Services

Social Media – It’s Time To Pay Attention

When we think about social media, Facebook, LinkedIn, and Twitter likely come to mind immediately. Social media is defined as “the use of web-based and mobile technologies to turn communication into interactive dialogue,”¹ and range from blogging and social networking, to sharing photos and videos. But why should you pay attention to social media? This article focuses on the key benefits and risks of social media to your business and various risk-mitigation strategies.

Social media has changed the way we do business

Have you noticed a change in how you communicate with your employees and customers now compared to five years ago? If not, then you aren’t using social media to even a fraction of its potential. Most companies, including such large BC companies as Telus, BC Hydro, and Coast Capital Savings, now have blogs, Facebook pages, and Twitter feeds. There is no longer the need for town hall meetings, intensive PR campaigns, and prepared speeches given at certain times during the year—social media delivers communication in real time.

Social media has its benefits

The greatest benefit of social media is its ability to promote your business to a vast audience of diverse stakeholders in a cost-effective manner. The challenges organizations now face are who they need to reach and how can they reach them.

From a customer perspective, companies have to ensure that their social media marketing strategy defines the target audiences, what messages should be delivered, and how feedback is to be handled. In addition, informative sites such as Yelp and Customer Lobby are designed specifically to collect customer reviews.

From an employee perspective, it goes beyond delivering the message. Encouraging an employee following allows for constant communication of key messages—leading to informed employees with greater engagement. Social media provides a way for the C-Suite to hear about employee concerns far sooner than waiting for the message to be filtered up through mid-level management. This serves to flatten the organization in a way that far surpasses the “open office” concept of the past.

Companies also use social media as a recruiting tool. Sites such as LinkedIn are used by internal and external recruiters on a regular basis to target particular skill-sets and put together a candidate pool that will more closely match a specific position, as opposed to running an expensive newspaper ad and hoping the right person will apply.

Social media carries a unique set of risks

Social media presents opportunities, but what of the threats and vulnerabilities? The threats and vulnerabilities related to social media include risks related to employees, corporate presence, and information technology.

The table below is excerpted from a white paper published by the Information Systems Audit and Control Association (ISACA) in June 2010.² It outlines the key company-specific and employee risks that an organization should consider, as well as the strategies that a company could use to mitigate these risks.

Threats and Vulnerabilities	Risks	Risk Mitigation Techniques
Introduction of viruses and malware to the organizational network	Data leakage/theft “Owned” systems (zombies) System downtime Resources required to clean systems	Ensure that antivirus and anti-malware controls are installed on all systems and updated daily Consider use of content-filtering technology to restrict or limit access to social media sites Ensure that appropriate controls are also installed on mobile devices such as smartphones Establish or update policies and standards Develop and conduct awareness training and campaigns to inform employees of the risks involved
Exposure to customers and the enterprise through a fraudulent or hijacked corporate presence	Customer backlash/adverse legal actions Exposure of customer information Reputational damage Targeted phishing attacks on customers or employees	Engage a brand protection firm that can scan the Internet and search out misuse of the enterprise brand Give periodic informational updates to customers to maintain awareness of potential fraud and to establish clear guidelines regarding what information should be posted as part of the enterprise’s social media presence
Employee posting of pictures or information that link them to the enterprise	Brand damage Reputational damage	Work with the HR department to develop a policy that specifies how employees may use enterprise-related images, assets, and intellectual property (IP) in their online presence.
Excessive employee use of social media in the workplace	Network utilization issues Productivity loss Increased risk of exposure to viruses and malware due to longer duration of sessions	Manage accessibility to social media sites through content filtering or by limiting network through-put to social media sites
Employee access to social media via enterprise-supplied mobile devices (smartphones, personal digital assistants [PDAs])	Infection of mobile devices Data theft from mobile devices Circumvention of enterprise controls Data leakage	If possible, route enterprise smartphones through corporate network filtering technology to restrict or limit access to social media sites. Ensure that appropriate controls are also installed and continuously updated on mobile devices such as smartphones. Establish or update policies and standards regarding the use of smartphones to access social media. Develop and conduct awareness training and campaigns to inform employees of the risks involved with using social media sites.

In summary

To ignore social media is to do so at your peril. It is here to stay, and most organizations have already embraced it. With the right strategies, policies, and guidance in place, it can be an extremely effective business communication tool with far-reaching benefits across demographics, stakeholder groups, and even time horizons.

References

1 - http://en.wikipedia.org/wiki/Social_media
2 - “Social Media: Business Benefits With Security, Governance and Assurance Perspectives,” ISACA White Paper, June 2010.

	Lisa Dorian, CA.CIA,CPA(IL) President
	+1.778.588.7265