• by Erik Sass , Staff Writer @eriksass1, September 29, 2011

Social media is transitioning from a purely personal leisure activity to part of the workplace, as more and more businesses embrace enterprise social media for a variety of purposes. But that doesn't mean they're doing it safely: major security issues persist, according to a new report from the Ponemon Institute titled "Global Survey on Social Media Risks," based on a survey of 4,640 IT and IT security practitioners worldwide.

As one might expect, IT pros are generally sympathetic to the idea that workers should be able to use social media to communicate in the workplace: 85% said workers should be able to use social media to communicate with co-workers, and 55% said they should be able to communicate with people outside the company. But the security measures to enable this just aren't there yet: a mere 29% feel their companies have taken sufficient measures to ensure social media security -- despite the fact that 65% of companies have suitable social media policies in place. And it's not like the risks are imaginary: 63% said employee use of social media in the workplace presents a serious security risk to their companies.

The biggest threat comes from social media apps carrying malware, with 52% of IT pros saying their companies have seen more malware attacks because of social media use in the workplace. Another prominent concern was employees indiscreetly sharing company information through online posts. They were somewhat less (but still) concerned about other negative impacts, including lost productivity and Internet bandwidth.

The Ponemon findings provide an interesting counterpoint to another recent survey of 1,300 IT pros worldwide by Kaspersky Lab. Kaspersky found that 53% of IT pros said their companies had totally blocked social media, and another 19% said their companies try to restrict social media use in the workplace. 35% identified social networking as the "most dangerous" employee activity in the workplace, citing the risk of malware from social media sites.

Of course, just because companies ban social media in the workplace doesn't mean employees listen. The Cisco 2010 Midyear Security Report, which surveyed employees from around the world, found 50% said they ignored corporate policies which ban social media in the workplace, and over one quarter of the employees surveyed said they had changed the security settings on their work computers so they can carry on their social media activities unhindered.