The prolific rise of social media, particularly over the last 6 years has created many new commercial and marketing opportunities for business. Many organisations are seeing the real and measurable benefits of adopting Social Media into their marketing and business strategies, elevating the customer and prospect base. However, social media inherently carries risk which interconnected with many areas of an organisation’s risk taxonomy. Four of the key categories that can be directly associated with social media are Reputation, Information Security, Regulatory and Operational risk.
1. Reputational Risk
A company’s reputation and brand are an asset and when impacted negatively, that organisation’s customers will no longer wish to do business with them.
Publishing through the social media channels has provided a mechanism for anyone to register complaints on a public domain. Whilst complaint sites such as HelloPeter.com have existed for some time, social media sites such as Twitter or a company’s Facebook page reaches out to much bigger audiences and provoke responses from people who would not necessarily be following the company.
An organisation should always be aware of who is posting about them (or on behalf of them) anywhere in the online world – whether the discussion be negative or positive. If negative information finds its way onto a company profile / feed, action needs to be taken very quickly to minimize the damage in order to salvage its reputation.
2. Information Security Risk
Information held by an organisation may belong to the organisation itself or to another entity and held by the organisation as a custodian. Personal information being held by a company also requires protection, and with the imminent POPI Act in South Africa, is becoming an increasing legal concern. A company’s information is certainly an asset and needs to be protected. If a breach of this information occurs, it could lead to financial losses, reputational damage due to loss of customer confidence, financial loss due to compliance failure and potential loss of competitive advantage if trade secrets are released.
Social networking exposes channels that may result in an organisation’s information being disclosed to unauthorized parties – either maliciously or innocently released without the intent of harm. For example, an employee of an organisation may innocently post “This was a bad quarter! Bummer… no bonus for me” on a social media platform such as Twitter. This information creates an opportunity for illegal insider trading and also could affect the stock price. There could even be regulatory issues by pre-releasing the financials in this manner.
3. Regulatory Risk
For organisations that are operating in more stringently regulated industries (for example, Financial Services, Pharmaceuticals, etc.), there is a definite exposure to regulatory transgressions via the data that is published on the social networking platforms. Organisations need to bear in mind that the majority of content published on brand pages will be promotional in nature, and so will need to be compliant with, at the very least, the Consumer Protection Act and the Advertising Standards Authority Code of Practice in the South African legal landscape.
Copyright and trademark infringement amounts to the largest proportion of social media misconduct. Usually, this infringement is in the form of visual content (images and videos) posted to networks such as Facebook, Instagram, Twitter and Pinterest without the correct rights. The misuse of proprietary content can amount to a criminal offence under the Copyright Act and/or Trade Marks Act, which could result in fines and in some cases prison sentences. The publisher can also be susceptible to civil claims for loss of earnings or damages.
4. Operational Risk
Excessive use of social media in the workplace by employees can lead to operational risks. Social Media sites that are consumed via a corporate asset or via the corporate network use technical resources that may impact the performance of business systems. For the worker, loss of productivity may be incurred in the workplace even when using personal assets (e.g. worker uses personal cell phone or tablet to access social media). The modern employee is usually very engaged with social media on their mobile devices, where notifications are pushed through to the device at any time. This adds a level of distraction to day-to-day operations.
It is imperative given the risks associated with the use of Social Media to have a Social Media policy to manage the associated risks. Identifying the social media risks in your environment and then managing that risk is a necessity and will deliver real value to the organisation when implemented properly. In your organisation, how do you manage Social Media risk? We’d love to hear your comments.