Network security pros think use of social media at work is good for business, but also creates risks they don't have the tools to address, according to a Ponemon Institute survey.
Businesses are increasing Internet bandwidth to accommodate social media use even though those polled say that use is more often for non-business activities, according to "Global Survey on Media Risks," which was sponsored by Websense.
The study surveyed 4,640 IT and IT security practitioners in the U.S, Canada, U.K., France, Germany, Italy, Australia, Singapore, Hong Kong, India, Brazil and Mexico with an average of 10 years experience. Fifty-four percent hold positions of supervisor or above, and 42% are employed by organizations larger than 5,000 employees.
Most respondents (63%) say use of social media puts the organization at risk, but only 29% say they have security controls in place to mitigate or reduce the risk, the study says.
About half (52%) say their organizations suffered increased virus and malware attacks as a result of employees' use of social media.
Most employees log more social media time for personal reasons than business reasons, with 59% using it 30 minutes per day or less for business reasons but 60% using it for personal reasons 30 minutes per day or more.
In cases where organizations have acceptable-use policies for social media, 65% say they're not enforced or they're not sure if they're enforced.
Most organizations (85%) allow social networking with friends inside the company, 55% allow it with friends outside and 54% say it's OK to use social media for emailing and texting.
The most commonly perceived downside of social media at work is diminished productivity, with 89% saying that already was or would be a result. Diminished bandwidth was cited by 77%, and 54% say loss of confidential information or violation of confidentiality policy was or would be a result.
The top five tools considered essential or very important to reduce risks caused by use of social media at work are: anti-virus and anti-malware; endpoint security; secure Web gateways; identity and access management; and mobile device management.