Reputation management has always been a key area for marketing, comms and social media teams, but they are now starting to take an interest in Information Security.
Social media objectives often swing between engagement and conversions to build brand awareness and manage the organisation's reputation, but there's a recent trend with the topic of Information Security moving higher up on the agenda for both private and public sector teams.
The importance of reputation on social media
Reputation is how an organisation is perceived through the eyes of its customers, residents, suppliers, employees and other stakeholders. Everything an organisation does – from launching a new service and dealing with a customer query to how its employees conduct themselves online, helps shape an organisation’s reputation for better or worse.
A strong reputation on social media helps you to:
- Attract and retain customers
- Increase perceptions of quality & service
- Attract high calibre recruits
- Improve employee morale
- Protect against negative attacks
There are many examples of how organisations have managed to damage their own reputation by their actions or lack of actions:
The sharing of usernames and passwords is commonplace in many organisations.
Theft of social media accounts
Employees with direct access to accounts can take them with them if they leave the organisation.
Whether done by an employee or ex-employee, by accident or not, the damage has been done.
Hostile or Fake Accounts
Social media accounts are set up to troll an organisation or impersonate it’s official social media accounts.
Posts of this nature to the organisation’s corporate social media accounts can have lasting damage.
Legal or compliance issues
This is more important than ever as a harder line is being taken by the Advertising Standards Agency and the ICO.
...and don't forget Human Error!
Accidentally posting confidential information or publishing personal information via the corporate social media channels or allowing others to do so.
Where information security fits
The answer is pretty much everywhere now: wherever information or data exists with the organisation.
In many organisations Information Security is the responsibility of IT teams, although some organisations are now setting up Information Security Teams to ensure that organisations protect their information assets. Legislation dictates that all organisations need to take information security and data protection seriously and one team cannot do this alone.
All employees need to understand the role they need to play in protecting the information Assets. This includes marketing and social media teams because getting it wrong can cause both reputation damage and financial cost just like the examples below.
Although this is a somewhat extreme case, Facebook was recently fined $5 billion for allowing personal data to be illegally harvested from an online personality quiz and sold to Cambridge Analytica. There are claims the data may have been used to try and influence the outcome of the 2016 US presidential election and the UK Brexit referendum.
British Airways grounded
The ICO (Information Commissioners Office) recently announced it intended to fine British Airways a record £183.39 million over a data breach that compromised the personal information of 500,000 customers after it was found that they had been diverted to a fraudulent site where personal data including names, addresses, credit card information, log-ins were stolen.
Where social media fits
The reliance on social media by both organisations and their followers is more important than ever before and therefore these Information Assets are protected. The importance of information security and social media has been yet again highlighted with examples where an organisation’s social media activity has been compromised. Just recently the official online accounts of the Metropolitan police were targeted by hackers who posted a series of bizarre messages including one that read: “F*** the police”.
The force’s verified Twitter account has 1.22 million followers and is used to update the public, the media and other stakeholders on news and important incident updates. Scotland Yard said the hack was linked to a provider of a MyNewsDesk account, an online service the force uses to issue press releases and other content. The force has since apologised to its followers and insisted the security issues did not affect the Met's IT infrastructure.
What do you need to do?
1) Provide individual login credentials
Providing employees with individual login credentials to use corporate social media accounts is an essential step to ensure an organisation’s social media accounts remain secure. A social media management platform like CrowdControlHQ provides this capability and ensures that if any inappropriate content or confidential information is posted, you will know who was responsible.
2) Assign ownership of accounts and activities
Allowing employees to access only the social media accounts that are relevant to them or their team is an effective way to streamline social media use and foster collaboration between users. For example, a Customer Service agent is primarily responsible for replying to questions and enquiries received via social media, so has no need to publish brand new content. This way, you will have complete control over who has access to your social media accounts.
3) Define roles and responsibilities
The formalisation of roles and responsibilities for all employees helps all those involved to understand their responsibilities - not just in day-to-day operations, but also their responsibilities around the Data Protection Act 2018. Not only does this act as a way to mitigate the risks of social media, but it also helps ensure that the organisation can take advantage of the cost-savings of social media that can be achieved as a result of embracing this digital channel.
4) Implement a strong social media policy
A strong social media policy helps all employees understand exactly what is expected of them when representing the organisation on social media. It is a powerful tool when combined with roles and responsibilities to help protect both the employee and the organisation from social media risks when applied correctly. Many organisations simply create a social media policy but then do not enforce it, or fail to provide employees with the necessary training to follow it.
5) Data Security & Compliance
It is important to consider the security of any data held in your social media management software. Organisations operating within the European Union need to know how and where their data, and their customers’ data, is being stored and who is processing it.
It will become increasingly important that social media, marketing and comms teams understand their responsibilities and take the lead to ensure that the risks of social media are understood across the organisation and that the information assets are protected.
If you want to share your thoughts on this topic or want to find out more then engage with us @CrowdControlHQ! 🙌