Recently, the Information Systems Audit and Control Association (ISACA) released a white paper on social media titled “Social Media: Business Benefits and Security, Governance and Assurance Perspectives,” which highlighted the benefits and potential risks of social media.
The definitions of social media vary, but many information technology professionals define it as an outlet to disseminate information and solicit feedback on a real-time basis. Social media outlets are highly interactive, and organizations can solicit feedback on new products, drive sales and enhance brand recognition.
Chances are your organization, or at least a department within your organization is using Facebook, Twitter, Tumblr or YouTube to build a social media presence.
With the openness of the Internet and the general ease of use of social media sites, this environment really is a web version of the “wild, wild west.”
Certain risks associated with social media include:
- Employees or non-employees creating a social media page representing your company without management/IT consent or approval
- Trade secrets or other business secrets being inadvertently or even deliberately shared
- Dissatisfied customers or disgruntled employees voicing their opinions freely
- Viruses, spyware and network vulnerabilities occurring due to the interactivity and open nature of social media architecture
Since no additional technology other than an Internet connection is needed to leverage a social media tool, the likelihood that these risks will affect your organization is relatively high. Organizations must consider controls to address these social media risks. There is no cookie-cutter list of controls that should be applied to every organization. Every organization should custom-build social media controls based on the unique mix of all risks versus the benefits of using each outlet (business/sales growth, brand recognition, etc.).
Controls to consider when building social media policy include:
- The extent to which social media will be officially sanctioned by the organization
- Who is allowed to use the social media sites
- How users gain approval to use the social media sites
- Standards/policy of social media use inside and outside of the workplace
- Brand monitoring and legal involvement
- How to report false pages
If you have any questions regarding social media and how to evaluate the risks versus rewards for your organization, or if you would like to review or audit your social media program, please contact Dan Desko at email@example.com or Jim Yard at firstname.lastname@example.org.
© 2011 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.
This advice is not intended or written to be used for, and it cannot be used for, the purpose of avoiding any federal tax penalties that may be imposed, or for promoting, marketing or recommending to another person any tax-related matter.