Companies tapping social media outlets such as Facebook, Twitter and blogs to market their brand may not be prepared for the risks that come with lightning-fast communications, experts warn.

“A fair number of companies are jumping into social media waters unprepared,” said Art Hall, Atlanta-based director of customer relations with Alvarez & Marsal Business Consulting L.L.C. “A lot of companies feel they need to have a presence on Facebook or Twitter and don't really think about what that really means for their business.”

The greatest risks fall into two categories: information technology and reputation, experts warn. Areas of concern range from legal—from defamation and libel to copyright risks—to workplace productivity—when employees spend too much time on the job using social networking sites (see box, page 13).

John Bronti, Boston-based president of IP Architects L.L.C., a management technology consulting firm, and an adviser for the Rolling Meadows, Ill.-based Information Systems Audit & Control Assn., said social media are fast becoming a necessary business tool, and that companies are slowly becoming aware of the risks.

“I don't think we're in a situation where people put their head in the sand, but (social media risk management) is not being embraced...as it should,” Mr. Bronti said.

Lawrence Racioppo, Stanford, Conn.-based executive liability practice leader with Towers Watson & Co., said one major pitfall is putting social media risk management solely in the hands of one employee and not engaging an entire organization.

“Companies need to start at the top and recognize the potential exposures,” Mr. Racioppo said. “There needs to be an organizational commitment, from the CEO down. It's too big of an issue.”

People use social media sites to meet, interact and share information. People use Twitter to post messages up to 140 characters long. The sites also allow users to create detailed profiles, which experts say pose a major risk.

Justin Searle, a Salt Lake City-based security analyst with Washington-based consultant InGuardians Inc., conducts “penetration tests” for clients that want to gauge their network security. He said he's been able to break into company databases—gaining access to Social Security numbers, credit card information and more—from a remote site just by using public information posted on social media websites.

In one instance, he said he used a search engine on a social networking site to locate employees of a specific company and obtain personal information that his company, as part of a test, used to reset passwords and gain access to company information from an external link.

“We dug through profiles and were able to gather enough information to go on a company's website and gain access,” Mr. Searle said. “The information is buried, but it's there.”

Similarly, security management firm Facetime Communications Inc. used Facebook to gather names of some 13,000 Department of Homeland Security personnel and their personal information.

“Employees of any company can be targeted by anyone from the outside,” said Sarah Carter, chief strategy officer in Belmont, Calif., at Facetime.

“Educating on the risk goes a long way,” Ms. Carter said. “We've been telling people how to be safe with e-mail and now we just have to teach them about social media.”

“If people are aware of the information and the threat, they are likely to change their behavior,” Mr. Searle said.

Companies also can revamp their network security so personal information is not used. “For example, a lot of companies use their last name as a login,” he said. “That could change.”

Among other dangers, social media sites could transmit viruses that could harm systems or gain access, experts warn.

Gradually, companies and organizations have begun to see social media as a marketing tool to advertise products and services and foster brand loyalty.

Good in many ways for business, social media have unrealized drawbacks for some, said Mr. Hall. Companies were “shocked when they established a social media presence and the group started talking back to them,” he said.

“Customers don't call your customer service line anymore when they aren't happy with your product,” said Paul Dunay, co-author of the book “Facebook Marketing for Dummies” and a communications consultant with Basking Ridge, N.J.-based Avaya Inc. “They Tweet about it.”

“Mainstream companies are learning that they can't avoid (social media),” said Robert Stroud, New York-based international vp for the Information Systems Audit & Control Assn. Companies and brands can get roped in whether or not they want to participate, he said.

“Every company has the exposure for a reputation explosion,” Mr. Dunay said. “Companies who ignore social media need a little wake-up call.”

Companies face the threat of bad publicity not only from consumers but from competitors, said Kevin Kalinich, co-national managing director of professional risk solutions of Aon Risk Solutions, a unit of Chicago-based Aon Corp. “People are going to Twitter, they are going to Facebook. If you are not there and you ignore it, you could be letting somebody control your brand.”

Mr. Stroud said a best practice for companies is to regularly search the Web for mention of their brand. Harmful information can be addressed on social media forums.

“Companies that don't monitor what's being said about them may get a surprise one day,” Mr. Stroud added.

Experts recommend that companies set up alerts to be notified when their brands are named online. A response plan also is necessary, said Kelly Dempski, Sophia Antipolis, France-based director of research for Accenture Technology Labs.

A speedy reaction to bad publicity is what helped Domino's Pizza Inc., for example, clear its name after employees posted a video on YouTube of workers performing unsanitary acts on a pizza, said Mr. Dempski. “They had YouTube pull the video off the site,” he said. According to news reports, the employees were fired and subsequently charged with “delivering prohibited food” in the 2009 incident.

Domino's, meanwhile, issued public statements on the matter.

“Having a plan in place to deal with something like this is key,” said Mr. Dempski. “You have to be able to react very quickly.”

Mr. Kalinich said social media have made virtually any person or company a potential publisher.

“Not everybody wants to be in publishing (because of the risk), but that's where we are,” Mr. Kalinich said. This is where issues such as libel, plagiarism and defamation come into play, he said.