Mitigating risks to your business in an era of social networking

Paul Feather, Manager, Crowe Horwath LLP

Jim Stempak, Principal, Crowe Horwath LLP

While providing intriguing new business opportunities, social media channels also expose organizations to new risks. Social media channels represent far more than an intriguing business opportunity; they have become part of the fabric of social interactions for an increasing segment of the population. Rather than trying to put the social media genie back in the bottle, organizations should implement guidelines that are based on their risk assessment and promote the responsible use of social media.

“A set of guidelines stands not only to reduce the negative impact to the organization but also to reap the benefits of social media,” says Paul Feather, a manager in the Crowe Horwath LLP Dallas office. “By implementing guidelines based on a risk assessment, organizations can promote the responsible use of these powerful tools and reap their benefits.”

Smart Business learned more from Feather and Jim Stempak, principal at Crowe Horwath LLP, about how to properly monitor, manage and execute a social networking strategy.

What risks do businesses face in regard to their brand?

An organization’s employees, customers, and vendors can either be its greatest ambassadors or seriously undermine its brand and image. Organizations can’t control or change feedback on social networking sites — but they can be at greater risk if they fail to monitor it and respond in a timely manner when a response is appropriate.

An example of a company aware of this risk is Gap. In October 2010, the company changed its logo and promptly received negative feedback on social networking sites. Because Gap monitors such feedback, it was able to act quickly and change the logo back to the famous original.

Employees, with their insider knowledge and perspective, have the potential to cause even greater brand damage. In April 2009, Domino’s Pizza experienced the broad reach of social media after two employees posted a video on YouTube that showed them violating various health-code standards. By the time Domino’s realized it had a PR problem, millions of people had already seen the video and joined in discussions on Twitter.

Based on its presence on social media sites, an organization might also face reputational risks associated with managing its own message. An attempt to restrict negative commentary on an interactive site can draw more unwanted attention to an issue and create a public relations disaster.

How can social media present employee-related risks?

When hiring, HR might check candidates’ profiles on social media sites. But, even a site that is publicly available can expose information about a restricted class such as religion, race, age or sexual orientation, or information that is not accurate — a doctored photo, for example — and could lead an organization to make incorrect assumptions. Employers must also use care when terminating an employee due to something he or she posted on a social networking site, as there are laws that protect certain online activity under the National Labor Relations Act.

The social networking environment can often lead to a blurring of the line between personal and professional. When coworkers interact on sites like Twitter or Facebook, there is the potential that a coworker’s actions or personal opinions could be deemed offensive or inappropriate. Or, a boss’s personal views posted on a site could make the work environment uncomfortable for subordinates.

Perhaps the most harmful consequences to a business could come from information security risks. Employees can intentionally or inadvertently post confidential information about the company or a customer; individuals can post information such as passwords or user IDs that can leave them vulnerable to cyber attacks and theft; and viruses and other malware can make their way into company networks through social media sites.

How can businesses address these risks?

Engage a multidisciplinary team to document intended social media use, including HR’s use of social media for employee screening and cause for termination as well as employees’ activity, such as accessing sites on company devices, and the impact on productivity. Find out whether employees and supervisors are connected to one another and to customers on networking sites.

Assess the risk of social networking on company technology. Have you seen an impact on network connectivity due to social networking volume? Have you been affected by viruses originating from social media sites? What technology is available to monitor and manage social media use on the company network and mobile devices?

Once the risks to the company brand, technology and employment practices have been established, it’s vital to expand current policies and implement safeguards in regard to appropriate employee use. Define what type of social media use is acceptable during business hours and document standards about using social media relative to providing opinions about the organization; also define the consequences of noncompliance.

Expand anti-malware software to encompass attacks over social media channels, define how use of social media will be restricted and define the safeguards the organization will implement to detect social media-based malware and attacks.

Outline how marketing campaigns using social networks will be developed, approved and deployed to create a consistent messaging strategy. Also implement vendor management policies, including nondisclosure agreements and vendor contract standards; define how third-party organization with access to the organization’s data and assets will manage their employees on social networks.

Finally, provide social media policy training for all employees and create a system for monitoring social media channels. A new breed of software products and vendor services called social customer relationship management (CRM) tools helps organizations listen on public channels for social media chatter that affects their organization.

Paul Feather is a manager in the Crowe Horwath LLP Dallas office. Reach him at (214) 777-5230 or [email protected] Jim Stempak is a principal in the Crowe Horwath LLP Dallas office. Reach him at (214) 777-5203 or [email protected]