Online Extra: Malware Increasingly Making Its Way into Organizations Through Social Media

To say ‘social media is everywhere’ these days may be slightly archaic. Of course it’s everywhere. Facebook has 1.336 billion worldwide users; WhatsApp has 600 million; Skype has 300 million. Chances are, you’re reading this article with at least one social media application running or open in a browser right now.

But why, then, aren’t these social media platforms as secure as they could be? A new ‘Best Practices for Social Media Archiving and Security’ survey from Osterman Research, sponsored by Actiance, GWAVA and Smarsh, found that although enterprise and consumer-focused social platforms abound in modern organizations, social media remains a threat for many companies.

The report found just 54% of organizations feature a written policy governing the use of public social networks, while just 51% have policies governing enterprise social media usage. This is despite the survey finding 82% of organization use Microsoft SharePoint for enterprise social purposes, while more than half of surveyed organizations use each of Facebook, Twitter and LinkedIn.

Michael Osterman, president of Osterman Research, told Internet Law & Strategy‘s ALM sibling, Legaltech News, that this low percentage was ‘really not all that surprising’ in his view. He added, ‘The use of social media has grown more or less organically in most organizations, and so IT tends to play catch-up with regard to social media, BYOD and other trends that have been initiated by users.’

What did surprise him, however, was social media’s use as a source of malware information. The survey found 18% of organizations have had malware enter their network through social media, while an additional 25% have had a malware attack of unknown origin.

‘This is higher than I would have thought, but certainly not out of line in the context of other ingress points like e-mail or Web surfing,’ Osterman explained.

The Osterman Research whitepaper said malware can enter an organization through social media in a number of ways. Some common examples include Twitter link shorteners hiding a malicious site, fake social media accounts leading followers to download malware, or even facilitate state-sponsored attacks, such as what Twitter faced in December 2015.

‘It’s clear that securing the perimeter of social media communications is a critical part of risk management. Organizations need to know how their employees are using social media for business communication to protect both the company and the employee,’ said Ken Anderson, vice president of marketing at Smarsh. ‘There are more inadvertent and malicious leaks of information these days, which can compromise a company’s security, and reputation.’

That is not to say social media does not have its upsides. Indeed, 66% of organizations hope to improve the problem of communication between departments and functions using social media; 63% said they hope social media provides a greater amount of collaboration overall. And, the paper noted, social media can lead to faster decision-making capabilities, better customer service, and an improved corporate culture with greater connections.

Still, the paper warned, organizations should take a three-step approach to secure their social media usage. First, they should identify how and why social media is being used. Second, they should implement appropriate, secure policies for everything from usage to archiving. And third, they should actively monitor social media use for policy compliance and potential malware.

‘It has been my experience that many organizations are not very proactive in preventing problems before they occur, instead preferring to address problems after they come up,’ Osterman said. ‘Organizations should definitely establish these policies proactively, but many do not. Even in some financial services firms, which are governed by FINRA regulators that have been fairly aggressive in defining requirements for social media (dating back to 2010), many broker-dealers are not proactive in ensuring proper use of social media.’

He also added, ‘With regard to why decision makers are not more proactive, I think it’s a case of priorities. It’s difficult to carve out the time, effort and budget to address problems that will occur when having to do so for problems that already have occurred.’

The full 16 page whitepaper can be downloaded from’Osterman Research online.

–’Zach Warren, Legaltech News

‘