Managing Your Company’s Social Media Risks

By Jan Hertzberg and Matthew Thompson

Initially seen as an alternative communication tool for individuals, social media is fast becoming pervasive among organizations of all sizes. But as the popularity of social media has grown, the risks related to it—particularly fraud, theft, defamation, cyber–bullying, invasion of privacy, and regulatory and compliance violations—have also proliferated. Still, this tool is how organizations can stay competitive, serve customers better and attract top talent

The lesson is clear: If organizations want to use this popular medium, they will need to be proactive about managing their social media risk. Here are four tips to help your organization embrace social media and still safeguard its brand, protect private information and minimize liabilities.

Understand and assess risks. Reputational damage, data leaks, privacy breaches, cyber-security, and even clueless or rogue employees are all reasons for concern when it comes to social media. Understanding the risks is the first step in managing them.

In addition to the most-talked-about risks, you should also consider the growing body of regulatory and compliance requirements for key industries and specific company types—such as health care, financial services and public companies—as well as state privacy laws, which could be a source of concern. If an employee at your organization touts the benefits of a new health product, releases financial results early or discloses personal information on the company blog, your organization could be violating regulations, which could result in financial or other penalties.

Once you have identified all possible risks, consider how to manage each one. Think about IT controls, policies, legal protections, training, incident management and insurance.

Define your strategy. For a successful social media program, you need a well-defined strategy that has been developed and endorsed by management. Your strategy should address these key questions:

·         What business benefits do you expect social media to achieve?

·         What are your target markets, and how will your social media serve them?

·         How will management ensure that the entire organization is following the strategy?

·         Who is authorized to speak on the organization’s behalf?

·         How will you respond to negative or untrue feedback?

Make it a point to revisit your strategy on a regular basis to make sure that it continues to serve changing business needs.

Involve all the right people. Because marketing and HR are often the key proponents and users of social media, many companies still view these teams as sole owners of the initiative. However, social media actually cuts across many departments, including HR, marketing, IT, corporate communications, internal audit and legal/compliance.

For instance, once a policy is established, social media risk management and policy enforcement might involve legal/compliance, IT, internal audit and other departments with specialized knowledge and tools to ensure that the policy is effectively enforced. Legal/compliance can ensure that the company’s social media policy takes into account the company’s unique industry and marketplace risks.

Internal audit can facilitate a companywide social media risk assessment and, if appropriate, conduct specialized audits and reviews. And IT can make sure that the social media platform is integrated with the company’s other systems, and that it conforms to the organization’s existing IT policies and procedures, such as its password policy.

Understanding who is involved—and at what point—is important so that critical decisions can be made quickly by a cross-departmental team.

Monitor and manage feedback. There is a wealth of information in the feedback that companies receive from the public—especially feedback from current and future customers. Still, not every comment that a company receives is going to be useful.

A very important aspect of your social media strategy is figuring out who and what to listen to and how to react to their comments. All remarks should be evaluated carefully. It is important to act on negative comments swiftly and appropriately, but it is just as important to address potentially fake comments, which can skew product opinion and lead to brand damage. Both Amazon and TripAdvisor recently addressed issues regarding fake reviews in an effort to maintain their brand image.

You must have a clear-cut reaction plan, including damage-control procedures, before you have a chance to receive negative or inappropriate comments about your brand. This is the only way to ensure that the issue is responded to quickly and effectively. Unhappy consumers, disgruntled employees and even fake feedback can damage an organization’s reputation in record time.

Taking the time to fully understand the risks of social media and develop a well-rounded strategy will take your organization’s customer engagement to a whole new level and mitigate many of the risks associated with these popular communication tools. Tweet safely.

Jan Hertzberg is a managing director in Grant Thornton’s Advisory Services practice. He leads the Information Technology practice in the firm’s Chicago office. With over 25 years of experience, Jan has helped multinational companies in a variety of industries develop infrastructure, systems and internal IT controls for enhanced reliability and regulatory compliance.

Matthew Thompson is a managing director in Grant Thornton’s Advisory Services practice. Based in the Carolinas, Matthew has more than 17 years experience working on IT and internal audit projects.