social media risk
DESCRIPTION
Examples of how social media presents substantial risks to organisations and a brief indication of how to manage these risksTRANSCRIPT
Managing social media riskacross the whole organisation
Jeremy Swinfen Green MA MBA CMC FIC, Managing
Partner
Social Media Risk Consulting Ltd
Social media risk
• Damaging content on social media platforms– Employees, ex-employees, customers and detractors
• A big opportunity for marketers - but also a big risk for business
• Reputational risk is generally acknowledged, but risks exist across the organisation
Leadership Finance
Legal
Marketing
Sales & CRMHuman resources
IT & Security
Operations
§
§
§§
§
§
§
§
§
Risks extend across organisations
§
Reputational
Asset loss
Regulatory
Operational
PR crisisPR crisis
§
Why is it such a problem?• Culture
– Unofficial communications (It’s private, isn’t it?...)– Ephemeral communications (Did we really say that?)– Anonymous communications (Catch me if you can!)
• The web– Speed of online communications with multiple
connections globally – Potential for viral growth and amplification by the media
• Lack of control– Private vs corporate social media accounts– Bring your own device
Size of the risk
• April 2013: Syrian Electronic Army hack into AP’s Twitter feed– They plant rumours of bombs at the White House
• Result: the Dow Jones drops 143 points– $136 bn is erased from the market
Why are social media threats growing?
• Continued monetisation of cyberspace• Growth of mass market mobile technology• Growing dependency on the web and the IoT• Increasing corporate use of big data• Rise in social media use by consumers
The result of risk events
• Legal suits and compliance breaches• Reduced operational efficiency• Loss of value or assets • Damage to brand and reputation
Compliance
• Data protection• Financial reporting information• Advertising standards• Regulated industries e.g. financial services
Example: Misleading endorsements• Allergy Pathway (Australia) fined $15000 for failing
to remove misleading endorsements on its website
Example: Astro-turfing
Example: Non-compliant marketing
• WKD Facebook ads banned for linking alcohol with confidence
• You can’t ignore the rules on social media
Efficiency risks
• Reduced productivity – Privacy actions: monitoring employee activity
• HR issues– Damage to “company as employer” brand – Discrimination actions: searching candidate profiles– Bullying and harassment at work– Duty of care: Abuse when replying to posts; privacy,
personal security and identity theft• Information leakage• IT security: viruses and malware
Example: Unhappy ex-employees
• Recruiting the best talent is essential
• But ex-employees can damage “employer brand”
• Monitoring posts and rebutting claims in the right way is a key skill
Keeping key staff
• PayPal’s Director of Strategy was fired after a series of very inappropriate 1 a.m. tweets
• Justine Sacco, communications director of InterActive, sent a racist tweet before boarding a flight, and was fired before she had landed
Example: Information leakage
Value risks
• Lower revenues– Inadvertent contracts– Employee comments that affect sales
• Higher costs– Wasted campaign investments (e.g. Likes) – Libel actions (e.g. tagged party photos) – Legal actions for breach of NDA
• Lost value– Loss of social media assets– Loss of IP and trademark/patent protection– ID theft (e.g. CEO) that affects share price
Example: share price movement
• Social media can cause rapid share price movements– Tweets about a train crash in Maryland resulted in a
$500m market capitalisation in 90 minutes – Quindell lost £950m after Gotham City, who stood to gain
if the shares fell, tweeted a link to a highly critical report• (in the USA, Ebix, Tile Shop & Blucora also suffered from GC)
Example: Loss of social media assets
• Social media assets e.g. Facebook pages not owned by the business
• Set up by employee who then leaves• Appropriate protocols are needed for setting up and
maintaining social media assets
vs
Reputational risks
• Inappropriate and accidental comments by employees
• Marketing– Low-grade marketing activity – Obsolete marketing campaigns
• Points of presence– Brand-jacking and hate sites– Fan sites and the lawyers– Phishing and pharming
Example: accidental posting
Example: opening doors to criticism• Why would a “low emotion” brand like NYPD expect
people not to share criticism
What they wanted What they got
Example: Brand-jacking
• Organisation pages being taken over– “123456” and “password” are most common passwords– Social media management systems can impose protocols– But problems like Heartbleed will always occur
• Yahoo, Pinterest, Facebook and Wordpress possibly affected
“Burger King just got sold to McDonalds…”
DCMS Twitter feed gets hacked
Example: Pharming
• Any site where users can download text is at risk– Social media are particularly at risk
• 100+ fraudulent eBay product links found recently– Visitors accounts hijacked to enable fraudulent sales
Social PR crisis
• Things that happen…– Product problems cause unhappy customers to complain– Unhappy ex-employees post defamatory comments– Unacceptable executive behaviour is uncovered– Rumours of takeovers, financial troubles are circulated
• Consumer disquiet gets “amplified” by media
Social media losses
• 90% of organisations who experienced a social media incident suffered negative consequences, including: – reduced stock price (average cost: $1,038,401)– litigation costs (average cost: $650,361)– direct financial costs (average cost: $641,993)– damaged brand reputation/loss of customer trust (average
cost: $638,496)– lost revenue (average cost: $619,360)
Symantec, 2011, reported by CBR
Managing social media risk
• Audit• Listen• Manage• Prepare• Archive
Audit
• Identify risks: history, scenario development – Evaluate current mitigations and develop improved
processes for reduced risk• Evaluate organisation
– Board preparedness– Individual business operations– Company culture
• Develop Social Media Protocol– Train all staff in social media guidelines & sanctions
Listen
• Listen to identify potential problems– Where are you listening? – Who is doing the listening?– How is data collected and analysis conducted?
• React to social media appropriately– Triage social media activity (ignore, respond, escalate)– Direct to appropriate business functions
Manage
• Develop and customised social media guidelines and train employees
• Manage content: moderate inbound and outbound posts
• Ensure appropriate tools are used:– Listening, PoP monitoring, Moderation, Archiving
Prepare
• Prepare for potential crisis– Identify possible “worst case” problems– Develop tone of voice guidelines– Prepare holding and position statements– Develop escalation process
• Practice: Set up artificial crisis and enable response team to practice– Handling stress– Testing processes
Archive
• All businesses can benefit from archiving conversations with the public– Regulated industries are likely to be required to archive
static AND interactive content• Choosing the right tool is essential
– What is being archived (e.g. web vs API)– How easy is it to find content and resurrect conversations– How far back can you go
Conclusions
• Constantly changing landscape• Impossible to anticipate all risks• But structured analysis of business process can
deliver an effective risk register that demonstrates a “reasonable” level of care