Social Media Risk Management

As the world becomes more instrumented, interconnected and intelligent and the population continues to embrace social computing, today’s enterprises face the dawn of a new era – the era of the Social Business. Just as the Internet changed the marketplace forever, the integration of social computing into enterprise design represents another enormous shift in the landscape. Organizations that successfully transform into a Social Business can potentially reap great benefits – among them the ability to deepen customer relationships, drive operational efficiencies and optimize the workforce.

According to a recent Gartner prediction report: “By 2014, 90% of organizations will support corporate applications on personal devices. Support for corporate applications on employee-owned smartphones is impacting an increasing number of organizations and will become commonplace in four years. The main driver for adoption of mobile devices will be employees who prefer to use private consumer smartphones or notebooks for business, rather than using old-style limited enterprise devices. Enterprises will no longer be able to standardize on one or a few corporate mobile device platforms, but instead will have to support a variety of mobile platforms for which they will have to choose an approach that enables selected corporate applications while enforcing IT policies through management tools and capabilities. Organizations that do not support personal devices and fail to set and enforce policies will experience an increased number of security exposures and incidents.”

These tools are asking our workers to change the way in which they work, and the transparency with which they do that work. It is shifting business and leadership culture in ways enterprises have not seen in the past. It’s new. It’s scary. And it’s hard. And the part that’s hard is NOT the technology. The part that’s hard is the culture, the behaviors, the new skills we want workers to have innately.

Businesses are feeling the impact from employee social networking communication. Newly emerging issues surrounding social network communication, such as loss of intellectual property, compliance violations, and HR lawsuits, as well as productivity of the workforce all threaten the health of the business causing loss of revenue, reputation and potentially, customers. Corporations today are spending billions of dollars to mitigate such risks from email, instant messaging and other established methods of communication.

In a recent market research social networking related exposure incidents for US companies have increased to seventeen percent in 2009 from twelve percent in 2008, and is expected to continue to grow. In a separate market research, twenty four percent of the companies indicated that they have disciplined an employee for his or her activities on Facebook, Twitter or LinkedIn. Guidelines and policy alone are not sufficient in eliminating the risks.

With proper planning it may be possible to take advantage of the new media’s strengths and mitigate the risks that your company will end up in the headlines.

For a typical business, key social networking questions are:

  1. How can social networking add value to the business?
  2. What resources are needed to mount an effective social networking effort?
  3. Are there any regulatory restrictions surrounding its use?
  4. How can we mitigate the risks of social networking?

Companies need to engage in thoughtful analysis and discussion of those issues before they make their social networking decisions.

Well-publicized risks
Understandably, some companies have avoided social media because of its risks. The reality is, regardless of whether companies are active social networking participants or if they have formal, written policies and procedures, their employees are probably “friending” and “tweeting” from their work computers. And so, during working hours, are their competitors and customers.

Bad things can happen. Some obvious social networking risks include:

  • Reduced productivity as employees periodically check their social networking
    page during the day
  • Lower morale as workers tire of seeing their coworkers waste time with no negative repercussions from managers
  • Mistakenly leaked confidential information by unthinking employees
  • Damage to the organization’s brand through the bad social networking acts of
    its employees

The risks to both employees and employers are obvious. Regulators in certain industries have also recently come down hard on social networking practices. An April 12, 2011, Reuters story reported that 15 months ago, the Financial Industry Regulatory Authority (FINRA), the largest independent regulator for all securities firms doing business in the United States, released highly restrictive social networking guidelines. Undoubtedly aimed at preventing identity theft and other scams, the article states that the guidelines have frustrated financial advisors and prevented them from engaging in interactive social media practices that are most appealing to brokerage firms seeking to grow client relationships. Although FINRA has “recently reconvened” its social media task force, the article warned advisors shouldn’t expect radical changes to current policies.

Mitigating the risks

Social networking is a force to be reckoned with and seems here to stay – at least for now. But how can its risks be mitigated?
First, social networking security issues must be incorporated into enterprise information security policies – and users must be educated by their employers so it’s clear to them what is and is not acceptable. The IT organization can also make sure Web URL filtering technology is available to enforce the organization’s written social networking policies and procedures and protect the network from viruses and other security issues. This technology should also be made available to users who work remotely or on mobile devices. Additionally, whether or not the organization is an active social media marketer, it must have formal, written social networking policies, covering not only behavior during working hours – but activities outside the scope of their employees’ jobs. A disclaimer notice for personal websites Restrictions regarding content Discussion of what is and is not considered confidential information Discussion of what types of work-related discussions are and are not appropriate

It’s not too late to jump safely on board.  Whether social networking makes sense as a marketing strategy or not, companies cannot afford to simply ignore it. The stakes for the organization are too high.
At a minimum, employees must be informed about their social media boundaries through formal, written social networking policies and procedures, and the proper technology should be in place to protect the organization’s valuable network infrastructure.

Who knows, after careful evaluation and some preparation, management executives may even change their minds about social networking from “it’s just a passing fad” to “I said it was a good idea all along.”

Further Reading:

Recommendations for Organizations (

  • Expecting individuals to use “common sense” and “good judgment,” or to “not do anything stupid” is naive and potentially dangerous. That doesn’t mean it’s necessary to be draconian or overly bureaucratic, but there’s no good reason not to acquire a reasonable level of insurance that fairly balances the needs and perspectives of multiple stakeholders.
  • Policies and contracts should be reviewed and updated to address Digital Era risks. If necessary, new policies and contracts should be written.
  • Organizations that are actively engaged in social media should develop posting guidelines for both employees and other participants.
  • Consequences for rule violations of all types should be reasonable, clear, fair, and enforceable. Punishments should fit the crimes.
  • Develop “crisis management” plans for handling the inevitable problems that will arise.
    • Respond swiftly but don’t overreact.
    • Verify, verify, verify.
  • Educate employees and other brand agents/representatives about the rules and your expectations. Remind them about the rules regularly, through various channels and in various ways.
  • Lather, rinse, repeat. Plan to revisit certain policies and contracts at least once a quarter, to ensure they’re current. Update training and communication to reflect any changes you make.

Some Employee Examples of Social Media Risks

Here are examples of individuals who were fired or disciplined by their employers (or perhaps should have been) for inappropriate Facebook and Twitter activity:



Organizations at Risk from Social Media

Although organizations are justifiably concerned about the negative impact that individual actions can have on their brands and reputations, they can sometimes go too far in trying to minimize their risks and engage in damage control. Here are several stories that demonstrate how overreacting and acting impulsively in the face of a perceived issue can cause greater harm than the precipitating event itself:

Need Help Mitigating The Risks From Social Media? Get In touch today!

You may also like

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.