The accessibility and fluidity of social media leaves businesses and organisations open to significant risks. But there are countermeasures that could be take to prevent reputation disaster.
Social media are now ubiquitous in the corporate world and in our day-to-day life, but the risks they carry are not fully understood yet.
There are four major threats they pose.
Fragging: Employees can intentionally try to harm their employer’s reputation. The same is valid for organisations whos members want different things.
Leaking: Employees can also unintentionally damage their employer’s reputation or spoli plans. This can happen when they release information that is directly useful to competition. For example, some can facilitate fraud by giving valuable operational information. Geotagging of pictures is particularly useful to understand executive travel patterns. A different risk occurs when employees and other stakeholders engage in activities that are damaging to the organisation’s reputation in their private time.
Hacking: Non-employees can intentionally hurt an organisation. However, the threat from outsiders is not limited to the cyber world. Spouses commenting on forums or posting pictures to share their frustrations about the company can be problematic.
Fumbling: Non-employees can also harm reputations unintentionally. When someone want to create buzz by releasing a controversial information. The goal is not to hurt anyone, even though this consequence may be easily foreseeable.
To address such social media risks, there is a four pronged approach.
Mark: Threats need to be identified and linked to your general risk management processes. The different accounts should be identified and their ownership clearly established.
Measure: The risk materiality should be ascertained. For example, armed forces classify the degree of confidentiality associated with each document they produce (from freely available to a general audience to highly classified). This systematic approach is designed to reduce the risk that operations security is inadvertently compromised.
Manage: The best way to deal with a social media crisis is to prevent it. A natural response may be to impose additional layers of control but naturally there is a trade-off between reactivity (the point of having a social media activity) and security. This may lead the firm to tolerate a certain degree of risk. Risks can also be treated to minimise their occurrences or their consequences. For example, embedded social media correspondents can be deployed through the organisation to diffuse good practices and to provide a better picture of real company practices to risk managers. An “outboarding” programme can be designed to ensure that employees leaving the company are leaving on good terms. The risks can also be transferred either by outsourcing the social media activity to an external provider (and the responsibility that goes with it) or by purchasing insurance in case something goes wrong. In rare cases, the risks can be terminated by closing down the social media channels entirely. This option may be worth considering for small organisations but is unlikely to be possible for larger ones.
Monitor: Detecting emerging crises in matters of minutes can be critical. A quick response may even turn a problem into an opportunity. Interestingly, monitoring social media can also help you to detect a crisis in another part of your business. For example, executives can also monitor social media activity around their company. This allows these organisations to detect emerging operational or IT issues as soon as they impact their customers.
Once these challenges have been better understood, a crucial question becomes who in the organisation is best positioned to take charge of them. Chief Marketing Officer, Chief Risk Officer, Chief Information Officer or a new type of executive (Chief Digital Officer) can all lay a claim on this. What is clear though is that, irrespective of your position in the leadership team, your reputation is at stake.