The growing use of social media at work, seen as important for business productivity, has led to an increase in malware attacks, a new global survey has found.

And though companies recognise the threat of social media in the workplace, they are not adopting enough protection to guard against potential attacks.

Of the more than 4,000 respondents polled in 12 countries and territories, 63 per cent said that social media at work represents a serious security risk, but only 29 per cent report having the necessary security controls in place to mitigate the risk.

More than 50 per cent of respondents also report a rise in malware due to social-media use in the workplace, according to the Global Survey on Social Media Risks released yesterday.

Conducted by the Ponemon Institute and sponsored by content-security provider Websense around the middle of the year, the study surveyed 4,640 IT and IT-security practitioners in Australia, Brazil, Britain, Canada, France, Germany, Hong Kong, India, Italy, Mexico, Singapore and the United States, who have an average of 10 years of experience in the field.

The survey said it is not realistic for companies to block or ignore the phenomenon of social media as it represents business opportunities.

"Social media is the new communication platform being fuelled by the cloud and mobile technologies that employees are bringing to the workplace," said Mr Tom Clare, Websense's senior director of product marketing.

While anti-virus and firewalls are traditional pillars of security defence for companies, they need to find new solutions for dynamic Web content classification, advanced threat blocking and data-theft protection, Mr Clare added.

The dynamic social Web is qualitatively different from the older static Web. It requires an IT security defence that goes beyond signature and fixed-policy Web technologies such as anti- virus and firewalls. This is because while they are necessary defences, they are not sufficient, said the survey.

For example, a new link is posted to a popular social network and it directs users to a site that downloads or leads to data-stealing code via obfuscated JavaScript. Companies need security technology that can analyse the links as they appear as the link path is new and does not have a recognisable signature or known payload.

New technologies like social media, cloud services and mobility require real-time content security, which analyses information on the fly, as and when it is created and consumed.

Said Mr Clare: "Sites like Facebook, Twitter, YouTube, and LinkedIn change too rapidly to rely on traditional background analysis and security- software update cycles."

In addition, companies must have guidelines for employees with regard to the use of social media in the workplace.

In Singapore, for example, many firms (48 per cent) do not have a policy that informs employees about the acceptable use of social media at work. Of those that do have a policy, only 27 per cent of respondents say the policy is enforced.

A total of 58 per cent of respondents from Singapore also said that viruses and malware infections are increasing as a result of social-media use.