Increasingly social networks are used both in the personal and professional levels, being companies and employees also exposed to the risks posed by them. In this sense, it is relevant to analyze employees' perception of the risks and vulnerabilities posed by the use of social networks in corporate environments. For this purpose, a questionnaire was developed and distributed to 372 employees of small and medium-sized companies that allowed the characterization and analysis of those risks. The results indicate that the security risks are perceived moderately by employees, emphasizing the risk of defamation and cyberbullying as being the most pertinent. On the other hand, the findings indicate that older employees, the existence of lower academic qualifications, and those working in medium-sized companies are more aware of these risks.
TopIntroduction
Social networks are part of everyday users' Internet browsing. Most of them use more than one social network and many of them participate actively in the activities of their group of friends in a social network. However, the use of these social networks leaves users exposed to a set of computer threats, which may harm the published information, the integrity of their personal data and behavior (e.g., postal address, daily routines, consumption habits, bank cards, etc.). In this sense, and with the growing tendency of virtual attacks to use social networks as a means of propagation, it is crucial for users to be protected and use their social networks safely.
For organizations, the safe use of social networks by their employees is a huge challenge. Most companies are only prepared to deal with phishing, malicious links and malware sent by email, but they do not systematically monitor social networking activities (Gangwar & Date, 2015). Social networks like Twitter, Facebook, Myspace or LinkedIn are a source for potential attackers to collect valuable business data or infiltrate in the company’s network.
Some organizations, to avoid this issue, have banned and blocked the use of social networks inside the company. Control social media usage in the workplace has emerged as a priority for many executives that see social networks as a reason for the decrease of productivity. However, this practice does not solve the problem, because employees can use their own devices to access social networks inside the organization. Additionally, prohibiting the full use of social networks is to ignore the potentialities that a social network can offer to the company, namely greater ease of communication between employees, establishing contact with customers, and improvement of work processes and knowledge transfer.
Needs of the Study
Considering the various approaches adopted by companies that many times are merely reactive to a security incident, emerge the need to have an established social media policy that could mitigate the risks of using social media networks by employees at their workplaces (Forbes, 2017). Additionally, this need is even greater for Small and Medium-sized Enterprises (SMEs) which according to the Allianz Risk Barometer 2018 are not prepared to respond to social media risks incidents that could potentially damage their technological infrastructure, which is vital for their daily operations (Allianz, 2018). The impact of these risks in the daily activities of SMEs is high and may affect not only their operations, but their branding and marketing strategies (Baporikar & Deshpande, 2017).
Objectives of the Study
This study aims to characterize and analyze the main security risks inherent in the use of social networks in corporate environments, particularly within SMEs. Additionally, this study intends to assess whether the employees' perception of these risks is different according to the employee's age, academic qualifications, number of years working in the company and SME’ dimension. The manuscript is organized as follows: initially, a contextualization of the main studies available in the social security networks is performed. Next, the work methodology is presented and, after that, the main results are presented and discussed. Finally, the main conclusions are drawn.