When social media first arrived on the business landscape more than two decades ago, it was widely viewed with a mixture of skepticism, indifference, or in some cases, outright hostility. According to some self-proclaimed business pundits and gurus, while it was conceivable that a small niche of B2C businesses might be able to leverage some bottom-line business benefits through this “weird social thing,” the idea of virtually all businesses using it daily — including governments, NGOs, health care networks, political parties, sports teams, and the list goes on — wasn’t just beyond the pale: it was simply unthinkable.
Well, history has a way of proving plenty of business pundits wrong (although they tend to find a way to evade accountability!), and the story of social media on the business landscape is a perfect example. Not only is it a legitimate business communication tool, but in some cases, it’s the preferred or leading channel as the statistics bear out:
- 72 percent of adult Internet users use Facebook. (Source Pew Research Center)
- 32 percent of all employed adults are on LinkedIn. (Source: Pew Research Center)
- Pinterest has 100 million monthly active users. (Source: The New York Times)
- Instagram has 500 million monthly active users. (Source: Statistica)
- 30 percent of online adults under 50 use Twitter. (Source: Pew Research Center)
- YouTube reaches more people age 18 and over during prime time than any cable TV network. (Source: Google)
However, despite the prevalence — and often dominance — of social media as means to connect businesses with individual customers and groups of customer communities (including prospective customers and influencers), most businesses are staggeringly exposed to costly and potentially catastrophic brand damage, along with fines for breaching compliance regulations, and data leaks caused by cyber attacks to rogue employees.
Why does this massive social media-based vulnerability persist? Because companies are paying so much attention to content, delivery and engagement, that they’re neglecting to answer seven critical social media risk-based questions:
1. What prevailing compliance regulations govern our social media content and messaging?
The answer to this varies depending on the industry. For example, all firms in the mortgage industry must ensure that all of their marketing content — including social media — conforms to the Truth In Savings Act/Reg. DD, Fair Lending Laws, Truth In Lending Act/Reg. Z, RESPA/ Section 8, FDCPA, Federal Trade Commission Act, Dodd-Frank Wall Street Reform and Consumer Protection Act, Electronic Fund Transfer Act/Reg. E, Bank Secrecy Act, Gramm-Leach-Bliley Act, and the CANN-SPAM Act.
2. What are the roles and responsibilities of senior management and board members with regard to social media content and messaging?
In addition to listing key individuals, businesses also need to establish controls and define an ongoing assessment of risks related to social media usage.
3. What policies and procedures are in place to manage and monitor social media use?
These policies and procedures must be comprehensive, and they also need to cover measures that identify and mitigate risks that relate to fraudulent or counterfeit misuse of their brand.
4. What policies and procedures do we have in place to manage third-party vendors?
Many businesses tap third-party vendors to manage some (or sometimes all) of their social media footprint and profile. However, these entities must also be part of the overall obligation to ensure and enforce social media compliance.
5. How are we training our employees to keep our reputation safe and protect social media assets?
Whether by accident or deliberately, employees are typically the weakest link in the social media defense chain (just as they are with respect to network security and InfoSec overall). Businesses need to have complete and practical training programs that identify, establish and enforce social media acceptable use — and hold employees accountable for misuse.
6. How are we monitoring all accounts and platforms, including those that are deliberately being kept inactive?
Many businesses choose to register social media accounts for future use, or as a proactive strategy to prevent competitors or cyber-criminals from staking a claim to a valuable piece of digital property. However, businesses cannot tuck these inactive sites in the virtual attic, because as long as they exist, they are potential vulnerabilities. As such, they need to be part of the inventory and regularly monitored accordingly.
7. How are we measuring ongoing internal compliance?
External regulations (e.g. Truth in Savings Act) provide a compliance framework to guide businesses toward what they should do, and away from what they shouldn’t. But businesses also need a strategy and mechanism to measure ongoing internal compliance, which while obviously in alignment with external requirements, are not necessarily the same. For example, many businesses wisely have more stringent internal standards regarding social media, since it gives them added protection, and puts them in a better position when (not if) external regulations get tighter and more demanding in the future.
The Bottom Line
Ultimately, the answers to these seven important questions combine to create a robust social media governance plan. While this is not the aspect of a business that all customers and most employees don’t see, in the bigger picture, it’s the most important piece of the social media puzzle — because gaps and vulnerabilities are reputation damage and regulatory violation time bombs that will go off sooner or later. It’s just a matter of when, and how costly the damage will be to clean up.
Chans Weber is the CEO of Leap Clixx, a digital marketing agency. Backed up by 10-plus years of experience in a variety of industries, including finance, marketing, and online technology, Chans is known for his skill in transforming company’s visions and goals into tangible revenue.