(Guest Leader Post) Risky Business: Executive Briefing on Social Media Risk Management
Today’s Guest Leader Post contributor is Randall Craig (www.RandallCraig.com).
Launched in conjunction with our new Remarkable Leaders Radio Seminar Series, which will air the last Thursday of every month across the Blog Talk Radio Network, these guest posts will feature some of the most innovative and widely known thought leaders from the world of business.
Picture this scenario: An employee gets charged with a serious offense and the company’s name gets mentioned repeatedly in the news reports. The reporters found the connection to your organization by scanning through Social Media.
Or this scenario: A subcontractor tweets (or posts pictures) celebrating the conclusion of a major, confidential project. This alerts competitors, customers, and suppliers, resulting in millions of dollars of lost sales.
Or this one: Someone looks at your Facebook (or LinkedIn) profile, peruses your “friends” to determine your mother’s maiden name, then grabs your birth date and other freely available personal details. Then they call your bank and gain access to your account by “verifying” your identity.
Too often, we (or rather “people”) rarely think about Social Media Risks, let alone how to protect against them. As individuals it is caveat surfer, but at an organizational level, the responsibility for protecting corporate assets, including customer information, trade secrets, and ultimately the brand, falls to IT security professionals. It shouldn’t – it is the job of the executive leadership.
- IT departments are stretched, and often don’t have the resources to stay ahead of every possible new security threat.
- More technology comes through the door each day via smart phone, and these devices are completely beyond the control of the IT department.
- Many managers assume that 100% of the responsibility for information security sits with IT staff, particularly in the area of employee productivity. (Technology can help, but productivity is a management issue; risk reduction is really the responsibility of everyone.)
- Innovation in Social Media is happening so quickly that many (both marketers and IT) have outdated assumptions about what appropriate Social Media usage looks like. Poor assumptions cause poor decision-making.
- Many organizations don’t even have a comprehensive Social Media policy. With no standards, everyone makes their own rules about what is right and what is wrong. It is impossible to police, let along protect.
- Rarely are staff – or executive leadership – trained in how to use Social Media, and particularly, how to use it responsibly so both the organization – and themselves – are protected.
Clearly, for an organization to manage Social Media risk effectively it needs to delegate information security responsibility well beyond the IT group. Yet this is a challenge when many corporate leaders cannot even identify more than a small handful of potential problem areas. (Test yourself: without reading onward, how many can you name?)
Here is a basic Social Media risk list; note that some are marketing risks, some are HR risks, some are technology risks, etc:
- Identity theft
- Mistaken identity
- Brand hijacking
- Bandwidth contention
- Social Media venue consolidation / data loss
- Privacy / confidentiality breaches
- Legal and regulatory breaches
- Intellectual Property theft
- Productivity loss
- Human rights violations
- Libel / slander
- Contest fraud
- Trojans and malicious code
- Unwanted publicity
- Inappropriate recruiting practices
- Social engineering
With such a broad range, how can you protect your organization?
Consider the following five step process:
- Executive Briefing: Senior management must be educated both on Social Media strategy, but with an embedded risk management context. It is no longer acceptable to propose a strategy without acknowledging – and protecting against – the risks. Senior managers ask great questions; an executive briefing gives them the data points to do so.
- Develop a Social Media policy to reduce risk. Going through the discussions and knowledge transfer that occur as the policy is being formulated is far more powerful than merely adopting a generic off-the-shelf policy.
- Develop a Social Media strategy: Usually done concurrently with the policy work, the strategy binds the corporate strategy and goals to specific activities at an individual or departmental level.
- Communication and Training: This is the mechanism to connect the policy to the people. It’s not possible to manage (or measure) without first letting people know what’s expected of them, or how to actually use the tools.
- Monitoring: Monitoring fulfills the dual objectives of evaluating the effectiveness of strategy, while at the same time surfacing risks.
This week’s action plan: Where are you in this process as an organization? How “clued in” is your leadership team? This week, assess where you are and commit to doing one thing to reduce your organization’s Social Media risk level. And while you’re at it, check your own Social Media profiles and remove any information that might be used by a fraudster to impersonate you at the bank.
Randall Craig has founded several successful start-ups (including Pinetree Advisors) held a long-time position at a “big-four” consulting firm, and was an executive at an American public company. He has served over 100 clients, including international financial institutions, public companies, non-profit associations, government, and a number of entrepreneurs.
He lectures at the Schulich School of Business, has a column on Monster, and is the host ofProfessionally Speaking TV. Randall is the author of six books (Leaving the Mother Ship, The Working Resume, the best-seller Personal Balance Sheet, the Online PR and Social Media series, andSocial Media for Business: 101 ways to grow your business without wasting your time). He has appeared on numerous TV and radio shows, and has been profiled in all national media.
Randall served as 2010 Toronto Chapter President of the Canadian Association of Professional Speakers, and has earned an HBA, CFA, MBA, CMC, and a Black Belt in karate.
About pibloggerAuthor and Host of the PI Window on The World Show on Blog Talk Radio.
- The Three Essential Tips for Controlling Your Brand: usheroff.com/three-essentia… https://t.co/YB1M0ClbpU 6 days ago
- What is your personal brand? lnkd.in/ekzVZpB 2 weeks ago
- I'll be speaking at .@HBAnet Annual Conference in Philly Nov 6-8. Early-bird deadline June 30 #HBAimpact… twitter.com/i/web/status/8… 1 month ago