Yesterday, Proofpoint announced it will acquire social risk and compliance (SRC) vendor Nexgate for approximately $35 million.
The Acquisition Signals The SRC Market Is Maturing
This acquisition points to a budding and rapidly evolving SRC market. With the proliferation of social media, organizations face a slew of emerging regulatory challenges, brand threats, and security vulnerabilities – just look at recent incidents with Cole Haan, Zarbee’s, US Airways, British Gas, among countless others, even including our own US military. While once a niche market helping financial services firms meet FINRA obligations, SRC solutions now offer more than just compliance support, helping organizations better manage today’s wide gamut of social risks with social threat detection, account protection, and risk monitoring.
Proofpoint Has To Prove The Sum Is Greater Than Its Parts
Last week Salesforce.com (SFDC) hosted its annual Dreamforce Conference in San Francisco, and for the first time, the cloud giant’s products could soon have some major implications in the governance, risk, and compliance (GRC) market.
Amidst the chaos of keynotes, partner sessions, guest speakers like Hilary Clinton, wil.i.am, Al Gore, and our very own George Colony, two of SFDC’s major announcements demonstrated how its new offerings and future strategy will position the company to compete in the very big business intelligence market:
We all know that securing your perimeter and your internal assets only gets you so far today. The crux of the issue is that your brand, and potential threats to it, are now often external and out of your direct area of control. The number of places and channels online where your brand appears and where malicious actors discuss how to take down your organization is expanding rapidly today.
It’s no longer just your marketing team that uses social media for business purposes. Employees across the entire organization use social media for personal and professional reasons, leveraging social to drive real business for your company. The opportunities to enhance your brand, deepen customer relationships, and glean new customer insights are all too valuable to ignore -- but the risks are real too.
Moreover, the legal and regulatory landscape is evolving rapidly, complicating the ways in which you can manage social media and the myriad reputational, security, and privacy risks (among others) that expose your organization. To take advantage of these opportunities and still protect your company, you need new tools and technology to do this effectively.
Everyone makes mistakes, but for social media teams, one wrong click can mean catastrophe. @USAirways experienced this yesterday when it responded to a customer complaint on Twitter with a pornographic image, quickly escalating into every social media manager’s worst nightmare.
Not only is this one of the most obscene social media #fails to date, but the marketers operating the airline’s Twitter handle left the post online for close to an hour. In the age of social media, it might as well have remained up there for a decade. Regardless of how or why this happened, this event immediately paints a picture of incompetence at US Airways, as well as the newly merged American Airlines brand.
It also indicates a lack of effective oversight and governance.
While details are still emerging, initial reports indicate that human error was the cause of the errant US Airways tweet, which likely means it was a copy and paste mistake or the image was saved incorrectly and selected from the wrong stream. In any case, basic controls could have prevented this brand disaster:
US Airways could have built a process where all outgoing posts that contain an image must be reviewed by a secondary reviewer or manager;
It could have segregated its social content library so that posts flagged for spam don’t appear for outgoing posts;
It could have leveraged technology that previews the full post and image before publishing.
It should come as no surprise that regulators and organizations alike struggle to set and enforce guidelines for social media activity. It’s not just that the rise of social media is rapidly transforming the way we interact with people, customers, and brands; but also how many ways this transformation is happening.
The core issue is that social media alters the way we as individuals share who we are, merging our roles as people, professionals, and consumers. As we share more of ourselves on a growing number of social networks, questions quickly surface:
How frequently and on what social networks should we post?
When should we present ourselves in our professional role versus sharing our personal opinions?
Is it okay to be social media friends with co-workers, clients, or your boss?
These are complicated matters for individuals, and absolute conundrums for organizations concerned with how employees behave and interact with others in, and outside of, the workplace. Their questions are even more complicated:
Can organizations dictate how their employees use social media?
Can they monitor social media conversations or use it to learn more about prospective job applicants?
When does the personal connection allowed by social media tools cross the line from business to personal?
Let’s put it this way: social media and security don’t work together very well today. Marketing professionals who see social media as a vital communication channel view security as a nuisance, whereas Security pros view services like Facebook and Twitter as trivial pastimes that expose the business to enormous risk. The problem is, when it comes to social media, these two facets of the organization need to come to terms with each other – and this was clearly on display Tuesday when the Dow Jones briefly plummeted over 100 points due to false Tweets from AP’s hacked Twitter accounts that indicated President Obama had been injured by explosions at the White House.
This recent breach signifies two things: 1) the potentially damaging impact of social media is real and growing, and 2) companies today aren’t doing enough to mitigate the risks.
As social media becomes a legitimate source of news and information, the implications for inaccurate or inappropriate behavior continue to grow. Damaging or disparaging comments on Twitter (whether intended or not), can have a real impact on your business and the way customers view your company and brand. Companies need to do more to protect their organization from social media risk because:
Stephanie Balaouras and I published a report last week on the current state of crisis communications, and one thing is clear: most companies are not ready to invoke their crisis communications plan.
We analyzed data from our recent 2012 Forrester/Disaster Recovery Journal (DRJ) joint online study, which surveyed 115 business continuity decision-makers about their organizations’ crisis communications strategies. The results were disconcerting. Despite roughly half of organizations having invoked their business continuity plan in the past five years, only 15% said their crisis communication efforts were very effective.
Recent events such as Hurricane Sandy and the Sandy Hook school shooting illustrate the damaging, and often tragic, impact crises can have on organizations and the broader community. In fact, Hurricane Sandy was the second costliest in US history. Yet, most organizations are not prepared to manage an effective response to such a crisis. We found that crisis communication programs routinely underperform because:
Many organizations today get caught up in what I call the “social media binary,” where there are only two options to social media control: 1) Allow unrestricted access to social networks, and potentially expose the company to myriad security, regulatory, reputational, and other risks, or 2) set and enforce policy that completely forbids the use of social media while at work, and forgo potentially lucrative business opportunities for the firm.
Facebook made headlines last Friday with its announcement that it had been the victim of a sophisticated security attack. All major news publications picked up the story, citing widespread concern about the implications of the breach.
The breach itself, however, was largely a nonevent from a security standpoint.
Facebook identified the security breach before it infiltrated too deeply into company systems, remediated all compromised machines, informed law enforcement, and reported the Java exploit to its parent owner Oracle – acting quickly and appropriately. Most importantly, Facebook made it clear that the breach did not expose any of its users’ data.