Malware, brand damage and loss of productivity are just a few of the consequences of social media use in the workplace CIOs need to be aware of, according to the Information Systems Audit and Control Association (ISACA).

The governance body released the white paper 'Social Media: Business benefits with security governance and assurance perspectives' this week.

International vice president Robert Stroud urges companies to embrace social media while simultaneously encouraging employees to make themselves aware of the risks.

Read about the five principals of business driven social media from the Corporate Executive Board, CIO UK exclusive

"Historically, organisations tried to control risk by denying access to cyberspace, but that won't work with social media," Stroud said.

"Companies should embrace it, not block it. But they also need to empower their employees with knowledge to implement sound social media governance."

In a study earlier this year, ISACA said 62 per cent of IT department employees rated the risk of staff using personal email and social networking sites as being medium or high. ISACA certification committee member John Pironti believes greater education could relive these concerns.

"The greatest risks posed by social media are all tied to violation of trust," Pironti said.

"Social media is built on the assumption of a network of trusted friends and colleagues, which is exploited by social engineering at great cost to companies and everyday users. That is why ongoing education is critical."

ISACA cited viruses and malware, brand hijacking, lack of control over content, unrealistic customer expectations of 'internet-speed' service and non-compliance with records management regulations as the top five risks CIOs need to make themselves aware of.

Forrester Analysis on the CIO's role in a social media policy for your organisation