Information wants to be free, but the unfettered flow of company information can pose problems. One of the challenges companies face as social media becomes more integrated into their operations is how to manage the use of various social platforms in a sensible way. Some companies, like Xerox, are well aware of the need to strike a sensible, risk-intelligent approach to managing social media. Xerox uses new social media program ideas that crop up throughout the organization as an opportunity to hold candid discussions about the business value of these programs, the risk implications and how these ideas might also serve as opportunities to educate the workforce about social media.
To get a better read on the risk management challenges social media pose, I chatted with Scott Oppliger, CEO of SocialVolt.
Eric Krell: What are the primary challenges related to social media with regards to an organization's compliance and risk management efforts?
Scott Oppliger: Organizations work hard to ensure they are in compliance with relevant industry regulations and to minimize risk to the company and its reputation whenever possible. Social media, by its very nature, challenges these efforts. Social media platforms like Twitter and Facebook enable companies' employees and their customers to communicate freely and in real-time, a potential nightmare for a risk officer working to ensure his or her company complies with both external regulations like those from the SEC and a company's own internal policies.
Risk officers now face a new world of tracking what customers and employees are saying online and need a reliable way to ensure these conversations don't violate policies and if they do, know how to respond quickly and effectively. They need to determine how to best work with other stakeholders within the organization to strike a balance between reaping the potential benefits of a successful social media strategy and program and not exposing the company to unnecessary risk.
Eric Krell: How should a risk officer /manager approach creating a social media policy for his/her company?
Scott Oppliger: Participating in the creation of your company's social media policy ensures risk mitigation strategies are included in the final product. During the drafting process, ensure that the policy is crystal clear regarding what employees can and cannot do, what's appropriate and what's not, and how/what they share can affect the company.
If you are in a heavily regulated industry like financial services or pharmaceuticals, you will need to emphasize the consequences of a failure to adhere to policy even more. Before posting the policy, ensure that it is not overly complex and verbose. It should also clearly spell out who at the company has the authority to speak on the company's behalf on social networks and what happens if/when rules are broken.
Eric Krell: Are there any pitfalls risk officers (and others) should avoid when crafting a policy?
Scott Oppliger:cAs you create your company's policy, you might be tempted to simply ban all types of commenting in your communities to avoid anything negative being posted. While this might seem like the best way to control social media, the backlash might actually have the opposite effect. Instead, be clear about what will and won't be tolerated on your social media pages and ensure that you have a pre-planned way to handle anything negative or derogatory.
In the spirit of openness, some companies make the mistake of granting too many employees admin rights to company social media accounts. Make sure you have a tool in place that enables you to grant access to employees while keeping the account admin rights protected. This ensures you can remove access to a potentially disgruntled terminated employee for example.
Eric Krell: How should a risk officer ensure the policy is implemented?
Scott Oppliger: The key to proper social media policy implementation and social media risk management is training and education. You need to have a program in place to ensure employees are educated on the company's social media policies and that includes updating them on a regular basis regarding new best practices, changes to the policy as new communities are created, and updated rules as new regulatory requirements become relevant to your compliance efforts.
As part of the training process, organize regular lunch and learn events and develop a “social media university” to offer different levels of social media certification. This will encourage employees to get involved in a productive way that benefits the company.