Social Media: What It Means to Your Risk Profile

Protiviti Board Perspectives
Social Media: What It Means to Your Risk Profile

Social media is a compendium of many things – corporate blogs, video-sharing sites such as YouTube, social networks like Facebook, microblogging tools such as Twitter, among others – that leverage the power of Internet, Web 2.0 and mobile technologies to connect people. The convergence of these technologies is forever altering the dynamics of customer relationship management, marketing and corporate communications for many businesses.

Key Considerations

Business-to-people communications and social media peer groups have emerged as a new model for connecting with markets and customers efficiently. Companies ignore this model at their own risk. These mediums set terms for interaction, requiring organizations to contribute value-added content and transparency in an environment where customers and other parties drive the dialogue. Organizations failing to harness the potential value of social networking run a risk of becoming laggards as they cede to competitors the ability to brand their products and services distinctively in the public eye, as well as obtain continuous improvement insights, using this unique venue.

Social media sites enable companies to listen to and learn from satisfied and dissatisfied customers regarding their ideas, experiences and knowledge, as well as offer them an opportunity to reach out and proactively respond to extreme views and reactions. In addition, social media is providing opportunities to product development teams to share roadmaps and obtain early input from potential buyer groups on new product plans. Marketing can test messaging and learn what messages work best in almost real time. Companies can educate and inform customers by engaging them on many topics around product uses and applications.

While these developments are presenting significant opportunities for companies to connect with their customers and others, they are creating a whole set of new issues. Following are 10 examples:

  • Loss of IP and sensitive data – Inappropriate release, leakage or theft of information strategic to the company and exposure of company networks and systems to viruses and malware.
  • Compliance violations – Communication of data that violates applicable laws and regulations, including infringement of trademarks and copyrights, data security issues, employment issues, violations of privacy rights, and mismanagement of electronic communications that may be impacted by retention regulations or e-discovery requirements.
  • Reputation loss – Because consumer opinions can spread quickly through social media, companies need effective crisis response plans. In addition, self-inflicted reputation damage may result from inappropriate employee behavior, setting unrealistic product or customer service expectations, rogue tweets of inappropriate messages intended for internal or personal use, or inability to measure up to the openness, honesty and transparency expected by customers and prospects.
  • Financial loss – Remarks about company performance that could impact stock price or violate insider trading, “quiet period” and other rules under applicable securities laws.
  • Effect on human resources – Social media provides a channel for recruiting employees or having the company’s employees recruited by competitors.
  • Inability to manage the generational divide – Many companies are challenged in understanding how young people are using new technologies, making it difficult to create effective marketing campaigns.
  • Safety risk – Release of confidential information about company responsibilities, travel plans and other activities of employees.
  • Brand hijacking – Exposure of customers and prospects to a fraudulent presence by a third party attempting to hijack the company’s brand without the company’s knowledge.
  • Poor management of social media forums – Creating a social media presence that lacks participants, or inability to sustain momentum in a presence or scale up once interest takes hold and traffic increases, or inability to stem the tide of offtopic conversations or rude, belligerent exchanges.
  • Personal reputation loss – Sensitive remarks made by an employee or friend(s) of an employee that could be viewed by others.

The above list of business risks is not intended to be all-inclusive or suggest companies not use social media. The bigger risk could be not using social media at all. Other risks may arise due to a company’s specific situation and use of social media, highlighting the need for organizations to include social media capabilities in their risk assessment and management efforts.

Questions for Boards

Following are some suggested questions that boards of directors may consider, in the context of the nature of the entity’s risks inherent in its operations:

  • Do you know if your company is using social media and, if so, how? Is your approach to social media similar to or different from that of your competitors?
  • If the company uses social media, has management considered the risks discussed above, including how the organization will respond if the risk becomes a reality? Are sufficient resources devoted to managing the changing social media landscape?
  • Does the company have clear policies defining what can and cannot be shared on social media sites, acceptable outlets, use of corporate assets versus personal assets, preservation of content for legal and regulatory purposes, how to respond to unsolicited ideas or objectionable content on company-promoted sites, and how to manage the risk of “indirect reputational damage” resulting from behavior of employees or associates of employees?

How Protiviti Can Help

We work with senior executives to define approaches for developing social media capabilities consistent with their company’s culture and market positioning. We also assist with updating policies to provide clear guidance regarding the use of social media sites and with managing data security, privacy and other risks in a social media-driven society.

Board Perspectives: Risk Oversight (Issue 28)

Click here to access all series

Ready to work with us?