Social media represents one of the fastest growing segments of workplace communications. As sites like Facebook, Twitter and others become integrated in the day-to-day operations of a company, so too do those companies experience an increased risk. The radical transparency and expansive reach of social media can be a great tool to interact with people; however, it can open up your organization to additional threats when not adequately controlled. While standard policy at most companies address email and other traditional communication forms, social media is largely unmonitored by supervisors, unregulated by basic security measures and often ignored by internal filters or retention policies.
The human element must also be accounted for when considering unsupervised posting. Whether it be employees voicing opinions or reactionary blunders that can shine a negative spotlight on the company brand, letting opinions run rampant is often the first step on the road to a major publicity debacle. As CIO says, “social media is an extension of your company’s voice, not just another avenue to push press releases.”
One area of concern with the expansion of social media is security lapses. Malware is especially effective at infiltrating through social media platforms. A 2012 survey by the Osterman Group showed that 24 percent of all respondents had suffered a malicious attack via Facebook – and this doesn’t count those spread through Twitter, LinkedIn and other platforms. If malware breaks in through a social media post, how does your company react? Does it have policy to track and assess the extent of a social media security breach?
Aside from security, as social media becomes more integrated in internal and external corporate communications, new retention policies will become necessary. Companies rushing to develop an information governance strategy to tackle their current needs must consider social media as part of their planning. Keep in mind that the extensive nature of social media makes implementation both difficult and resource-intensive without significant forethought for both the use of social media by employees, and how it fits into an overall corporate retention policy.
For example, according to that same 2012 study by the Osterman Group, just under 30 percent of all “official” posts by a company to a social media platform end up being retained. Companies then have the challenge of recreating the conversation – keeping out essentially worthless content while maintaining the context in which retained items were created. A few tweets or Facebook posts may prove inadequate while a company is reestablishing the framework of a conversation after recovery. This, in turn, could undermine the purpose of the retention policy.
Some organizations in particular, such as financial services, are required by the Financial Regulatory Authority to monitor and retain certain social media posts – this is because they fall under the umbrella term of business records. Larger companies have even grown to have entire teams whose sole purpose is to monitor content and ensure that nothing is said or done that could jeopardize the company’s interests.
While this an extreme case where policy is of the utmost importance for regulatory compliance, any organization with significant social media presence may need to think through their own posting and retention policies. All kinds of questions need to be answered including:
- Do you retain all Facebook posts, or only those posts tagged as “official?”
- Who manages the company Twitter account – and what would happen if that was compromised?
- If an employee releases sensitive company information over LinkedIn’s internal messaging system, how would you locate that message should an internal investigation become necessary?
Being aware of the potential needs of your company will have a dramatic effect on how many resources must be expended, whether it focuses on keeping your network secure or preparing for inevitable litigation.
Social media is becoming ever more pervasive in the modern business world; employees will continue using these platforms, and they will continually grow to provide greater functionality in communicating between customers. Any companies that resist this change threaten to lag behind their competitors. To maximize effectiveness, developing an oversight framework is key, with company-based use monitored, retained and frequently assessed. Teaching employees best practices, safety and general guidelines for acting when representing the company online can also help tremendously in driving forward the company’s vision, from the IT department all the way to sales.
To learn more about implementing a corporate information governance strategy, contact a Sherpa representative!