Towards a Conceptualization of Corporate Risks in Online Social Networks: A Literature Based Overview of Risks

Online social networks provide a range of business opportunities. However, there are various threats and risks that are sparsely considered in research so far. Such possible risks are the loss of reputation and control, industrial espionage, social engineering and malware, for example. Also, many companies are unsure about appropriate activities in online social networks and what key figures might be used to assess their activities economically. The aim of this paper is the identification of technical and managerial risks and the detailed, structured description of each risk. We conducted an extensive literature review to find possible risks in online social networks and social media in general. For risk characterization we evolved a conceptual risk model that outlines all relevant concepts and properties (e.g., risk sources, consequences and risk factors). Thus, a risk catalog for corporate risks in online social networks is presented. The risk catalog describes each risk in detail and consists of four main risk categories: Loss of control, loss of reputation, information leakage and managerial risks. This paper presents one of the first approaches for the systematical identification and description of corporate risks in online social networks.

[1]  Frank Stajano,et al.  Eight friends are enough: social graph approximation via public listings , 2009, SNS '09.

[2]  Jollean K. Sinclaire,et al.  Adoption of social networking sites: an exploratory adaptive structuration perspective for global organizations , 2011, Inf. Technol. Manag..

[3]  Ulrich Frank,et al.  Conceptual Modelling as the Core of the Information Systems Discipline - Perspectives and Epistemological Challenges , 1999 .

[4]  A. Hasib Threats of Online Social Networks , 2009 .

[5]  Haroon Malik,et al.  Towards Identifying the Challenges Associated with Emerging Large Scale Social Networks , 2011, ANT/MobiWIS.

[6]  Erdong Chen,et al.  Facebook immune system , 2011, SNS '11.

[7]  Edgar R. Weippl,et al.  Social Networking Sites Security: Quo Vadis , 2010, 2010 IEEE Second International Conference on Social Computing.

[8]  Peter Buxmann,et al.  Internet social networking - Distinguishing the phenomenon from its manifestations in web sites , 2009 .

[9]  Hervé Pingaud,et al.  Conceptual Model of Risk: Towards a Risk Modelling Language , 2007, WISE Workshops.

[10]  Jens Grossklags,et al.  Third-party apps on Facebook: privacy and the illusion of control , 2011, CHIMIT '11.

[11]  P. Berthon,et al.  Marketing meets Web 2.0, social media, and creative consumers: Implications for international marketing strategy , 2012 .

[12]  Susan P. Williams,et al.  Managing Information Risks and Protecting Information Assets in a Web 2.0 Era , 2010, Bled eConference.

[13]  Calton Pu,et al.  Reverse Social Engineering Attacks in Online Social Networks , 2011, DIMVA.

[14]  George Danezis,et al.  Prying Data out of a Social Network , 2009, 2009 International Conference on Advances in Social Network Analysis and Mining.

[15]  Björn Niehaves,et al.  Reconstructing the giant: On the importance of rigour in documenting the literature search process , 2009, ECIS.

[16]  David J. Faulds,et al.  Social media: The new hybrid element of the promotion mix , 2009 .

[17]  Steven M. Bellovin,et al.  The Failure of Online Social Network Privacy Settings , 2011 .

[18]  Sharon L. Milgram,et al.  The Small World Problem , 1967 .

[19]  Nipul Patel,et al.  SOCIAL MEDIA SECURITY POLICIES: GUIDELINES FOR ORGANIZATIONS , 2010 .

[20]  Marc Langheinrich,et al.  Social networking and the risk to companies and institutions , 2010, Inf. Secur. Tech. Rep..

[21]  Alan R. Hevner,et al.  Design Research in Information Systems , 2010 .

[22]  Leyla Bilge,et al.  All your contacts are belong to us: automated identity theft attacks on social networks , 2009, WWW '09.

[23]  Sherrie Penland,et al.  Terms Of Service , 2014 .

[24]  Martin Bichler,et al.  Design science in information systems research , 2006, Wirtschaftsinf..

[25]  Thomas M. Tripp,et al.  When Unhappy Customers Strike Back on the Internet , 2011 .

[26]  Jonathan Grudin,et al.  When social networks cross boundaries: a case study of workplace use of facebook and linkedin , 2009, GROUP.

[27]  Donald R. Chand The Design and Three-Year Review of an MS Program in Information Technology for Preparing Systems Integrators , 2004, Commun. Assoc. Inf. Syst..

[28]  Vern Paxson,et al.  @spam: the underground on 140 characters or less , 2010, CCS '10.

[29]  Shyhtsun Felix Wu,et al.  Social Manipulation of Online Recommender Systems , 2010, SocInfo.

[30]  Stewart Kowalski,et al.  Towards Automating Social Engineering Using Social Networking Sites , 2009, 2009 International Conference on Computational Science and Engineering.

[31]  Petter Bae Brandtzæg,et al.  Why People Use Social Networking Sites , 2009, HCI.

[32]  Stefan Strecker,et al.  RiskM: A multi-perspective modeling method for IT risk assessment , 2011, Inf. Syst. Frontiers.

[33]  Koji Nakao,et al.  Online social network platforms: toward a model-backed security evaluation , 2012, PSOSM '12.

[34]  Mary J. Culnan,et al.  How Large U.S. Companies Can Use Twitter and Other Social Media to Gain Business Value , 2010, MIS Q. Executive.

[35]  David Beer,et al.  Social network(ing) sites...revisiting the story so far: A response to danah boyd & Nicole Ellison , 2008, J. Comput. Mediat. Commun..

[36]  Pauline Anthonysamy,et al.  Collaborative privacy management for third-party applications in online social networks , 2012, PSOSM '12.

[37]  Markus Jakobsson,et al.  Social phishing , 2007, CACM.

[38]  Aristides Gionis,et al.  Social Network Analysis and Mining for Business Applications , 2011, TIST.

[39]  Judith Donath,et al.  Signals in Social Supernets , 2007, J. Comput. Mediat. Commun..

[40]  D. Schwartz Users of the world unite , 2000 .

[41]  Werner Esswein,et al.  Corporate Risks in Social Networks - Towards a Risk Management Framework , 2012, AMCIS.

[42]  A. Kaplan,et al.  Users of the world, unite! The challenges and opportunities of Social Media , 2010 .

[43]  Alessandro Acquisti,et al.  Information revelation and privacy in online social networks , 2005, WPES '05.

[44]  Mary Beth Pinto,et al.  Facebook as a complaint mechanism : An investigation of millennials , 2015 .

[45]  Pekka Aula Social media, reputation risk and ambient publicity management , 2010 .

[46]  S. Chatterjee,et al.  Design Science Research in Information Systems , 2010 .

[47]  Steven L. Alter,et al.  Information Systems Risks and Risk Factors: Are They Mostly About Information Systems? , 2004, Commun. Assoc. Inf. Syst..

[48]  Meri Kuikka,et al.  Determining the challenges of organizational social media adoption and use , 2011, ECIS.

[49]  Florian Probst,et al.  Online social networks: A survey of a global phenomenon , 2012 .

[50]  S. Fournier,et al.  The Uninvited Brand , 2010 .

[51]  João Paulo Pesce,et al.  Privacy attacks in social media using photo tagging networks: a case study with Facebook , 2012, PSOSM '12.

[52]  Calton Pu,et al.  Large Online Social Footprints--An Emerging Threat , 2009, 2009 International Conference on Computational Science and Engineering.

[53]  Jordi Casteleyn,et al.  Forum - How to Use Facebook in your Market Research , 2009 .

[54]  Mark S. Granovetter The Strength of Weak Ties , 1973, American Journal of Sociology.

[55]  Karin Väyrynen,et al.  Information Security Challenges of Social Media for Companies , 2012, ECIS.

[56]  Charles H. Noble,et al.  Let them talk! Managing primary and extended online brand communities for success , 2012 .

[57]  Kai Riemer,et al.  Internet Social Networking , 2011, Bus. Inf. Syst. Eng..

[58]  Pieter H. Hartel,et al.  PRIVACY IN ONLINE SOCIAL NETWORKS , 2012, ICIS 2012.

[59]  Danah Boyd,et al.  Social Network Sites: Definition, History, and Scholarship , 2007, J. Comput. Mediat. Commun..

[60]  Scott A. Golder,et al.  Security Issues and Recommendations for Online Social Networks. , 2007 .