Social media is here to stay with some analysts predicting that by 2016 as many as 40 per cent of enterprises will use social media as a customer service channel. The power and reach of social media can affect a whole organisation. In this area is where the saying ‘It takes a lifetime to build a good reputation, but you can lose it in a minute,’ is most true. The main problem is that the communication channel is inherently disparate and very individual The instant spread of bad news or a negative incident via social media can affect companies greatly. The culprit can come from inside, outside or be the consequence of carelessness. To manage social media normal risk assessment rules apply: identify, record and mitigate. The first step is to identify potential risks, in the case of social media these include: confidential information being shared by employees or employees defaming the company through their personal accounts; loss of control or ownership of the organisation’s social media accounts; failing to respond to negative posts or responding in an inappropriate manner or neglecting to listen to the social media dialogue. A lack of attention to detail in terms of knowing how usernames and passwords are being shared means that in the event of something going wrong no-one is accountable or traceable for posting the offending content. The lack of an audit trail makes it difficult to identify who and why a damaging internal post has appeared. Likewise, is it clear who is responsible for replying to external negative comments and in what tone? Adding fuel to the flames can make matters worse but if the source of that fuel cannot be identified steps to call a halt and correct the situation will take precious time. To record and manage potential social media risks the second step is to implement an enterprise control platform that works seamlessly across the entire organisation, from marketing to customer service and operations. A single dashboard, such as that from CrowdControlHQ, provides controlled access to an organisation’s social media profiles monitoring who is authorised to make posts and the content of those posts. Individual logins only known by administrators will maintain security while greater control of abusive comments including keyword alerts (such as swear words) means content can be quickly and automatically removed Including a wiki area in the enterprise control platform means there is an easily accessible store for training materials, policies, guidelines and procedures. These documents can be made available to all users or specific user groups and workspaces in the event of either an internal or external risk being identified to allow a fast response. Mitigation is the third step when it comes to the control of social media risk. Nothing should be done in haste. In the event of the worst happening social media channels should be kept open and readers kept informed as to what is being done to remedy the situation. Openness and clarity are essential. In the event of the crisis having been created internally, audit trails and validation will soon identify the source and allow the necessary actions to be taken. If the crisis was as a result of an external source, the right people required to respond will be alerted and the appropriate reaction documented. So while there is no doubt that social media will continue to move up the risk register, by implementing sound processes and procedures supported by an enterprise control platform risk managers should still be able to sleep soundly at night.
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.