Managing Risk in the Age of Social Media
What goes online, stays online. Search engines provide more than 7.5 million results each day. Roughly 23 percent of internet use is spent on social networks. Do you understand what this means for the potential impact of a negative social media event? This session at the RIMS 2017 Annual Conference and Exhibition illustrated how to monitor for and respond to negative social media events.
Speakers included:
- Mary Weber, Senior Security Analyst, Cloud Operations, Oracle Corporation
- Lianne Appelt, Director of Enterprise Risk Management, Oracle Public Cloud, Oracle Corporation
There are several risks associated with social media, including:
- Reputational risk
- Information security and privacy
- Disclosure of proprietary or confidential information
- Corporate identity theft
- Legal, regulatory and compliance violations
Establishing a social media risk framework includes three main components: process, policy and governance.
Process
1. Understand your company’s social media footprint. Does your company use social media for brand awareness, customer care, fulfillment, recruiting? Also, determine your presence. Are you represented on relationship networks, discussion forums, media sharing networks?
2. Identify risk (threats) to achieving your company’s objectives and strategy (i.e. reputation, intellectual property, etc.). Make sure to include all relevant departments – not just marketing.
3. Assess each risk to determine the impact to the business. How likely are the risks to occur? Are there any factors that can mitigate the consequence or reduce the probability of the risk?
Policy
Start with your employees. A well-defined social media use policy can be critical to the success of managing social media risk. Define acceptable use and interaction between personal and company social media accounts, including what information can be shared and when.
Understand the laws. There are limitations to what you can require of your employees. You cannot prohibit employees from posting about the company, using social media at work, talking to the press or connecting with other employees.
There is no one right policy for every company. Tailor your policy to fit your culture and business objectives.
Governance
1. Create a social media communication plan with defined objectives and approved sites for company use. Be specific, make it measurable, achievable, relevant to your business and include a timeframe within the objectives can be satisfied. Formally define roles and accountability and ensure coordination between business units.
2. Establish a social media crisis management plan. Include guidelines for determining the type and magnitude of an incident. Define roles and responsibilities clearly in the event of a crisis.
3. Monitor feeds. Create methods to continually monitor your social media feeds through both data mining and capture (analytics, web crawlers) and text analytic engines like Google Alerts.