Managing social media riskacross the whole organisation

Jeremy Swinfen Green MA MBA CMC FIC, Managing

Partner

Social Media Risk Consulting Ltd

Social media risk

• Damaging content on social media platforms– Employees, ex-employees, customers and detractors

• A big opportunity for marketers - but also a big risk for business

• Reputational risk is generally acknowledged, but risks exist across the organisation

Leadership Finance

Legal

Marketing

Sales & CRMHuman resources

IT & Security

Operations

§

§

§§

§

§

§

§

§

Risks extend across organisations

§

Reputational

Asset loss

Regulatory

Operational

PR crisisPR crisis

§

Why is it such a problem?• Culture

– Unofficial communications (It’s private, isn’t it?...)– Ephemeral communications (Did we really say that?)– Anonymous communications (Catch me if you can!)

• The web– Speed of online communications with multiple

connections globally – Potential for viral growth and amplification by the media

• Lack of control– Private vs corporate social media accounts– Bring your own device

Size of the risk

• April 2013: Syrian Electronic Army hack into AP’s Twitter feed– They plant rumours of bombs at the White House

• Result: the Dow Jones drops 143 points– $136 bn is erased from the market

Why are social media threats growing?

• Continued monetisation of cyberspace• Growth of mass market mobile technology• Growing dependency on the web and the IoT• Increasing corporate use of big data• Rise in social media use by consumers

The result of risk events

• Legal suits and compliance breaches• Reduced operational efficiency• Loss of value or assets • Damage to brand and reputation

Compliance

• Data protection• Financial reporting information• Advertising standards• Regulated industries e.g. financial services

Example: Misleading endorsements• Allergy Pathway (Australia) fined $15000 for failing

to remove misleading endorsements on its website

Example: Astro-turfing

Example: Non-compliant marketing

• WKD Facebook ads banned for linking alcohol with confidence

• You can’t ignore the rules on social media

Efficiency risks

• Reduced productivity – Privacy actions: monitoring employee activity

• HR issues– Damage to “company as employer” brand – Discrimination actions: searching candidate profiles– Bullying and harassment at work– Duty of care: Abuse when replying to posts; privacy,

personal security and identity theft• Information leakage• IT security: viruses and malware

Example: Unhappy ex-employees

• Recruiting the best talent is essential

• But ex-employees can damage “employer brand”

• Monitoring posts and rebutting claims in the right way is a key skill

Keeping key staff

• PayPal’s Director of Strategy was fired after a series of very inappropriate 1 a.m. tweets

• Justine Sacco, communications director of InterActive, sent a racist tweet before boarding a flight, and was fired before she had landed

Example: Information leakage

Value risks

• Lower revenues– Inadvertent contracts– Employee comments that affect sales

• Higher costs– Wasted campaign investments (e.g. Likes) – Libel actions (e.g. tagged party photos) – Legal actions for breach of NDA

• Lost value– Loss of social media assets– Loss of IP and trademark/patent protection– ID theft (e.g. CEO) that affects share price

Example: share price movement

• Social media can cause rapid share price movements– Tweets about a train crash in Maryland resulted in a

$500m market capitalisation in 90 minutes – Quindell lost £950m after Gotham City, who stood to gain

if the shares fell, tweeted a link to a highly critical report• (in the USA, Ebix, Tile Shop & Blucora also suffered from GC)

Example: Loss of social media assets

• Social media assets e.g. Facebook pages not owned by the business

• Set up by employee who then leaves• Appropriate protocols are needed for setting up and

maintaining social media assets

vs

Reputational risks

• Inappropriate and accidental comments by employees

• Marketing– Low-grade marketing activity – Obsolete marketing campaigns

• Points of presence– Brand-jacking and hate sites– Fan sites and the lawyers– Phishing and pharming

Example: accidental posting

Example: opening doors to criticism• Why would a “low emotion” brand like NYPD expect

people not to share criticism

What they wanted What they got

Example: Brand-jacking

• Organisation pages being taken over– “123456” and “password” are most common passwords– Social media management systems can impose protocols– But problems like Heartbleed will always occur

• Yahoo, Pinterest, Facebook and Wordpress possibly affected

“Burger King just got sold to McDonalds…”

DCMS Twitter feed gets hacked

Example: Pharming

• Any site where users can download text is at risk– Social media are particularly at risk

• 100+ fraudulent eBay product links found recently– Visitors accounts hijacked to enable fraudulent sales

Social PR crisis

• Things that happen…– Product problems cause unhappy customers to complain– Unhappy ex-employees post defamatory comments– Unacceptable executive behaviour is uncovered– Rumours of takeovers, financial troubles are circulated

• Consumer disquiet gets “amplified” by media

Social media losses

• 90% of organisations who experienced a social media incident suffered negative consequences, including: – reduced stock price (average cost: $1,038,401)– litigation costs (average cost: $650,361)– direct financial costs (average cost: $641,993)– damaged brand reputation/loss of customer trust (average

cost: $638,496)– lost revenue (average cost: $619,360)

Symantec, 2011, reported by CBR

Managing social media risk

• Audit• Listen• Manage• Prepare• Archive

Audit

• Identify risks: history, scenario development – Evaluate current mitigations and develop improved

processes for reduced risk• Evaluate organisation

– Board preparedness– Individual business operations– Company culture

• Develop Social Media Protocol– Train all staff in social media guidelines & sanctions

Listen

• Listen to identify potential problems– Where are you listening? – Who is doing the listening?– How is data collected and analysis conducted?

• React to social media appropriately– Triage social media activity (ignore, respond, escalate)– Direct to appropriate business functions

Manage

• Develop and customised social media guidelines and train employees

• Manage content: moderate inbound and outbound posts

• Ensure appropriate tools are used:– Listening, PoP monitoring, Moderation, Archiving

Prepare

• Prepare for potential crisis– Identify possible “worst case” problems– Develop tone of voice guidelines– Prepare holding and position statements– Develop escalation process

• Practice: Set up artificial crisis and enable response team to practice– Handling stress– Testing processes

Archive

• All businesses can benefit from archiving conversations with the public– Regulated industries are likely to be required to archive

static AND interactive content• Choosing the right tool is essential

– What is being archived (e.g. web vs API)– How easy is it to find content and resurrect conversations– How far back can you go

Conclusions

• Constantly changing landscape• Impossible to anticipate all risks• But structured analysis of business process can

deliver an effective risk register that demonstrates a “reasonable” level of care

Thank you

jeremy@SocialMediaRisk.co.uk

07855 341 589