Social-media malware hurting small businesses

Malware stemming from social networks like Facebook and Twitter infected 33 percent of small firms recently surveyed by Panda Security, causing financial losses.

Lance Whitney Contributing Writer

Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.

See full bio

Lance Whitney

Sept. 15, 2010 10:34 a.m. PT

2 min read

A third of small and medium businesses surveyed by Panda Security have been hit by malware from social networks, according to a study released on Wednesday.

Panda's "Social Media Risk Index for Small to Medium Sized Businesses" (PDF) also found that 35 percent of the companies hurt by social-media malware suffered financial losses, with more than a third losing in excess of $5,000. Further, a quarter of the businesses said they lost sensitive data due to employees who violated company policy by revealing certain information via a social network.

The report was based on surveys Panda conducted in July of 315 small and medium businesses (SMBs) with up to 1,000 employees.

Among social networks, Facebook took the dubious honor of being the top spot for malware infections (71 percent) and privacy violations (73 percent). Next on the list was YouTube followed by Twitter. Those businesses that took financial losses from malware attacks also tagged Facebook as the most problematic site, followed by Twitter, YouTube, and finally LinkedIn.

Despite the threat of social malware, many companies still see social networks as a huge benefit to business. Among those surveyed, 78 percent said they use Facebook, Twitter, and other sites to conduct research, improve customer service, push marketing and PR initiatives, and ultimately boost sales. In these areas, Facebook again proved the most popular--69 percent of the SMBs said they have active Facebook accounts. Twitter was the next most popular social-media tool, followed by YouTube and finally LinkedIn.

To address the malware and privacy risks from social networks, 57 percent of those surveyed have social media policies in place. And most said they use staff to actively enforce those policies. Further, 64 percent have formal training classes to teach employees the risks and rewards of social networks. Most don't allow social media on the job to be used for personal reasons, while 25 percent reported that they block Facebook and other popular sites.

"Social media is now ubiquitous among SMBs because of its many obvious business benefits, yet these tools don't come without serious risks," Sean-Paul Correll, threat researcher at Panda Security, said in a statement. "While a relatively high number of SMBs have been infected by malware from social sites, we were pleased to see that the majority of companies already have formal governance and education programs in place."