Forrester offers advice on social media security

Facebook and other sites like it represent significant risks to the enterprise

Acceptable usage policies, content security tools and a strong governing process including user education are all vital if firms are to reap the rewards of allowing social networking use while protecting from the manifold risks, according to Forrester.

In a new report, To Facebook Or Not To Facebook, Forrester analyst Chenxi Wang argued that social media is becoming entrenched in the enterprise, but that information security managers are worried about increased security risks, such as malware, data loss and targeted attacks.

These threats can affect computer systems, staff productivity, the bottom line and the reputation of the company.

Information aggregation services like Twitter can lead to increased risk, while LinkedIn profiles are difficult to manage and present a privacy risk, the report said.

"While individual consumers may casually pick up the habit of social networking and
micro-blogging, corporate IT and risk professionals should carefully evaluate the risks of using social media in the corporate environment, in particular any heightened threats to corporate infrastructure and brand image," the report states.

To counter these risks, Wang urged security professionals to implement acceptable use policies by restricting levels of access to sites for different staff, blocking downloads and clearly communicating what can and cannot be uploaded.

The next stage is acquiring the appropriate technologies for enforcing these policies, including web filtering software, data loss prevention tools and integration with the corporate user directory.

Finally, Wang recommended that security bosses build a governing process, featuring effective communication, education and awareness training and violation management.