The Real Risks of Social Media

The news media has been all over the ‘Facebook Fiasco’ involving the future head of Britain’s MI6. All the ridicule and snide commentary aside, this incident should lead to thoughtful discussion and debate at enterprises about the real risks of social media.

IREC has been tracking the social media domain for almost a couple of years now. We have seen a significant shift in CISOs’ perception on this topic.

Before we get into the details, let us establish a common definition of the term – we use ‘social media’ to refer to the group of technologies/platforms that enable creation and sharing of user-generated content. Examples include blogs, wikis, forums, ratings, tagging and social networking.

If used well, social media could provide a useful and creative channel to build top-line growth and enhance brand awareness. Some of the creative examples that come to mind include:
Dell’s use of Twitter as a sales promotion vehicle
Comcast’s customer service experiment via Twitter

The first set of queries we received on this topic were all about the potential security risks of social media. CISOs were also interested in knowing their peers policy posture in this area – Are companies allowing access to Facebook? What technical controls are available to prevent data leakage through social media channels? etc

In the course of the past 12 months, one thing has become very clear: The real concern for corporations is not the security risks of social media, but the reputational risks that accompany thousands of employees sharing their life (and work) details in the public domain. A recent study conducted by our sister program, the Marketing Leadership Council found that 71% of organizations surveyed plan to increase their social media investments in 2009. However less than a quarter of these organizations had a social media strategy in place.

It begs the question: What should Information Risk’s role in social media governance be?
Our conversations with CISOs at leading corporations suggest the following:
1. Develop a social media policy that covers the use of social media by the enterprise (eg., recruiting on Facebook) as well as by individuals. Provide simple ‘do’s and don’ts.’ The US Air Force has put together a simple flowchart to help staff decide when/how to respond to a social media post – very effective example of social media policy in action!

2. Incorporate social media etiquette into your organization’s security awareness and training programs. (These need not be part of the security awareness program per se – just make sure it is a part of some training employees receive). Include contractors in the program and create little booklets/information packets that employees can share with their families.

3. Lobby for investment in reputation management and moderation technologies. Most probably, your Corporate Communications department is thinking about this as well.

4. Take the lead in setting up a social media governance program. Many executives in the organization are thinking about social media – like HR, Corp Comm and Marketing. Get the group together to lay the groundwork for a well-defined program.

5. Finally, don’t forget to collaborate with your Legal department on issues such as records retention policies and monitoring of social media activities.

Advertisements
Explore posts in the same categories: Awareness, Web 2.0 / Collaboration tools

One Comment on “The Real Risks of Social Media”


  1. As in most of these cases, social media is only partly a technology problem. Most of the IT departments are capable today to offer some technical measures. The real challenge and issue is from my point of view on the People and Governance side.

    Without proper guidance and a clear set of Do’s and Don’ts the employees just don’t know how far they can go. I’m sure that the picture of the future head of MI6 wasn’t published by his wife on purpose. Besides his professional role this man has a private life and she was just sharing information with friends she most probably thought. Has anyone educated her about the possible impact? For sure not.

    We have to do our homework’s first and then we can use the social media power for business advantage to create additional business value. Not the technology is evil it’s us who use them.

    Andreas Wuchner
    http://ITRiskSpace.com


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: