Survey: Fear of data loss, security risks via social media sites on the upswing
Research from Proofpoint finds employee misuse of social media is causing security events and increasing fear among managers
By Joan Goodchild , Senior Editor
September 20, 2010 — CSO —
A new survey from California-based email security firm Proofpoint finds more organizations are dealing with data loss and security breaches due to employee use of social media sites. Proofpoint polled 261 IT decision makers at organizations with more than 1000 employees. Respondents were asked about the frequency of data loss events in the past 12 months, as well as their concerns, priorities and policies related to email, the Web, social media and other sources of data loss risk.
The survey found 20 percent of companies polled had investigated the exposure of confidential, sensitive or private information via a post to a social networking site. In many instances, the events have been severe enough to lead to job loss or disciplinary action, with seven percent of companies reporting termination of an employee for social networking policy violations. Another 20 percent disciplined an employee for not following social networking policy.
Does your organization have rules for social media use? See 4 tips for writing a great social media policy
Social networking sites such as Facebook and LinkedIn were cited by 53 percent of respondents as a high concern when it comes to the risk of information leakage. However, not all companies are concerned enough to make the sites off limits. Only 53 percent explicitly prohibit the use of Facebook and 31 percent explicitly prohibit use of LinkedIn (See also: Brand protection: The expanding CSO portfolio and Brand protection and abuse: Keeping your company image safe on social media sites).
Microblogging service Twitter was mentioned by 17 percent of companies as a source of investigation due to the exposure of confidential, sensitive or private information. Additionally, 51 percent said they are highly concerned about the risk of information leakage on Twitter (See 5 Facebook, Twitter scams to avoid and 5 more Facebook, Twitter scams to avoid).
According to Craig Shumard, CSO with Cigna Corp., the nation's fourth-largest health services provider, social networks are viewed as both a tremendous benefit to employees, as well as a security concern. But the risks they pose are not really new.
"People have had the ability to go out and express opinions on emails and blogs for some time. We spend a lot of time around training and awareness as far as ensuring people know what good behavior is on these kinds of forums," said Shumard. "Folks know they are not supposed to be speaking on behalf of Cigna or Cigna Corporation."
Shumard said he is not aware of any disciplinary action or termination that has resulted within his organization that can be attributed to an employee's use, or misuse, of social media. But Cigna, which does allow employees to access social media sites using company computers and has since 2009, did a considerable amount of education and awareness beforehand and has explained expectations clearly to employees in its social media use policy.