By Joanne Rogers of CS Risk Management 2012
Love it or hate it, social networking has firmly embedded itself into the fabric of our world. The likes of Facebook, Twitter and LinkedIn can be powerful business tools, especially for marketing, communication and recruitment purposes.
But there is also the less appealing nature of the beast. Provide employees with access to the internet and most will check their online profiles at least once during the day and the resulting downtime can quickly accumulate. But, to a business, a far greater threat than the lack of productivity is the security of what is shared online through these networks.
To Like or not to Like: The Benefits & Risks
• Social networking can be used for marketing, expanding commercial reach and advertising, with the only tangible cost being the time needed to maintain the account;
• Used appropriately, social networking sites can be used to communicate easily with existing business contacts and connect with new ones;
• A regularly updated online presence can have a positive effect on reputation, reinforcing the brand image and demonstrating awareness of current trends;
• There are no geographical restrictions providing potential to reach new areas with little or no expense;
• Can be used to motivate, by building and maintaining relationships between leadership and employees; and
• Build company culture and communicate policy changes and announcements.
• Social networking sites themselves are not generally a concern, it is the behaviour of the users that presents a risk;
• When considering the possibility of leakage of confidential information or intellectual property, exposure through word of mouth can be hard enough to control but words can be forgotten. An individual making a comment on the internet to an audience of thousands greatly increases this threat and posts can be found through a search engine indefinitely;
• Viruses and worms are often incorporated into fake profiles, e-mails or postings from Friends. Careless use could lead to inadvertent downloading of malware, spyware, adware or ransomware, or even the hijacking of the account; and
• There is a threat of exposure to offensive web content via links contained in e-mails, posts and tweets.
After reviewing these risks and benefits, there are several options available to businesses when considering the use of social networks.
• Allow unrestricted access to social networking sites: providing employees with unrestricted access could boost morale, however there is the potential for this access to be exploited;
• Allow restricted access to specific sites and/or at specific times: allowing employees access to certain sites, perhaps those designed for business networking, or allowing access to personal sites only outside of business hours or during lunch;
• Allow access to social networking sites only to those authorised to use a business profile: for example marketing teams who update the site with business related information;
• Block access to all non-business related sites for all employees: only allow access to sanctioned business related programs; and
• Block internet access to all: this is an unlikely option since many companies now use internet based programs for day to day operations.
For those businesses that decide to use or allow access to social networking sites, it is crucial to implement and maintain a social networking policy. The policy will provide employees with guidance so that they are accountable for their actions. While specific components of the policy will vary dependant on the nature of the organisation and how they use social networking, there are several elements that should form the basis for any social media plan.
It is important to establish a level of control that provides protection whilst allowing the informality that is the foundation of social networking. Business data should be classified so that employees are fully aware of what sensitive information is and what can and can’t be mentioned on profiles or in posts. Also determine who is authorised to access corporate content and modify accounts on behalf of the company.
Educating employees on the acceptable use of social media is essential to reducing the risks. Each employee represents the company and a thoughtless tweet about a product launch or personnel change has the potential to damage reputations.
Once a policy has been approved, it is important to monitor the activity relating to the business. Check the networks for the company or product name; find out what is being said. If customers are losing faith in the company, take the opportunity for promotion by addressing concerns. Failure to monitor on a regular basis could lead to loss of sales and damage to reputation.
If a business faces a crisis, for example loss of systems or product faults, an incident response plan should include measures for addressing issues via social media. Recalling products and providing updates on service availability can provide customers with assurance that the issue is being dealt with. If handled swiftly and correctly this action could limit the impact on reputation.
Social networking has evolved so rapidly that many companies struggle to keep up with the changes and subsequent implications. The growth shows no signs of slowing, so it is important to remain vigilant to the threats. Education is essential across all levels of the business to ensure that the advantages of using social media are not negated by the risks.