The five identified risks are: viruses/malware; brand hijacking; lack of control over content; unrealistic customer expectations of 'internet-speed' service; and non-compliance with record management regulations.
According to Robert Stroud, an international vice president of ISACA, which now has approaching 90 000 members worldwide, history has shown that organisations have tried to control risk by denying access to cyberspace.
This strategy, he explained, won't work with social media, meaning that companies should embrace the technology, rather than blocking it. "But they also need to empower their employees with knowledge to implement sound social media governance", ISACA's Stroud explained.
The paper shows that, since tools like Facebook and Twitter do not require new hardware or software from the IT department, they can be introduced by a business unit, marketing team or individual employees, by-passing the normal safeguards and risk assessment provided by IT, human resources and legal departments.
This issue, the study notes, is reflected in IT department attitudes as 62% of respondents to the 2010 ISACA IT Risk/Reward Barometer rated the risk posed by employees visiting social networking sites or checking personal e-mail to be medium or high.
Furthermore, says the report, although social media provides a new entry point for technology risks such as malware and viruses, these risks are increased primarily due to lack of employee understanding of `risky behaviour.'
As a result, the white paper notes that any strategy to address the potential risks of social media usage should first focus on user behaviour.
John Pironti, an ISACA certification committee member, said that the greatest risks posed by social media are all tied to violation of trust.
"Social media is built on the assumption of a network of trusted friends and colleagues, which is exploited by social engineering at great cost to companies and everyday users. That is why ongoing education is critical", Pironti explained.