Social media is here to stay with some analysts predicting that by 2016 as many as 40% of enterprises will utilize social media as a customer service channel. So why should this worry risk managers? Surely social media is the responsibility of the marketing department and aren’t there policies and procedures in place to prevent anything from going wrong? Think again.
An organisation’s reputation can quickly be damaged through the instant spread of bad news or a negative incident via social media. Gone are the days when public affairs departments had time to consider statements to be released to the press, traditional media and customers in the event of a crisis happening. In fact a crisis can even begin on social media. It only takes one disgruntled customer to take to Twitter, You Tube or Facebook and the results can be costly. Even worse damage can be done by a disgruntled employee with access to corporate social media accounts and a determination to discredit the company.
Regular Risk Management Rules Apply
In common with any risky situation normal risk assessment rules apply to managing social media – identify, record and mitigate risk. But how can this be achieved with an inherently disparate and very individual communication channel.
Step One: Identification
The first step is to identify potential risks, in the case of social media these include:
- Employees sharing confidential information
- Loss of control or ownership of the organisation’s social media accounts
- Careless posting by employees – accidental or deliberate
- Employees defaming their employer on personal profiles
- Failing to respond to negative posts or responding in an inappropriate manner
- Failing to listen to the social web or the right conversations
- Not sharing best practice
- Being unaware of who is listening to which conversations and responding on behalf of the organisation
A lack of attention to detail in terms of knowing how usernames and passwords are being shared means that in the event of something going wrong no-one is accountable or traceable for posting the offending content. The lack of an audit trail makes it difficult to identify who and why a damaging internal post has appeared. Likewise, is it clear who is responsible for replying to external negative comments and in what tone? Adding fuel to the flames can make matters worse but if the source of that fuel cannot be identified steps to call a halt and correct the situation will take precious time.
Step Two: Record and Manage
To record and manage potential social media risks the second step is to implement an enterprise control platform that works seamlessly across the entire organisation, from marketing to customer service and operations. A single dashboard, such as that from Crowd Control HQ, provides controlled access to an organisation’s social media profiles monitoring who is authorized to make posts and the content of those posts. Individual logins only known by administrators will maintain security while greater control of abusive comments including keyword alerts (such as swear words) means content can be quickly and automatically removed
Including a wiki area in the enterprise control platform means there is an easily accessible store for training materials, policies, guidelines and procedures. These documents can be made available to all users or specific user groups and workspaces in the event of either an internal or external risk being identified to allow a fast response.
Step Three: Mitigation
Mitigation is the third step when it comes to the control of social media risk. Nothing should be done in haste. In the event of the worst happening social media channels should be kept open and readers kept informed as to what is being done to remedy the situation. Openness and clarity are essential. In the event of the crisis having been created internally audit trails and validation will soon identify the source and allow the necessary actions to be taken. If the crisis was as a result of an external source the right people required to respond will be alerted and the appropriate reaction documented.
So while there is no doubt that social media will continue to move up the risk register by implementing sound processes and procedures supported by an enterprise control platform risk managers should still be able to sleep soundly at night.