Erin Kuhlman VP Corporate Relations

| Erin.Kuhlman@parsons.com

1

Growth

Exponential growth and change in social media

Tools/Risks

New tools/old risks – amplified and accelerated

Business

Business use cases/opportunities continue to rise

Benefits

Benefits of engaging too large, prohibiting/ignoring no longer feasible

Intersection

Intersection between information and technology

Blurred Lines

Personal-professional lines blurring, mobile connects 24/7

The Landscape

Sensitive Data

Mobile devices transmit sensitive data and used for social media

22

27 out of 29 companies attending this conference have a presence on social media:

26 18 19 18 6 3

2 Data Source: Proskauer, 2014

Social Media Can Drive Results

Marketing – brand awareness/management, interest, engagement, conversation

HR – hiring, ramp up, retention

Corporate Communications/PR – listening, awareness, influence

Customer information

Customer support

Knowledge management

Product development

Financial analyst results

Fulfillment

Crowd sourcing

3

Largest Social Networks in the World Monthly active users in millions (unless noted otherwise)

External Networks

4

Indicates Total Users

Data Source: BI, 12/2013

Social Media Explained Twitter I’m eating a #Donut

Facebook I like donuts

FourSquare This is where I eat donuts

Instagram Here’s a vintage photo of my donut

YouTube Here I am eating a donut

LinkedIn My skills include donut eating

Pinterest Here’s a donut recipe

LastFM Now listening to “Donuts”

G+ I’m a Google employee who eats donuts

5 Data Source: Three Ships Media, 2012

5 Primary Risks (+1)

6 Data Source: Forrester, 2012

Damage to Brand and Reputation

7

identity theft • business continuity • malware • social engineering attacks IT infrastructure damage • reduced productivity • defamation

Data Source: Altimeter, 8/9/12

Brand and Reputational Risk

8

1,000s of new ways for brand to be breached, misrepresented, and damaged

Fraud – difficult and expensive to rectify

Malicious actors can access internal networks

Activists can pose as company via fake accounts

Negative publicity – about employees or business

Loss of Control

Data Breaches

Confidential information – loss can be accidental or deliberate

Phishing, malware

Intellectual property compromises

Social Media Risk Priorities (top ranking) by Company Type

Information Security Risk

9 Data Source Grant Thornton/FERF, 9/2013

Policies

Policies may not be legal/updated to reflect changes in case laws

Confidentiality

Public companies concerned about confidential information leakage

Tracking

Difficult to track and comply

Change

Breadth and speed of change is daunting; multiple regulatory agencies, numerous laws, and countless legal cases are setting rules

Laws/Statutes

Few actual laws/statutes for social media exist – case law being used

Legal and Regulatory Compliance Risk

10

Palace Casino Case Study 15-Country Study: Similar approaches on workplace social media across countries

Across these jurisdictions, several consistent issues

Social Media and the Law

data protection

laws

privacy laws

employee representative

bodies

employee consent

11

How do you balance an employee’s right to privacy against an employer’s legitimate interest in protecting its business?

Data Source: Proskauer, 2014

Operational Risk Productivity Loss

Social media is part of everyday life, drives collaboration/can be a distraction

internet monitoring

solutions an option

blocking social media

sites can backfire

(can drive younger employees’ hiring choice)

inappropriate non-business

use

12

Physical Security Risk (+1)

expected “cost-of-entry” for

consumers and users

no access to competitive

info/ conversations

cannot join/influence dialog if not

involved

loss of control/ability to respond to constituents

missing out on marketing and branding opportunities

may negatively influence potential

employees

+1 Risk: Opportunity cost of doing nothing

13

Harassment

Employees become targets as face of company

Safety

Employee and office geographic information can jeopardize employees/property

Privacy Issues

Employees or customers can overshare data

Managing Social Media

14

Organizations empower large sets of users but still need to maintain control

More companies have or are developing policies that address social media governance and risks, not as many conduct risk assessments

Governance remains fragmented across internal departments

More employees are participating in social media, often with little or no social media experience

Difficult – large amounts of non-static data, multiple users, platforms not controlled by others, hard to know what is being said and how to fix it

There is a growing need for risk management

Data Source: Grant Thornton/FERF, 9/2013

Is There Insurance?

15

Losses

New endorsements and cyber insurance policies for social media losses

Advertising Injury

Commercial General Liability (CGL) may cover “advertising injury”

Property/Personal

CGL may also cover property damage or personal injury claims

Employee

Employment Practices Liabilities Insurance (EPLI) may cover employment law claims

Coverage

Determine what coverage you have/need

Potential Gaps

Purchase to fill in potential gaps

new exclusions

are in policies to avoid claims

Data Source: McMullen and Gold, 2013

Social Media Strategy

16

Social media strategy should be directly aligned with corporate strategy

Consider:

• Business need

• Explore alternatives

• Audience

• Cost of status quo

• Expected benefits

• Unintended consequences

• Solve a challenge/provide an opportunity

risk management

is over-arching

Best Practices

17

In the absence of specific laws, best practices are especially important to reduce risks

Top 5 Best Practices:

1 2 3 4 5 Policies Assess Manage Monitor

& Measure Train

Data Source: “Figure 3: The Social Media Context,” Forrester Research, Inc.

Best Practices – Policies

18

A social media policy provides guidance for employees and protects the company and customers from risk

Audit

Audit (at least annually) to ensure compliance with recent case law and other regulations

Adjust

Adjust policies and practices in accordance with audit findings

Cross-reference

Cross-reference social media in other corporate policies (e.g. confidential information)

Termination agreements should address misuse of social media by former employees

Create

Create corporate policy documentation and communication/ education plan for new governance approach

Good policies :

Are clear in purpose, short, and written in plain language Have input and buy-in from all departments Are consistent with company culture

Outline benefits of correct social media use Create a balance between protecting the company and free speech Can withstand legal challenge

Best Practices – Assess

19

Game Plan

Develop a risk analysis, assess real threats, plan responses

Cross department team: Communications/PR, HR, IT, Legal/Audit, and Marketing

Outline roles and responsibilities

Strategic alignment across departments decreases risk

13 Departments Are Actively Engaged in Social Media (with dedicated people executing social)

Data Source Altimeter, 7/25/13

Best Practices – Assess (5 Risk Scenarios)

20

An unauthorized account is posing as your company

Your company’s account is hacked, damaging content is published

Release of sensitive customer or company data (by customer, by company, or through hacking)

Public project meeting results in large mob protesting work – gathered by one person using social

Employees in conflict zone post location of social gathering – they are attacked

Identify specific risks and plan – who engages and how to respond

1 2 3

4 5

Enterprise Scenarios Source: Hootsuite, 2013

calibrate monthly:

look 3-6-12 months ahead

and plan

21

Best Practices – Manage

senior management provides clear direction for

engagement with social media

Engage your multi-department team to become the governance team

Accountable, shared governance

Each responsible for area of expertise

Align guidelines with strategy

Process for third parties

Clearly define

Roles/responsibilities

Scope of company’s social efforts

Process – internal flow for creating content

Manage strategy/gain approvals

Practices need to follow the policy (no divergence)

Be consistent with branding guidelines

Follow approval process, include training and education

Don’t forget continuity planning

Best Practices – Monitor and Measure

22

1 2

3

Select appropriate technologies to support your efforts Known as Social Risk and Compliance Solutions (SRCs), these tools:

Provide centralized visibility of all social media accounts

Allow administrator to limit access (employees, third parties)

Provide content governance

Ensure compliance with internal policies and external regulations

Protect against hackers

Listen; monitor access, content, and applications across all platforms

Measure success, adjust as necessary

Data Source Grant Thornton/FERF, 9/2013

Best Practices – Train

Few companies providing adequate training, growing number of employee participants

create a compliance

culture

define clear usage

guidelines for social media

train employees on policies (at least) annually

Need for training is growing

training reduces

the risk of misuse

23

Compliance is the top priority, but other risk factors are high on the list

Risk exposure increasing with widespread employee social media use

SRC products help to control and mitigate risks SRC/SRM nascent, but emerging market

there is no “one size fits

all needs” product – yet

Oversight/ enforcement

Archive data

Monitor accounts

Streamline workflows

Employee engagement

Survey: How important were the following reasons for your firm to begin looking for an SRM solution?

Data Source Forrester 5/2014 24

25

Final Thoughts

Fast Pace

Change and growth are inevitable, what is hot today may be unknown tomorrow and vice versa

Manage

Risks are riskier now. Organizations need policies, procedures, training, and technologies to manage well

Check Regularly

Check each policy regularly: Is the policy working? Is it still legal?

Best Practices

Best practices are important in the absence of specific laws – and case law is still developing

26

Questions?

Sources Boudreaux, Chris, Your Employee Advocacy Program Needs a Plan for Negative Posts, 5/13/14 http://socialmediagovernance.com/blog/employee-advocacy/your-employee-advocacy-program-needs-a-plan-for-negative-posts, accessed 5/15/14.

Business Insider, Our List Of The World’s Largest Social Networks Shows How Video, Messages, And China Are Taking Over The Social Web, http://www.businessinsider.com/the-worlds-largest-social-networks-2013-12, accessed 5/14/14.

Dada, Gerardo, Find the Risk vs. Reward Balance in Social Media, Rackspace Cloud, Sapient Corporation/Open Text, 10/13/09.

De Boer, Mario, Enterprise Solutions for Security Monitoring and Control of Public Social Media, 2/19/13, Gartner Inc.

Etlinger, Susan, Social Data Intelligence: Integrating Social and Enterprise Data for Competitive Advantage, 7/25/13, http://www.altimetergroup.com/research/reports/social-data-intelligence, accessed 5/16/14.

Ethics Resource Center, National Business Ethics Survey of Social Networkers, New Risks and Opportunities at Work, 2013.

Gotta, Mike et. al, Social Media: Identity, Privacy, and Security Considerations, Gartner Inc., 2010

Handman, Dan, When Tech Innovation Outpaces the Law, A Minefield of Workplace Issues in Social Media, JD Supra Perspectives, 4/29/14, http://www.jdsupra.com/legalnews, accessed 5/1/14.

Hayes, Nick, The Forrester WaveTM: Social Risk And Compliance Solutions, Q2 2014, Forrester Research Inc., www.forrester.com, 5/ 7/14.

Hayes, Nick, Manage The Risks Of Social Media, Forrester Research Inc., www.forrester.com, 11/29/12.

HootSuite Media Inc. & Nextgate, Mapping Organizational Roles & Responsibilities for Social Media Risk, 2013, accessed 5/16/14.

HootSuite Media Inc. & Nextgate, The 5 Steps to Social Media Compliance, What You Need to Know Before You Go Social, 2013, accessed 5/16/14.

McMullen, Darin and Gold, Joshua, Effectively Managing Social Media Risks, 10/2/2013, Risk Management Magazine, http://www.rmmagazine.com/2013/10/2/effectively-managing-social-media risks/ accessed 5/15/14.

Pew Research Internet Project, Social Media Update, 12/30/13, http://www.pewinternet.org/2013/12/30/social -media-update-2013, accessed 5/13/13.

Pew Research Internet Project, Social Networking Fact Sheet, September,2013, http://www.pewinternet.org/fact-sheets/social -networking-fact-sheet/, accessed 5/15/14.

Proskauer LLP, Social Media in the Workplace Around the World 3.0, 2013/14 Survey, www.proskauer.com, April 2014, accessed 5/15/14.

Ray, Doug, Social Media Explained, Three Ships Media, 2012, accessed 5/14/14

Smith, Cambria, Managing Your Media: A Practical Primer on Operating Public Entity Social Media Pages, 5/15/14, http://www.jdsupra.com/legalnews/managing-your-media-a-practical-primer-49259/, accessed 5/20/14.

Thompson, Thomas; Hertzberg, Jan; and Sullivan, Mark, Social Media Risks and Rewards, Grant Thornton/FERF (Financial Executives Research Foundation) September 2013.

Webber, Alan, Li, Charlene and Szymanski, Jaimy, Guarding the Social Gates: The Imperative for Social Media Risk Management, Altimeter Group, 8/9/12.

Wüest, Candid, The Risks of Social Networking, Symantec Corporation, 2010.

Thinkstock by Getty Images all rights reserved; photos on slides 1, 3, 6, 7, 8, 9, 10, 12, 16, 21, 23, 25, and 26

27