A third of firms have suffered from malware or a virus infection as a result of staff using social media websites, says Panda Security.

The security firm's first Social Media Risk Index survey revealed most firms have a fairly tolerant attitude to social media, with Facebook use allowed in 69.3 percent of companies. Furthermore, more than two in five (44.4 percent) let staff use Twitter, while 32 percent said it was acceptable to access YouTube from the office. More than one in five firms (22.9 percent) also said they allow employees to access LinkedIn.

Only a quarter of firms actively blocked social media sites, mostly using gateway filtering, which probably has something to do with the fact that sites are now widely used for research, customer service, PR and marketing and sales, as well as by staff for purely social purposes.

The downside is that 38.2 percent reported productivity loss as a result of employees using social networks, whille a third said they had suffered from malware infection. Just under a quarter (23 percent) claimed social network use had led to privacy violations, while 18.6 percent reckoned social media affected network resources.

The main offender cited in terms of privacy issues was Facebook, which was named by nearly three-quarters (73.2 percent) of firms. Twitter came next with 50.7 percent, closely followed by YouTube on 29.6 percent and LinkedIn on 16.9 percent. In terms of malware infection, Facebook was again the main offender cited by 71.6 of respondents.

"While a relatively high number of SMBs have been infected by malware from social sites, we were pleased to see that the majority of companies already have formal governance and education programs in place. These types of policies combined with up to date network security solutions are required to minimise risk and ultimately prevent loss," said Panda Security researcher, Sean-Paul Correll, threat researcher at Panda Security.

In Panda's view, controlling social media is the next security frontier, where companies will need to allow some access to sites but while at the same time disallowing certain activities such as file downloading. Current generations of security products don't usually offer such 'granularity'.

The survey does not explain is how the firms were able to accurately relate security issues to social media so precisely. There does, however, appear to be a trend towards controlling social media using defined staff policies as well as security systems.

See also: Firms allowing Facebook access face productivity drop