A third of US SMEs claim to have experienced malware or virus infection as a result of staff using social media websites, Panda Security's first Social Media Risk Index survey has found.
The survey of 315 staff at SMEs in July 2010 found a fairly tolerant attitude to social media, with Facebook used in 69.3 per cent of companies, Twitter in 44.4 per cent, YouTube in 32 per cent, and LinkedIn in 22.9 per cent.
Only a quarter of the SMEs actively blocked social media sites, mostly using gateway filtering, which probably has something to do with the fact that sites are now widely used for research, customer service, PR and marketing and sales, as well as by staff for purely social purposes.
The downside is that 38.2 per cent reported productivity loss, 33.3 per cent malware infection, 23 per cent privacy violations, and 18.6 per cent reckoned social media affected network resources.
The main offender cited in terms of privacy issues was Facebook on 73.2 per cent, Twitter on 50.7 per cent, YouTube on 29.6 per cent, and LinkedIn on 16.9 per cent. In terms of malware infection, Facebook was again the main offender cited by 71.6 of respondents.
"While a relatively high number of SMBs have been infected by malware from social sites, we were pleased to see that the majority of companies already have formal governance and education programs in place. These types of policies combined with up to date network security solutions are required to minimize risk and ultimately prevent loss," said Panda Security researcher, Sean-Paul Correll, threat researcher at Panda Security.
In Panda's view, controlling social media is the next security frontier, where companies will need to allow some access to sites but while at the same time disallowing certain activities such as file downloading. Current generations of security products don't usually offer such 'granularity'.
The survey does not explain is how the SMEs were able to accurately relate security issues to social media so precisely. There does, however, appear to be a trend towards controlling social media using defined staff policies as well as security systems.