Organizations at Major Risk from Malware: ISACA
As per a new study by ISACA (Information Systems Audit and Control Association), employees surfing social-networking websites at workplace greatly put their organization networks at risk. Itproportal.com reported this on June 9, 2010.
Titled as "Social Media: Business Benefits with Security, Governance and Assurance Perspectives," the report or the white-paper lists 5 possible threats capable of damaging an organization's Internet security.
Notes ISACA, malicious software comes at the top of its list since organizations find malware hardest to deal with owing to its utter danger. The paper further outlines that while malware, the greatest danger to organizations, represent an external risk, all the other components in the list associate with employee activity as well as their perception regarding the constituents they truly think as "dangerous behavior."
Moreover, ISACA underscores that when use of social-networking websites becomes a disturbance in workplace, it can result in problems with network utilization and performance for corporations. Similarly, productivity can suffer and exposure can increase towards viruses and other malware.
According to ISACA, mobile gadgets like smart phones which enterprises supply also pose dangers in case of their mismanagement. For, risks related to malware infection, theft and loss of data, and users' ability towards eluding company security's controls can increase greatly.
Additionally, the study also finds that if organization's staff post work-related details through their social-networking accounts, then it could lead to violations of corporate privacy, destruction of organization's position, and decline in company's competitive advantage with respect to production and sale.
Similarly, posting of data and images, which link employees to employers, can lead to damage of brand and reputation of a business.
Remarking about these discoveries, International Vice-President Robert Stroud of ISACA, who's also VP of IT service management and governance for CA Technologies' service management business division, stated that traditionally, enterprises attempted at regulating risk through the denial of access to the Internet, though that wouldn't be feasible with social-networking sites. CNet.com reported this on June 8, 2010.
Stroud added that organizations should embrace Internet use rather than preventing it; however, it is required to train employees on the implementation of appropriate governance of social-networking sites.
Related article: Organizations Integrating IT Security into Business Agenda
» SPAMfighter News - 17-06-2010