UK businesses are putting themselves at risk of security breaches and reputational damage due to a lack of adequate policies regarding social media use, according to a new report.
The study, by business consulting and internal audit firm Protiviti, found the majority of UK workers have not been provided with clear guidance on using social media sites. Almost 39% said there is no policy in place at all and another 24% are simply unaware if there is a policy or not.
Over half (51%) of respondents claim to use social media sites such as Facebook, Twitter and LinkedIn while at work. Almost one-third use them on a daily basis and just over 5% say they use them several times an hour.
Jonathan Wyatt, managing director, Protiviti UK, said a generation gap could be causing issues, as the survey found that the most active users of social networks are in the 18 to 24 years old group.
"Many senior managers assume that their less experienced colleagues would not post inappropriate comments online and that they would think about the risks involved, but time and time again they are proven wrong," he said.
"The global social media landscape has changed so dramatically and so quickly that many companies are struggling to keep up. We’re seeing a growing number of cases where firms have vague or out-of-date social media policies that are unenforceable if inappropriate activity takes place. It’s extremely worrying that only a quarter of workers have been provided with any real guidance regarding the use of social media sites," Wyatt continued.
Wyatt urged companies to update their social media policies to reflect the changing workplace and tailor them to the specific requirements of social networks.
"We recommend that companies have very clear policies targeted at issues specific to social networking," he said. "For instance, they should consider providing guidelines regarding the sharing on Facebook of photographs from corporate events and measures to mitigate potential accusations of favouritism resulting from a senior manager ‘linking’ to one employee but not to another."
"Likewise, guidance should be provided as to when a blog might be perceived to be a corporate forum. Such guidance should take into account the fact that personal blogs can also possibly damage the company’s brand," he concluded.
