Small businesses and small business ecommerce sites have embraced social media as a means to advertise their products and services and connect with customers, but this affinity for sites like Facebook and Twitter has also put data -- their own and their customers' -- at greater risk.
Security software vendor Panda Security's Social Media Risk Index (available in PDF format) study found that 33 percent of the 315 U.S.-based SMBs surveyed have endured at least one significant malware or virus infection from social networks.
And of that infected group, 35 percent said they've suffered some sort of financial loss as a result of the security breach. Facebook was cited at the No. 1 culprit, followed by YouTube and Twitter. One-third of these of breaches cost in excess of $5,000 apiece, according to the report.
Researchers said they expect these numbers to continue to grow as more hackers target smaller companies that often lack either the budget or the resources to shore up their data networks compared to their enterprise brethren.
"Social media is now ubiquitous among SMBs because of its many obvious business benefits," Sean-Paul Correll, a threat researcher at Panda Security, said in the report. "Yet these tools don't come without serious risks."
To meet this growing demand for SMB-appropriate security applications and services, vendors such as McAfee (NYSE: MFE), Symantec (NASDAQ: SYMC), Dell (NASDAQ: DELL) and others are rolling out integrated security offerings designed to provide adequate security for smaller companies and their limited IT budgets.
But antivirus and endpoint security applications can only do so much. In order to maintain consistent and reliable protection from ever-more-creative phishing and malware scams, companies of all sizes need to incorporate ironclad governance and education programs and procedures throughout their companies to ward off new emerging threats.
Surprisingly, most SMBs are actually doing a good job on this front.
The survey found that 57 percent of companies with less than 1,000 employees have already installed a social media governance policy. More important, 81 percent of those companies said they also have the personnel in place to actively enforce those policies. Another 64 percent said they have formal training programs in place to teach workers about the inherent risks and benefits of social media sites.
"While a relatively high number of SMBS have been infected by malware from social sites, we were pleased to see that the majority of companies already have formal governance and education programs in place," Correll said. "These types of policies combined with up-to-date network security solutions are required to minimize risk and ultimately prevent loss."
Even with the additions of security software apps and formal training and governance policies, most SMBs (62 percent) still ban employees from using social networking sites like Facebook or Twitter while on the job.
Another 25 percent said they actively block popular social media sites for employees -- typically by using either a gateway security appliance or cloud-based security software service-- which limits both security risks and the employees' ability to harness social nets for business purposes.
For those SMBs that are willing to live with the risks to drive sales and marketing campaigns, Facebook was by far the most popular social network used (69 percent) followed by Twitter (44 percent), YouTube (32 percent) and LinkedIn (23 percent).
Larry Barrett is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.
Apple tries to prevent remote attackMarketing Strategies: Email vs. Social Network Sites
