The document summarizes the findings of a survey of 1,225 enterprises regarding their use and concerns around social media. Some key findings include:
- 45% of enterprises use social media for personal uses and 42% for business uses like forums and professional networking.
- Top concerns for IT professionals are risks like exposing confidential information, damage to brand reputation, and non-compliance with regulations.
- Most enterprises are discussing implementing social media policies, employee training, and technologies to manage risks but less than half feel protected currently across most social media sites.
3. We wanted to know how IT felt about it…..
• Survey Performed by Applied Research
• 1,225 enterprises worldwide
• Enterprises (1,000+ employees)
• Tactical IT, Strategic IT and C-level
professionals
• Cross-industry
3
4. Are there defined concerns?
• Of Course, as with any communication, some rules apply.
• Regulations and recent court rulings:
– Financial Industry Regulatory Authority (FINRA) 10-06 amendments
– Romano vs. Steelcase Inc. in Sept. 2010
– Equal Employment Opportunity Commission vs. Simply Storage Mgmt. LLC in May
2010
– Bass vs. Miss Porter’s School in October 2009
• And, there’s always the lawyers.
– According to Gartner, “50% of enterprises will need to discover data within social
media….”
5. Even with the risks, are people using it anyway?
• Absolutely. Social media is pervasive within the Enterprise
• IT feels the need to support it. They can’t say no and they can’t ignore it.
• Enterprises discussing a wide range of programs
5
6. How common is social media in the enterprise?
• 45% use for personal uses
– Personal social networking (52%)
– Blogs (48%)
– Multimedia sharing (48%)
• 42% use for business uses
– Forums (49%)
– Professional social networking (46%)
– Blogs (42%)
6
7. What the IT guys worry about…
• Risks
– Employees sharing too much information (46%)
– Loss/exposure of confidential information (41%)
– Embarrassment/damage to brand/reputation (40%)
– Increased exposure to litigation (37%)
– Malware (37%)
– Violating regulatory rules (36%)
• IT concerns
– Compliance with government/commercial data
protection regs (45%)
– Compliance with information retention policies (45%)
– Management of eDiscovery (37%)
7
8. Mistakes Happen
• Typical: 9 social media incidents in past 12 months
• 94% experienced consequences due to incidents:
– Damaged brand/trust (28%)
– Loss of organization, customer or
employee data (27%)
– Lost revenue (25%)
8
9. And when unprepared, can be expensive.
• Cost of social media incidents (past 12 months): $4,292,897
• Biggest costs:
– Reduced stock price – $1,038,401
– Litigation costs – $650,361
– Direct financial cost – $641,993
– Damaged brand/trust – $638,496
– Lost revenue – $619, 360
9
10. Ways to help enable social media and mitigate risk
• Most (80% or more) are discussing:
– Social media policy (87%)
– Employee training (86%)
– Processes to capture confidential/proprietary data (85%)
– Data loss protection (85%)
– Technology to manage data (84%)
– Collect/archive sensitive information (82%)
10
11. Progress so far
• Social Media risk management strategies implemented:
– Social media policy (24%)
– Employee training (22%)
– Processes to capture confidential/proprietary data (21%)
– Data loss protection (21%)
– Technology to manage data (20%)
– Collect/archive sensitive information (18%)
11
12. Work to be done
• Less than half feel at least somewhat protected:
– Professional social networking sites (50%)
– Personal social networking sites (49%)
– Multimedia sharing sites (48%)
– Forums (47%)
– Podcasts (47%)
– Blogs (46%)
– Microblogging (43%)
12
13. Symantec Recommendations
• Leverage Social Media: It has driven some of the greatest go-to-market
innovations of the last 20 years
• Plan for Social Media: Like all corporate communications, define how to use
it
• Understand your regulatory or legal requirements first
• Implement archiving to retain corporate social media activity
• Leverage a data loss prevention solution to prevent disclosure of sensitive
information
• Use an eDiscovery solution to address and regulatory requests