Compliance and Social Media: Ensuring Your Company¢â‚¬â„¢s ......

download Compliance and Social Media: Ensuring Your Company¢â‚¬â„¢s ... Compliance and Social Media: Ensuring Your

of 17

  • date post

    21-Apr-2020
  • Category

    Documents

  • view

    0
  • download

    0

Embed Size (px)

Transcript of Compliance and Social Media: Ensuring Your Company¢â‚¬â„¢s ......

  • PEER INSIGHT

    Compliance and Social Media: Ensuring Your Company’s Online Activity Adheres to Security and Regulatory Standards

    PEER INSIGHT BY The company leaders from OCEG, MetricStream, and Acolyst

    There is no doubt that social media has now exploded into a global phenomenon that enables companies to share product information, build brand awareness, and connect with customers much more efficiently than ever before. While companies have always worried that they could not absolutely control its content or use by employees, new threats have recently emerged; hackers can penetrate company systems through social media sites, and applicable regulations can be violated more easily through inadvertent sharing of privileged content. This ExecBlueprint discusses how companies can address these risks through the development of a comprehensive risk management framework that incorporates both company policy to enforce standards for safe social media and technology use and technical controls to monitor activity. Although no single blueprint exists, the framework should be sufficiently robust to prevent most employees from clicking on suspicious links and posting confidential information — and contain damage caused by inevitable human error, before the story ends up in The New York Times.

  • in partnership with Aspatore Books

    ™ ExecBlueprints www.execblueprints.com

    Copyright 2014 Books24x7®. All rights reserved. Reproduction in whole or part is prohibited without the prior written permission of the publisher. This ExecBlueprints™ document was published as part of a subscription based service. ExecBlueprints, a Referenceware® collection from Books24x7, provides concise, easy to absorb, practical information to help organizations address pressing strategic issues. For more information about ExecBlueprints, please visit www.execblueprints.com.

    The company leaders from OCEG, MetricStream, and Acolyst on:

    Compliance and Social Media: Ensuring Your

    Company’s Online Activity Adheres to Security and Regulatory Standards

    Carole S. Switzer Co-Founder and President, OCEG

    Gaurav Kapoor Chief Operating Officer, MetricStream

    Valeh Nazemoff Senior Vice President, Acolyst

    There is no doubt that social media has now exploded into a global phenomenon that enables companies to share product information, build brand awareness, and connect with customers much more effi- ciently than ever before. While companies have always worried that they could not absolutely control its content or use by employees, new threats have recently emerged; hackers can penetrate company systems through social media sites, and applicable regulations can be violated more easily through inadvertent sharing of privileged content. This ExecBlueprint discusses how companies can address these risks through the development of a comprehensive risk management framework that incorporates both company policy to enforce standards for safe social media and technology use and technical controls to monitor activity. Although no single blueprint exists, the framework should be sufficiently robust to prevent most employ- ees from clicking on suspicious links and posting confidential information — and contain damage caused by inevitable human error, before the story ends up in The New York Times. n

    Action Points

    I. What Are the Risks Associated with Social Media Use? Companies used to mainly worry that employees would waste time on social media sites or share company secrets through comments they would post. Unfortunately, however, there’s more. Did you know that hackers now target company social media sites to gain information about customers? Or that even innocuous tweets can violate regulations?

    II. The Bottom Line While social media enables a wide range of business opportunities, it can also leave companies vulnerable to financial, legal, or reputation losses if appropriate controls and processes are not instituted governing the dissemi- nation of content, technical architecture of databases, identification and mitigation of security risks, and use by employees.

    III. Must-Have Technology-Based Solutions to Mitigate Social Media Risks Due to the volume of data and speed at which social media operates, policies alone will never ensure that networks are protected and regulations are followed. Organizations must also leverage technologies that have the capacity to aggregate and analyze enormous amounts of data to identify everything from information breaches to violations.

    IV. The Golden Rules for Communicating with Employees About Social Media Use You may not be able to prevent your employees from using social media, but you can establish policy regard- ing the posting of company-related content and provide guidance on safer practices. For example, you can advise using different passwords for work and personal accounts, and inform them that the company is monitoring their online activity.

    V. Essential Take-Aways Now that social media use is nearly ubiquitous, organiza- tions are seeing the risks that come with it and must consider how to leverage tools and practices to reduce potential negative impacts. Given that social media engages both people and technology, solutions will need to involve fostering a risk-aware culture and developing a secure infrastructure.

    Contents

    About the Authors . . . . . . . . . . . . . . . . . . . . . p.2

    Carole S. Switzer . . . . . . . . . . . . . . . . . . . . . . p.3

    Gaurav Kapoor . . . . . . . . . . . . . . . . . . . . . . . . p.7

    Valeh Nazemoff . . . . . . . . . . . . . . . . . . . . . . p.11

    Ideas to Build Upon & Action Points . . . p.14

  • © Books24x7, 2014 About the Authors ExecBlueprints 2

    About the Authors

    Valeh Nazemoff Senior Vice President, Acolyst

    Valeh Nazemoff, author of the upcoming transformational strat-egy book, The Four Intelligences of the Business Mind, is also an accom- plished strategic advisor, thought leader, team builder, and speaker. Ms. Nazemoff and her company specialize in helping executives and decision makers trans- form by mapping, designing, and achiev- ing strategic initiatives through business performance management. Part of her transformational process involves the assessment of structuring and organizing

    the governance, compliance, and orga- nizational behavior of the business. She has guided clients on ways to improve organizational communication, collabo- ration, and change management by for- malizing and documenting policies and processes.

    Recognized on this year’s inaugural CRN Power 50 Solution Providers list and the CRN Women of the Channel list for 2013 and 2014, Ms. Nazemoff has presented a workshop at the GRC Sum- mit and frequently contributes to UBM

    Tech and CA Technologies’ SMART Enterprise Exchange publications.

    Ms. Nazemoff has also taught and mentored university students in various areas of business, including business ethics.

    As the chief operating officer of MetricStream, Gaurav Kapoor has the overall responsibil- ity for sales, marketing, customer advocacy, the partner ecosystem, and Compliance Online.com. Until 2010, he also served as the company’s CFO. During this time, he led MetricStream’s financial strategy as well as sales, market- ing, and partnerships. He also launched

    ComplianceOnline.com, a MetricStream business unit which has grown to become a leading online GRC community and content property.

    Mr. Kapoor came to MetricStream from OpenGrowth, an incubation and venture firm where he helped build and grow several companies including ArcadiaOne and Regalix. Prior to that, he spent several years in marketing,

    operations, and business roles at Citi in Asia and the U.S.

    He also serves on the board of Rega- lix, a digital innovation and marketing company.

    Gaurav Kapoor Chief Operating Officer, MetricStream

    Carole Switzer is the co-founder and president of the Open Com-pliance & Ethics Group (www. oceg.org), a global nonprofit think tank, and online community of more than 40,000 individuals in more than 70 coun- tries, that provides standards, guidelines, and online resources to help organiza- tions achieve principled performance.

    Ms. Switzer is a recognized leader in the concept of integrated governance,

    risk management, and compliance (GRC) and is a principal author of the open source, OCEG Red Book GRC Capabil- ity Model. She is frequently published in leading business magazines, and lectures on GRC throughout the world. She advises university professors in several countries on how to teach GRC concepts in graduate programs, and developed OCEG’s on-demand training course series, GRC Fundamentals. In 2010, she

    was honored with a lifetime membership in the Institute for Risk Management and most recently was recognized in the 2012 edition of the Martindale-Hubbell Bar Register of Preeminent Women Lawyers.

    Carole S. Switzer Co-Founder and President, OCEG

    ☛ Read Valeh’s insights on Page 11

    ☛ Read Gaurav’s insights on Page 7

    ☛ Read Carole’s insights on Page 3

  • © Books24x7, 2014 Carole S. Switzer ExecBlueprints 3

    Carole S. Switzer Co-Founder and President, OCEG

    Facebook, LinkedIn, Twitter, and Beyond: The Explosive Growth of Social Media Ten short years ago (although it seems much longer), Facebook came into being and very quickly changed the way information moves. LinkedIn, the business- oriented social networking site that had started off slowly