Erin Kuhlman VP Corporate Relationsecrisponsor.org/Npresentations/1-4mon.pdf · Social Media Risks...
Transcript of Erin Kuhlman VP Corporate Relationsecrisponsor.org/Npresentations/1-4mon.pdf · Social Media Risks...
Erin Kuhlman VP Corporate Relations
1
Growth
Exponential growth and change in social media
Tools/Risks
New tools/old risks – amplified and accelerated
Business
Business use cases/opportunities continue to rise
Benefits
Benefits of engaging too large, prohibiting/ignoring no longer feasible
Intersection
Intersection between information and technology
Blurred Lines
Personal-professional lines blurring, mobile connects 24/7
The Landscape
Sensitive Data
Mobile devices transmit sensitive data and used for social media
22
27 out of 29 companies attending this conference have a presence on social media:
26 18 19 18 6 3
2 Data Source: Proskauer, 2014
Social Media Can Drive Results
Marketing – brand awareness/management, interest, engagement, conversation
HR – hiring, ramp up, retention
Corporate Communications/PR – listening, awareness, influence
Customer information
Customer support
Knowledge management
Product development
Financial analyst results
Fulfillment
Crowd sourcing
3
Largest Social Networks in the World Monthly active users in millions (unless noted otherwise)
External Networks
4
Indicates Total Users
Data Source: BI, 12/2013
Social Media Explained Twitter I’m eating a #Donut
Facebook I like donuts
FourSquare This is where I eat donuts
Instagram Here’s a vintage photo of my donut
YouTube Here I am eating a donut
LinkedIn My skills include donut eating
Pinterest Here’s a donut recipe
LastFM Now listening to “Donuts”
G+ I’m a Google employee who eats donuts
5 Data Source: Three Ships Media, 2012
Damage to Brand and Reputation
7
identity theft • business continuity • malware • social engineering attacks IT infrastructure damage • reduced productivity • defamation
Data Source: Altimeter, 8/9/12
Brand and Reputational Risk
8
1,000s of new ways for brand to be breached, misrepresented, and damaged
Fraud – difficult and expensive to rectify
Malicious actors can access internal networks
Activists can pose as company via fake accounts
Negative publicity – about employees or business
Loss of Control
Data Breaches
Confidential information – loss can be accidental or deliberate
Phishing, malware
Intellectual property compromises
Social Media Risk Priorities (top ranking) by Company Type
Information Security Risk
9 Data Source Grant Thornton/FERF, 9/2013
Policies
Policies may not be legal/updated to reflect changes in case laws
Confidentiality
Public companies concerned about confidential information leakage
Tracking
Difficult to track and comply
Change
Breadth and speed of change is daunting; multiple regulatory agencies, numerous laws, and countless legal cases are setting rules
Laws/Statutes
Few actual laws/statutes for social media exist – case law being used
Legal and Regulatory Compliance Risk
10
Palace Casino Case Study 15-Country Study: Similar approaches on workplace social media across countries
Across these jurisdictions, several consistent issues
Social Media and the Law
data protection
laws
privacy laws
employee representative
bodies
employee consent
11
How do you balance an employee’s right to privacy against an employer’s legitimate interest in protecting its business?
Data Source: Proskauer, 2014
Operational Risk Productivity Loss
Social media is part of everyday life, drives collaboration/can be a distraction
internet monitoring
solutions an option
blocking social media
sites can backfire
(can drive younger employees’ hiring choice)
inappropriate non-business
use
12
Physical Security Risk (+1)
expected “cost-of-entry” for
consumers and users
no access to competitive
info/ conversations
cannot join/influence dialog if not
involved
loss of control/ability to respond to constituents
missing out on marketing and branding opportunities
may negatively influence potential
employees
+1 Risk: Opportunity cost of doing nothing
13
Harassment
Employees become targets as face of company
Safety
Employee and office geographic information can jeopardize employees/property
Privacy Issues
Employees or customers can overshare data
Managing Social Media
14
Organizations empower large sets of users but still need to maintain control
More companies have or are developing policies that address social media governance and risks, not as many conduct risk assessments
Governance remains fragmented across internal departments
More employees are participating in social media, often with little or no social media experience
Difficult – large amounts of non-static data, multiple users, platforms not controlled by others, hard to know what is being said and how to fix it
There is a growing need for risk management
Data Source: Grant Thornton/FERF, 9/2013
Is There Insurance?
15
Losses
New endorsements and cyber insurance policies for social media losses
Advertising Injury
Commercial General Liability (CGL) may cover “advertising injury”
Property/Personal
CGL may also cover property damage or personal injury claims
Employee
Employment Practices Liabilities Insurance (EPLI) may cover employment law claims
Coverage
Determine what coverage you have/need
Potential Gaps
Purchase to fill in potential gaps
new exclusions
are in policies to avoid claims
Data Source: McMullen and Gold, 2013
Social Media Strategy
16
Social media strategy should be directly aligned with corporate strategy
Consider:
• Business need
• Explore alternatives
• Audience
• Cost of status quo
• Expected benefits
• Unintended consequences
• Solve a challenge/provide an opportunity
risk management
is over-arching
Best Practices
17
In the absence of specific laws, best practices are especially important to reduce risks
Top 5 Best Practices:
1 2 3 4 5 Policies Assess Manage Monitor
& Measure Train
Data Source: “Figure 3: The Social Media Context,” Forrester Research, Inc.
Best Practices – Policies
18
A social media policy provides guidance for employees and protects the company and customers from risk
Audit
Audit (at least annually) to ensure compliance with recent case law and other regulations
Adjust
Adjust policies and practices in accordance with audit findings
Cross-reference
Cross-reference social media in other corporate policies (e.g. confidential information)
Termination agreements should address misuse of social media by former employees
Create
Create corporate policy documentation and communication/ education plan for new governance approach
Good policies :
Are clear in purpose, short, and written in plain language Have input and buy-in from all departments Are consistent with company culture
Outline benefits of correct social media use Create a balance between protecting the company and free speech Can withstand legal challenge
Best Practices – Assess
19
Game Plan
Develop a risk analysis, assess real threats, plan responses
Cross department team: Communications/PR, HR, IT, Legal/Audit, and Marketing
Outline roles and responsibilities
Strategic alignment across departments decreases risk
13 Departments Are Actively Engaged in Social Media (with dedicated people executing social)
Data Source Altimeter, 7/25/13
Best Practices – Assess (5 Risk Scenarios)
20
An unauthorized account is posing as your company
Your company’s account is hacked, damaging content is published
Release of sensitive customer or company data (by customer, by company, or through hacking)
Public project meeting results in large mob protesting work – gathered by one person using social
Employees in conflict zone post location of social gathering – they are attacked
Identify specific risks and plan – who engages and how to respond
1 2 3
4 5
Enterprise Scenarios Source: Hootsuite, 2013
calibrate monthly:
look 3-6-12 months ahead
and plan
21
Best Practices – Manage
senior management provides clear direction for
engagement with social media
Engage your multi-department team to become the governance team
Accountable, shared governance
Each responsible for area of expertise
Align guidelines with strategy
Process for third parties
Clearly define
Roles/responsibilities
Scope of company’s social efforts
Process – internal flow for creating content
Manage strategy/gain approvals
Practices need to follow the policy (no divergence)
Be consistent with branding guidelines
Follow approval process, include training and education
Don’t forget continuity planning
Best Practices – Monitor and Measure
22
1 2
3
Select appropriate technologies to support your efforts Known as Social Risk and Compliance Solutions (SRCs), these tools:
Provide centralized visibility of all social media accounts
Allow administrator to limit access (employees, third parties)
Provide content governance
Ensure compliance with internal policies and external regulations
Protect against hackers
Listen; monitor access, content, and applications across all platforms
Measure success, adjust as necessary
Data Source Grant Thornton/FERF, 9/2013
Best Practices – Train
Few companies providing adequate training, growing number of employee participants
create a compliance
culture
define clear usage
guidelines for social media
train employees on policies (at least) annually
Need for training is growing
training reduces
the risk of misuse
23
Compliance is the top priority, but other risk factors are high on the list
Risk exposure increasing with widespread employee social media use
SRC products help to control and mitigate risks SRC/SRM nascent, but emerging market
there is no “one size fits
all needs” product – yet
Oversight/ enforcement
Archive data
Monitor accounts
Streamline workflows
Employee engagement
Survey: How important were the following reasons for your firm to begin looking for an SRM solution?
Data Source Forrester 5/2014 24
25
Final Thoughts
Fast Pace
Change and growth are inevitable, what is hot today may be unknown tomorrow and vice versa
Manage
Risks are riskier now. Organizations need policies, procedures, training, and technologies to manage well
Check Regularly
Check each policy regularly: Is the policy working? Is it still legal?
Best Practices
Best practices are important in the absence of specific laws – and case law is still developing
Sources Boudreaux, Chris, Your Employee Advocacy Program Needs a Plan for Negative Posts, 5/13/14 http://socialmediagovernance.com/blog/employee-advocacy/your-employee-advocacy-program-needs-a-plan-for-negative-posts, accessed 5/15/14.
Business Insider, Our List Of The World’s Largest Social Networks Shows How Video, Messages, And China Are Taking Over The Social Web, http://www.businessinsider.com/the-worlds-largest-social-networks-2013-12, accessed 5/14/14.
Dada, Gerardo, Find the Risk vs. Reward Balance in Social Media, Rackspace Cloud, Sapient Corporation/Open Text, 10/13/09.
De Boer, Mario, Enterprise Solutions for Security Monitoring and Control of Public Social Media, 2/19/13, Gartner Inc.
Etlinger, Susan, Social Data Intelligence: Integrating Social and Enterprise Data for Competitive Advantage, 7/25/13, http://www.altimetergroup.com/research/reports/social-data-intelligence, accessed 5/16/14.
Ethics Resource Center, National Business Ethics Survey of Social Networkers, New Risks and Opportunities at Work, 2013.
Gotta, Mike et. al, Social Media: Identity, Privacy, and Security Considerations, Gartner Inc., 2010
Handman, Dan, When Tech Innovation Outpaces the Law, A Minefield of Workplace Issues in Social Media, JD Supra Perspectives, 4/29/14, http://www.jdsupra.com/legalnews, accessed 5/1/14.
Hayes, Nick, The Forrester WaveTM: Social Risk And Compliance Solutions, Q2 2014, Forrester Research Inc., www.forrester.com, 5/ 7/14.
Hayes, Nick, Manage The Risks Of Social Media, Forrester Research Inc., www.forrester.com, 11/29/12.
HootSuite Media Inc. & Nextgate, Mapping Organizational Roles & Responsibilities for Social Media Risk, 2013, accessed 5/16/14.
HootSuite Media Inc. & Nextgate, The 5 Steps to Social Media Compliance, What You Need to Know Before You Go Social, 2013, accessed 5/16/14.
McMullen, Darin and Gold, Joshua, Effectively Managing Social Media Risks, 10/2/2013, Risk Management Magazine, http://www.rmmagazine.com/2013/10/2/effectively-managing-social-media risks/ accessed 5/15/14.
Pew Research Internet Project, Social Media Update, 12/30/13, http://www.pewinternet.org/2013/12/30/social -media-update-2013, accessed 5/13/13.
Pew Research Internet Project, Social Networking Fact Sheet, September,2013, http://www.pewinternet.org/fact-sheets/social -networking-fact-sheet/, accessed 5/15/14.
Proskauer LLP, Social Media in the Workplace Around the World 3.0, 2013/14 Survey, www.proskauer.com, April 2014, accessed 5/15/14.
Ray, Doug, Social Media Explained, Three Ships Media, 2012, accessed 5/14/14
Smith, Cambria, Managing Your Media: A Practical Primer on Operating Public Entity Social Media Pages, 5/15/14, http://www.jdsupra.com/legalnews/managing-your-media-a-practical-primer-49259/, accessed 5/20/14.
Thompson, Thomas; Hertzberg, Jan; and Sullivan, Mark, Social Media Risks and Rewards, Grant Thornton/FERF (Financial Executives Research Foundation) September 2013.
Webber, Alan, Li, Charlene and Szymanski, Jaimy, Guarding the Social Gates: The Imperative for Social Media Risk Management, Altimeter Group, 8/9/12.
Wüest, Candid, The Risks of Social Networking, Symantec Corporation, 2010.
Thinkstock by Getty Images all rights reserved; photos on slides 1, 3, 6, 7, 8, 9, 10, 12, 16, 21, 23, 25, and 26
27