It should come as no surprise that regulators and organizations alike struggle to set and enforce guidelines for social media activity. It’s not just that the rise of social media is rapidly transforming the way we interact with people, customers, and brands; but also how many ways this transformation is happening.
The core issue is that social media alters the way we as individuals share who we are, merging our roles as people, professionals, and consumers. As we share more of ourselves on a growing number of social networks, questions quickly surface:
How frequently and on what social networks should we post?
When should we present ourselves in our professional role versus sharing our personal opinions?
Is it okay to be social media friends with co-workers, clients, or your boss?
These are complicated matters for individuals, and absolute conundrums for organizations concerned with how employees behave and interact with others in, and outside of, the workplace. Their questions are even more complicated:
Can organizations dictate how their employees use social media?
Can they monitor social media conversations or use it to learn more about prospective job applicants?
When does the personal connection allowed by social media tools cross the line from business to personal?
Let’s put it this way: social media and security don’t work together very well today. Marketing professionals who see social media as a vital communication channel view security as a nuisance, whereas Security pros view services like Facebook and Twitter as trivial pastimes that expose the business to enormous risk. The problem is, when it comes to social media, these two facets of the organization need to come to terms with each other – and this was clearly on display Tuesday when the Dow Jones briefly plummeted over 100 points due to false Tweets from AP’s hacked Twitter accounts that indicated President Obama had been injured by explosions at the White House.
This recent breach signifies two things: 1) the potentially damaging impact of social media is real and growing, and 2) companies today aren’t doing enough to mitigate the risks.
As social media becomes a legitimate source of news and information, the implications for inaccurate or inappropriate behavior continue to grow. Damaging or disparaging comments on Twitter (whether intended or not), can have a real impact on your business and the way customers view your company and brand. Companies need to do more to protect their organization from social media risk because:
Stephanie Balaouras and I published a report last week on the current state of crisis communications, and one thing is clear: most companies are not ready to invoke their crisis communications plan.
We analyzed data from our recent 2012 Forrester/Disaster Recovery Journal (DRJ) joint online study, which surveyed 115 business continuity decision-makers about their organizations’ crisis communications strategies. The results were disconcerting. Despite roughly half of organizations having invoked their business continuity plan in the past five years, only 15% said their crisis communication efforts were very effective.
Recent events such as Hurricane Sandy and the Sandy Hook school shooting illustrate the damaging, and often tragic, impact crises can have on organizations and the broader community. In fact, Hurricane Sandy was the second costliest in US history. Yet, most organizations are not prepared to manage an effective response to such a crisis. We found that crisis communication programs routinely underperform because:
Many organizations today get caught up in what I call the “social media binary,” where there are only two options to social media control: 1) Allow unrestricted access to social networks, and potentially expose the company to myriad security, regulatory, reputational, and other risks, or 2) set and enforce policy that completely forbids the use of social media while at work, and forgo potentially lucrative business opportunities for the firm.
Facebook made headlines last Friday with its announcement that it had been the victim of a sophisticated security attack. All major news publications picked up the story, citing widespread concern about the implications of the breach.
The breach itself, however, was largely a nonevent from a security standpoint.
Facebook identified the security breach before it infiltrated too deeply into company systems, remediated all compromised machines, informed law enforcement, and reported the Java exploit to its parent owner Oracle – acting quickly and appropriately. Most importantly, Facebook made it clear that the breach did not expose any of its users’ data.
We just published a report explaining all the risks inherent in the use of social media and presenting best practice tools and techniques to manage those risks effectively.
Social media is one of the top three concerns for enterprises in 2012, according to our recent Forrsights Security Survey, and it’s easy to see why: Malware, social account hijacking, data leakage, HR concerns, regulatory compliance — these are just some of the most frequently cited challenges. And with new social media gaffes coming up all the time, like KitchenAid’s offensive tweet during one of the US presidential debates, American Apparel’s Hurricane Sandy Sale, and news of Twitter user accounts getting hacked recently (as well as LinkedIn accounts earlier this year), companies have good reason to worry about their workforce having free, unrestricted access to social networks.
Here’s the problem: You can’t stop it. Sure, you can institute a zero-use policy and completely forbid your workforce from using social media at your company, but we found this is an impractical and ineffective solution.