Back in late December 2011, I chatted with SocialVolt CEO Scott Oppliger about managing social media risks within the enterprise. Since then, I've seen social media risks crop up in print and online at least several times a week, if not daily.

For example, here's an IT-focused article that warns that many IT security managers often neglect several lesser-known (and potentially damaging) social media risks -- including mobile devices (the subject of another recent risk chat).

The biggest social media risk? "[M]any corporate executives don't really know what is going on across their networks, and don't have any visibility into the traffic patterns and potential exploits," writes Rene Bonvanie.

Fresh survey data from Protiviti also suggests that senior executives would benefit by increasing their knowledge of IT security -- specifically, by more effectively distinguishing between sensitive information and other data (no easy task now that most companies possess almost infinite volumes of data.)

"Organizations have made significant strides over the past decade integrating enterprise applications and collecting terabytes of valuable customer, supplier and employee data," reports Kurt Underwood, managing director and global head of IT Consulting, Protiviti. "However, our survey shows that many companies are holding onto more data than is prudent and for longer time frames than necessary, which poses significant data security and privacy risks. There are opportunities for executives to significantly reduce legal exposures, while driving sensitive data management improvements and cost savings."

Key findings from the survey (of 100 IT executives and professional) include:

  • 23% of respondents said their senior management appears to have "limited or no understanding" of the difference between sensitive information and other data;
  • 26% of respondents believe their senior management has an "excellent" understanding of these differences; and
  • 69 percent of companies in the study report having a clear data classification policy to categorize information (sensitive, confidential, public, etc.), but just 50% have a specific plan in place to perform the categorization, suggesting a possible gap in data management.