Last week's hacker attack on the popular microblogging site Twitter underscores a major risk that companies face in using third-party-run social media sites in their marketing and outreach efforts.

Last Tuesday morning, many Twitter users were hit by a worm—a type of self-replicating virus—that was triggered simply by a user “mousing” over a link in a Twitter posting, or Tweet. Affected users were redirected to porn and other third-party sites, and they also spread the virus to accounts of their followers—those linked to them on Twitter. The problem spread quickly, but was fixed by Twitter Tuesday afternoon. Users of third-party Twitter applications were not affected.

More and more companies are setting up accounts on social media sites such as Twitter and Facebook in an effort to connect with customers and increase their public profile, among other reasons. Experts say many risks that firms face from having a presence on social media sites are inherent in using a third-party provider, whose security and crisis management they cannot control.

But vigilance can mitigate the impact of incidents, they say.

Jeffrey D. Neuburger, a partner with law firm Proskauer Rose L.L.P. in New York, said he had not seen any reports of actual damage as a result of last week's Twitter incident, which was “more along the lines of a nuisance.” But, he said, “when companies use services like Twitter, they are exposed” to vulnerabilities and “there are always people out there looking to exploit them.” The next time, he said, there may be more damage.

Alan E. Brill, Secaucus, N.J.-based managing director for Kroll Ontrack Inc., a Kroll Inc. unit, said: “Companies that are jumping on the bandwagon to exploit social media have to understand that, unlike doing things in their own environment, in large part they're depending on the environment of the social media site for things like security and reliability, and...you're in essence subject to problems that your organization had nothing to do with.”

When there are problems involving third-party sites, “there are significant problems with system downtime” as well as with the resources needed to clean systems of problems that malware or viruses can cause, said Alexander Nemiroff, a partner with law firm Jackson Lewis L.L.P. in Philadelphia.

Robert J. Scott, managing partner with law firm Scott & Scott L.L.P. in Dallas, said one major risk is reputational damage arising from someone hacking into a company's social media account and using the contact information in that account to send messages purportedly from the company.

When problems arise, it is important for companies to learn of them as quickly as possible.

Mr. Brill said he tells firms that use social media to ensure “you have some of your own people getting whatever you're sending, so you have a way to quickly close the loop if something has gone wrong.”

Philip C. Gordon, a shareholder with law firm Littler Mendelson P.C. in Denver, said companies using social media providers should consider working with the provider “to identify a contact person in the event there's a problem, and get some kind of understanding of how a security intrusion and the social media host could have an impact on the business.”

However, he warned, when a company signs up to use a social media website, “it most likely is going to agree to the terms of service and whatever limitations on liability are in there,” and those remedies “tend to not be particularly favorable to the customer.”

“We generally recommend that companies have breach response plans in place in advance of a situation,” said Mr. Neuberger.

This involves establishing a task force with representatives from various disciplines within the company, including information technology, communications and legal help, to respond to the situation, he said.

Companies also should be “sure their own systems are up to date, that they've installed all the vendor patches,” firewalls and security measures needed to mitigate and reduce the impact of an incident, he said.

While risks can be minimized, they cannot be eliminated, said Michael R. Overly, a partner with law firm Foley & Lardner L.L.P. in Los Angeles. “Unfortunately, a lot of social media is the wild, wild West, so you have to take it for what it is,” he said.