Social media is an ever-changing frontier for businesses. Sites such as Facebook, Twitter, and Instagram offer informal ways to interact with clients, employees, business partners and other important audiences. According to a 2014 LinkedIn research report, 81 percent of small and medium-sized businesses use social media, and 94 percent of those do so for marketing purposes.
While the advantages of social media are many, users can leave your company open to serious risks that threaten the security and reputation of your business. According to a McKinsey & Company survey, the top five risks that executives associate with social media usage are:
Potential risks presented by inappropriate use of social media:
Loss of Intellectual Property
Employees who post information about projects they’re working on, company developments or other sensitive topics can open the door to intellectual property theft from competitors. Likewise, an employee who posts content that infringes on another company’s copyright or trademarks can put their own business at risk for costly litigation.
Hacking
Because social media is an online tool, it leaves users open to risks such as viruses, malware, phishing scams, and identity theft. Hackers may use social networks to spread malicious code, compromise users’ computers, or access personal information about a user’s identity, location, contact information, and personal or professional relationships.
Company Reputation
One inappropriate or inflammatory post from an employees or disgruntled client can generate significant backlash which can then go viral. Most companies agree that inappropriate social media use can pose a serious reputational risk. Additionally, an employee who belittles the products or services of a competitor could make a business liable for damages relating to defamation.
Employee interaction
Social media presents new ways for employees to interact with each other which can result in negative behavior that affects the workplace. While businesses shouldn’t police the personal lives of their employees, claims of bullying or sexual harassment need to be taken seriously and investigated quickly.
Employment screening
While it may be tempting to search a prospective or current employee’s Facebook profile, your company’s liability risk increases if hiring (or firing) decisions are based on information found on social media. For instance, Facebook postings could reveal information about a person’s religious affiliation, sexual orientation, or other personal information that could later lead to a discrimination charge. In some jurisdictions, it is now illegal for employers to ask employees for their social media passwords so make sure that your current employment screening practices keep up with changing legislation.
Regulatory compliance
Inappropriate use of social media can also raise compliance concerns within certain industries. For instance, organizations subject to HIPAA privacy regulations need to ensure that social media does not become an outlet for sharing patient information.
Minimizing your social media risks
Many organizations are not prepared to respond to the risks posed by social media. Only 59 percent of surveyed companies have a privacy policy, while 56 percent have employee guidelines covering the personal use of social media, according to an Altimeter Group report. Of these companies, only 30 percent update their policies annually. Even fewer train newly hired employees on social media policies.
Start with a policy – Having a social media policy is a critical first step for any business looking to minimize the risks of social media. The policy should include proper online security measures, rules concerning sharing of company information, regulations regarding company image online, restrictions on personal use of social media at work, as well as interaction with employees over social media outside of work.
In addition to creating a comprehensive social media policy that covers social media use as well as how to respond to a problem, the following are some quick tips on how to mitigate the risks that social media usage can present to your business:
Educate employees – It’s important to educate your current and new employees on your social media policy so they will understand the ground rules and expectations. Explaining social media policies to employees should be viewed with the same importance as nondisclosure or non-compete agreements.
Monitor posts on a daily basis – You need to know when your company is mentioned in a post so you can respond quickly, if needed, to customer complaints or concerns. There are a variety of software programs that enable you to monitor chatter on social media or you can enlist a third party resource to monitor on your behalf.
Michelle Lopilato, Senior Vice President, Director of Cyber and Technology Solutions Vice President at Chicago’s HUB International, is a Professional and Specialty Lines Executive, bringing 12 years of dedicated experience in the area, with a particular expertise in Cyber Risk. As the Director of Cyber Risk Solutions, Michelle is responsible for advising clients and prospects on issues related to cyber, privacy and technology related risks, as well as, negotiating with carriers on policy terms and conditions.
