Social media is a compendium of many highly accessible media – corporate blogs, video-sharing sites such as YouTube, social networks like Facebook, microblogging tools such as Twitter, rating/review sites, wikis allowing many authors to simultaneously edit and create a source of knowledge, and crowdsourcing, among others. These media leverage the power of the Internet, Web 2.0 and mobile technologies to facilitate the creation, exchange, use and modification of usergenerated content to connect people. The convergence of these technologies is forever altering the dynamics of customer relationship management, marketing and corporate communications for many businesses.
Social business is about leveraging social media to accomplish business objectives. It embeds social tools in many business processes, connecting people to people, people to information, and data to insight. Social business “communities” enable companies to listen to and learn from customers, satisfied or dissatisfied, regarding their experiences. They also provide opportunities for product development teams to obtain early input from potential buyer groups on new product plans; for marketing to test messaging; and for companies to educate and inform customers on product uses and applications.
While these developments are presenting significant opportunities for companies to connect with their customers and others, they are also creating a whole new set of potential risks for companies to monitor. Following are 10 examples:
- Loss of intellectual property and sensitive data – Board members and executives both have concerns about security-related risks arising from deploying social media in the business. Imagine the potential damage if someone were to hijack the company’s passwords. For example, the April 2013 hijacking of the main Twitter feed of a reputable newsgathering organization resulted in a false tweet about a terror attack at the White House, creating havoc in the stock market. Directors and executives also want to understand how their organizations are addressing the risk of inappropriate release, leakage or theft of information strategic to the company, and exposure of company networks and systems to disruptive, data-stealing or intrusive malware.
- Compliance violations – In social media, there is risk of sharing information that results in violation of applicable laws and regulations, including infringement of trademarks and copyrights, data security issues, employment issues, violations of privacy rights, and mismanagement of electronic communications that may be impacted by retention regulations or e-discovery requirements.
- Reputation loss – Because consumer opinions can spread quickly through social media, companies need effective response plans when a crisis occurs. Self-inflicted reputation damage may result from inappropriate employee behavior; setting unrealistic product or customer service expectations; rogue tweets of inappropriate messages intended for internal or personal use; or the inability to measure up to the openness, straight talk and transparency expected by customers and prospects seeking to engage with the company. Customers or other parties can use social media to say negative things about the company and, if the company doesn’t engage or isn’t paying attention, it won’t be able to manage the potential fallout – and may overlook necessary improvements to products and processes.
- Financial disclosures – Employees involved in implementing social business enhancements must be mindful of avoiding commentary on company performance that could impact stock price or violate insider trading, “quiet period” and other rules under applicable securities laws. A recent report of investigation from the U.S. Securities and Exchange Commission indicated that companies can use social media outlets like Facebook and Twitter to announce key information to the public in compliance with Regulation FD (Fair Disclosure), provided that investors have been alerted about which social media channels will be used to disseminate such information. If multiple users share the password to the company’s official Twitter account, enabling any of them to post messages, they must have the proper training on what may or may not be communicated.
- Effect on human resources – Social business presents both opportunities and threats in the area of human resources; it not only provides a channel for recruiting employees, but also, for having the company’s employees recruited by competitors.
- Inability to manage the technology “knowledge divide” – Many companies find that it is a challenge to understand all of the ways people are using new technologies, making it difficult to create marketing campaigns with tailored content that will be effective in reaching targeted customers who use these technologies.
- Safety loss – Release of information about company responsibilities, travel plans and other employee activities can create the risk that outsiders will use that information to the detriment of employees’ personal safety.
- Competitor risk – Choosing to rely primarily on traditional marketing practices and customer communications may risk loss of market share to more nimble competitors exploiting the insights social business communities generate. This could present a disruptive threat to larger, more established competitors if they ignore the implications of social media in focused market niches that can be exploited by new entrants and more nimble peers. In effect, they risk ceding to competitors the ability to brand their products and services distinctively in the public eye as well as obtain continuous improvement insights using this unique venue.
- Brand hijacking – Companies have always been exposed to customers and prospects being approached through a fraudulent presence by a third party attempting to hijack the company’s brand. Social media can increase this risk.
- Poor management of social business community forums – Unintended consequences can occur. For example, a company might create a social media presence that lacks participants, or one that fails to sustain momentum or cannot scale up once interest takes hold and traffic increases, or one that cannot stem the tide of off-topic conversations or rude, belligerent exchanges.
The above list of business risks is not intended to be all inclusive or suggest companies not use social business. Each company will need to assess the risk of social business and determine appropriate methods to monitor and, if necessary, mitigate the risks. The bigger risk could be not using social business at all. Other risks may arise due to a company’s specific situation and use of social business, highlighting the need for organizations to include social business capabilities in their risk assessment and management efforts.
Questions for Boards
Following are some suggested questions that boards of directors may want to consider, in the context of the nature of the entity’s risks inherent in its operations:
- Do you know if your company is using social business and, if so, how? Is your approach to social business similar to or different from that of your competitors?
- If the company uses social business, has management considered the risks discussed above, including how the organization will respond if the risks become a reality? Are sufficient resources devoted to managing the changing social business landscape?
- Does the company have clear policies defining what can and cannot be shared on social business sites; acceptable outlets; use of corporate assets versus personal assets; preservation of content for legal and regulatory purposes; how to respond to unsolicited ideas or objectionable content on company-promoted sites; and how to manage the risk of “indirect reputational damage” resulting from behavior of employees or associates of employees?
How Protiviti Can Help
We work with senior executives to define approaches for developing social business capabilities consistent with their company’s culture and market positioning. We also assist with updating company policies to provide clear guidance regarding the use of social business sites and with managing data security, privacy and other risks in a social media-driven society.
Board Perspectives: Risk Oversight (Issue 43)