Whereas companies in the past may have banned the use of social media in-house because of security concerns, that practice is largely seen as self-defeating these days. Indeed, the social media revolution has even gained traction inside the top Fortune Global 100 companies. According to Burson-Marsteller study from February, "65 percent of the largest 100 international companies have active accounts on Twitter, 54 percent have a Facebook fan page, 50 percent have a YouTube channel, and one-third (33 percent) have corporate blogs."
For a lot of companies these days, the debate isn't "Should we use social media to promote our business?" but "How can we do so securely?" A new white paper from ISACA, an association of IT and information systems professionals, tries to help by walking companies through the process of devising a social media strategy.
(See how social media was used to save lives after Haiti's earthquake by reading Joseph Straw's "Web 2.0 Helps in Disaster" from the June 2010 issue of Security Management.)
"To effectively control social media usage by both the enterprise and employees, a documented strategy (and associated policies and procedures) should be developed with the involvement of all relevant stakeholders," ISACA's white paper—Social Media: Business Benefits and Security, Governance, and Assurance Perspectives (.pdf)—advises.
The white paper addresses three areas of social media use—personal use in the workplace, personal use outside the workplace, and business use— to minimize security vulnerabilities and protect company information and its network from threats like malware and unauthorized disclosure.
♦ Screenshot of ISACA report "Social Media: Business Benefits and Security, Governance, and Assurance Perspectives."