a medium for personal attacks such as blackmailing, extortion, cyber bullying & cyber stalking.
Social media sites are served as web pages. That makes them vulnerable to any type of web application attack, including buffer overflows, cross site scripting (XSS), and code injection. For some sites that use a SQL back end, even SQL injection is possible.
With my experience of more then 5 year in IT industry recommends that once an organization has determined its risk exposures, then a decision is required to select which risks should be addressed. A good starting place is to implement social media Acceptable Use Policies (AUP), either as a separate policy or integrated into existing AUPs. Some other measures to tackle the risk of social media suggested by author are providing training and awareness regarding the implementation of policies and procedures to combat the risk of social media.