Enterprise Social Media: Friend Or Unfriend?

The social media phenomenon has taken over the world by storm and has users gripped to it, always wanting for more. Breaking out of the bounds of personal lives, social media is making rapid headway into the enterprises as well. This requires policies and processes in place to curb the baits that come along with it. Sarat Chegu, President, ISACA, in conversation with Biztech2.com explains how IT governance can help in understanding and preventing the misuse of social media.

How severe social media baits are becoming today?

In general, the dangers of social media are quite exaggerated. I believe it will eventually come out of this initial frenzy around it. Vulnerability is part of any new technology, and social media is no exception. Awareness holds the key to distinguish what is to be ignored and what is to be accepted in terms of social media’s adoption within the enterprise. Indian enterprises need to give time for social media to stabilise from an enterprise perspective.

How should the enterprises approach social media?

For enterprises with critical business operations, social media adoption is a bit of a risky proposition at this point in time. Social media is like a double edged sword for such organisations, where there can be potential business benefits but at the same time might attract potential threats. However, social media is looked upon as a very good advertising medium. So, if companies are using it to outdo their competitors then they should devise an appropriate strategy aligned to it.

According to a recent report, 40 percent of Facebook accounts are of spammers and most of the applications are spam links. How big a concern is that?

As far as technology preparedness is concerned, it’s already there. Even 90 percent of emails we exchange fall into spam category, but now the IT departments are quite well equipped with tools that can filter spam easily. The same can be applied to social media. Other aspects like policy and compliance ignorance among employees need to be worked on. Initially, it would be very difficult to know if the person commenting on your company’s page is a potential spammer, but extensive technical and non-technical awareness can help solve this. For instance, technical awareness can relate to the use of automated tools by employees themselves to know if a link is malicious or not, and non-technical awareness can be a communication channel whereby employees can circulate information or personal experience with spammers to make others aware and proactive when using social media.

How does IT governance play a role in curbing the dangers of social media?

Adoption of social media within an enterprise brings in two-way risks. First, the enterprise is at risk because of its own presence in the social media space. Secondly, the employees who are using it on the company’s network are at risk. IT governance then comes into picture as companies can apply policies at both these two levels, regulating usage. All these policies and settings should actually be embedded within the IT governance frameworks. For audit purposes also the IT governance frameworks such as COBIT 5 play a significant role.

Who should be driving this within the organisation?

First of all, the owners of the enterprise or its top management, who are silent back-benchers when it comes to IT, should take the onus and see what policies are framed to ensure security and compliance related issues with respect to social media.

In case of social media, the CIO should ensure that the IT department is following company’s policy and is driven by an able IT governance framework. CIOs can also help initiate newer policies as per their technical expertise to counter unauthorised usage of social media from company premises.