Corporate Social Media Security: Risks and Opportunities
This article was updated on July 16, 2018.
The importance of an effective social media presence is a given in many organizations, but social media security can be overlooked in the haste to promote, disseminate and compete. On private and business-affiliated social media accounts, employees can damage an organization's reputation by posting inappropriately, violating compliance or copyright laws, leaking intellectual property or even defaming their clients or colleagues. Whether those faux pas are committed maliciously or accidentally, they would surely become your organization's problem. Thankfully, there are several security steps that can mitigate the risk of a social media scandal.
Set a Place at the Policy Table
Due to the significant havoc social media can wreak, social media security deserves a place at your organization's policy table.
Enterprises lacking a clear approach can begin by using its existing email policy as a template. Email may have predated the social media era, but it has many of the same characteristics; it's also still an active channel for marketing, employee-employee, employee-supplier and employee-customer communications. Build from your email blueprint to include rules for Facebook, LinkedIn, Twitter and the rest. Walk employees through your social media policies during significant events, such as onboarding, employee reviews and exit interviews. Also, create content for intranet postings, such as FAQs or case studies highlighting social media security risk areas, so employees always have access to the information.
Programs to Mitigate Social Media Risk
Depending on the type of business, different programs can help to reduce risk. Consider:
- Written Policy: The employee manual likely already contains guidelines for protecting intellectual property, along with email, guidelines for the use of social media should also be included. In addition to blanket prohibitions, identify key risk areas and present these as examples in the employee manuals.
- Monitoring Social Media Feeds: You should identify one or more individuals whose responsibility it is to monitor commentary about the organization on social media. Often this can be combined with other marketing responsibilities. Monitoring employees' personal feeds, however, or requesting their passwords should be avoided or handled with extreme care — it could land you in legal hot water.
- Organization Communications: Organizations should recognize that, along with guidelines regarding personal social media, there are potential risks and responsibilities associated with the use of company accounts as well. For example, a stalker might use geotagging to pinpoint the location of an employee, or public posts might become part of antitrust, custody or divorce litigation.
- Governance: Every social media account will have a governance and information technology "tail." For example, if records are subpoenaed, the organization has a responsibility to preserve evidence. You should ensure that managers are aware that social media is increasingly part of legal e-discovery, as noted by THE Journal. The risk, as well as mitigation measures, will vary depending upon the business.
Dotted Line Between Corporate and Private Discourse
Most employees, including executives, should be strongly advised to separate their official organization messages from their private conversations. Appropriate communications is an extensive gray area these days. People use social media to communicate about their work, brand preferences, product experiences, entertainment, health, competition and anxieties. Even if "on the clock" messages could be cleanly separated from personal messages, the U.S. workforce is migratory. Someone's boss today might be their start-up coworker tomorrow.
What is considered a "professional" message this week could be personal by next month. HR leaders must stay on top of the trends, but expect those trends to shift rapidly. The reality is that employers should issue policies and exercise vigilance, but expect a limited ability to monitor and enforce compliance in private social media.
Avoid and Anticipate Crisis
Sooner or later, most firms with significant public exposure will face a crisis of one sort or another. When scandal hits, it will almost certainly play out in social media.
In today's social media climate, HR's role is mainly crisis avoidance. In-house or contract public relations professionals can help to state official policy, offer explanations or apologies and suggest remedies on organization-managed social media.