This document outlines a framework for assigning roles and responsibilities to manage social media risk within organizations. As social media opens new opportunities for engagement, it also exposes brands to risks like reputation damage, privacy issues, and regulatory violations. While marketers have focused on capitalizing on opportunities, it is less clear who manages the associated risks. The document argues that to maximize the value of social media while mitigating risks, organizations must clearly define which roles will oversee social media risk management and their specific responsibilities. This includes providing those roles with proper tools to identify, manage and mitigate social risks.
Mapping Organizational Roles & Responsibilities for Social Media Risk
1.
2. Title:
Mapping
Organizational
Roles
&
Responsibilities
for
Social
Media
Risk
Subtitle:
How
to
Define
and
Implement
Organizational
Roles
and
Responsibilities
for
Enterprise
Social
Media
Risk
Management
1
3. Executive
Summary
Social
media
has
introduced
a
wide
array
of
opportunities
for
organizations
to
engage
with
customers
and
partners.
Marketers
have
been
tasked
with
capitalizing
on
these
opportunities.
But
with
these
opportunities
comes
risks
–
like
a
damaged
brand
reputation,
regulatory
violations,
privacy
issues,
intellectual
property
compromises,
social
engineering,
Astroturf-‐ing,
phishing,
and
the
list
goes
on.
What
is
less
clear
is
who
is
responsible
for
managing
and
mitigating
the
risks
tied
to
social
media.
To
get
optimal
value
from
social
media
efforts,
organizations
need
to
establish
controls
for
the
downsides
of
the
technology
by
first
clearly
defining
which
roles
within
their
unique
corporate
structure
should
be
involved
in
social
media
risk
management
and
their
specific
responsibilities.
Organizations
then
need
to
give
those
roles
the
proper
tools,
such
as
policies
and
technologies,
to
be
successful
at
identifying,
managing,
and
mitigating
social
media
risks.
This
report
will
outline
a
framework
for
assigning
roles
and
responsibilities
to
manage
social
media
risk.
2
4. Social
Media
Is
Opening
New
Opportunities…
And
Risks
Whether
it
is
a
Facebook
page,
a
Twitter
stream,
a
Tumblr
blog,
a
Pinterest
page,
or
another
social
channel,
consumers
are
jumping
on
the
social
media
bandwagon.
For
example,
it
was
reported
that,
on
Facebook
alone,
there
were
1.15
billion
monthly
active
users
with
819
million
views
via
some
kind
of
mobile
device.i
Twitter
has
approximately
500
million
users
with
more
than
200
million
identified
as
active.ii
Video
platform,
YouTube,
has
over
a
billion
unique
users
every
month.iii
The
most-‐
visited
consumer
social
networks
include
well-‐known
platforms
like
Facebook,
Twitter,
Foursquare,
Pinterest,
and
Tumblr,
along
with
lesser
known,
but
growing,
platforms
like
Pheed,
Thumb,
and
Vine.
Social
Adoption
in
Organizations
Is
Maturing
No
brand
wants
to
be
too
far
away
from
their
customers,
so
companies
are
working
diligently
to
meet
consumers
where
they
are,
on
social
media
platforms.
Today,
more
than
79%
of
all
companies
are
using,
or
are
in
the
process
of
adopting,
one
or
more
social
media
channels
as
a
primary
conduit
to
their
customers.iv
Many
of
these
companies
are
experiencing
great
success,
like
iconic
brands
Walmart,
Target,
and
Amazon
(see
Figure
1).v
Their
efforts
are
spread
across
channels,
with
77%
of
the
Fortune
500
using
Twitter,
70%
employing
Facebook,
and
69%
on
YouTube.
What
are
companies
using
social
media
for?
59%
use
it
to
engage
with
their
customers,
49%
to
advertise,
35%
to
conduct
research
on
their
customers,
and
30%
to
conduct
research
on
competitors
and
new
products.vi
Figure
1:
Connecting
with
Customers
on
Social
Media
3
5. Social
Media
Is
Also
Exposing
Brands
to
Risk
For
all
of
its
amazing
upsides
for
companies,
such
as
being
able
to
directly
interact
with
customers,
there
is
also
an
ugly
underside
to
social
media
–
the
risks
to
companies
from
social
media.
Whether
it
is
damaging
the
reputation
of
a
company,
releasing
of
confidential
information,
regulatory
and
compliance
risks,
or
identity
theft,
social
media
comes
with
its
own
set
of
risks
based
upon
the
unique,
highly
interactive,
complex,
and
almost
uncontrollable
nature
of
the
interactions.
The
manifestation
of
social
media
risk
can
be
as
low-‐level
as
an
unsatisfied
customer
tweeting
to
someone,
to
as
extreme
as
the
$200
billion
of
value
that
was
erased
from
the
U.S.
stock
markets
after
a
fraudulent
tweet,
supposedly
from
the
Associated
Press,
was
sent
out
about
an
explosion
at
the
White
House.vii
Who
Does
What,
and
Who
Pays
for
It?
Social
media
is
a
new
channel
with
new
ways
of
interacting
and
new
risks
that
prompt
the
question
–
who
is
responsible
for
managing
the
risks?
For
example,
the
CIO,
if
the
company
has
one,
is
the
person
responsible
for
managing
IT
risks
like
hardware
downtime,
and
stopping
hackers.
When
it
comes
to
managing
financial
risks,
like
regulatory
changes,
fraud
and
interest
rate
changes,
it
is
pretty
clear
that
the
CFO
should
be
responsible
for
ensuring
that
those
types
of
risks
don’t
significantly
affect
the
company.
But
who
is
responsible
for
managing
social
media
risk?
Roles
with
an
Interest
in
Social
Media
Risk
Management
With
the
unique
nature
of
social
media,
responsibility
for
managing
and
mitigating
social
media
risk
is
often
spread
across
numerous
departments.
That
responsibility
is
also
typically
spread
across
a
number
of
corporate
functions,
including
Marketing,
IT,
Communications,
Legal,
Audit,
Risk,
and
Human
Resources.
The
best
way
for
companies
to
align
organizational
responsibility
and
governance
is
to
break
it
down
by
three
levels
–
titles,
roles,
and
responsibilities
across
seven
necessary
functional
areas
as
follows:
Marketing
and
Communications
Management
Representative
Titles:
Chief
Marketing
Officer,
Vice
President
of
Marketing,
and
Vice
President
of
Corporate
Communications.
Role
Level:
Strategic.
Social
Media
Responsibilities:
Generally
serves
as
executive
sponsor
or
executive
owner
of
social
media
initiatives
within
an
overall
marketing
and
brand
management
effort.
Accountable
to
the
Board
of
Directors
and
executive
team
for
the
success
and
failure
of
social
media
efforts,
including
4
6. social
media
activity
and
brand
presence,
return
on
investment,
and
any
associated
crises.
Key
Social
Media
Risk
Concerns:
Brand
and
image
protection,
reputation
management,
and
regulatory
compliance
for
Marketing.
Information
Technology
Representative
Titles:
Chief
Information
Officer
and
Chief
Information
Security
Officer
Role
Level:
Strategic.
Social
Media
Responsibilities:
Generally
serves
as
executive
co-‐sponsor
or
co-‐owner
of
social
media
initiatives
and
efforts
within
the
context
of
an
overall
information
technology
architecture
and
an
overall
security
architecture.
Accountable
to
the
Board
of
Directors
and
Chief
Executive,
in
conjunction
with
the
CMO,
for
social
media
compliance,
privacy,
IP
and
company
information
protection,
and
any
channel
breaches.
Key
Social
Media
Risk
Concerns:
Regulatory
compliance,
data
privacy
and
security,
social
engineering,
data
management,
and
network
and
resource
protection.
Social
Media
Technology
Representative
Titles:
Chief
Technology
Officer,
Enterprise
Architect,
Digital
Security
Manager,
and
Digital
Infrastructure
Manager.
Role
Level:
Strategic
to
tactical.
Social
Media
Responsibilities:
Select,
deploy,
and
standardize
social
media
management
applications
and
tools,
social
media
account
management,
social
media
policy
enforcement,
and
social
media
training.
Key
Social
Media
Risk
Concerns:
Social
media
account
security,
social
media
privacy,
API
vulnerabilities,
standardization
of
risk
mitigation
efforts
across
channels,
app
proliferation,
and
channel
proliferation.
Social
Media
Marketing
Representative
Titles:
Director/Manager
of
Social
Media,
Director/Manager
of
Digital
Marketing,
Director/Manager
of
Corporate
Communications,
and
any
agencies
with
social
media
responsibility.
Role
Level:
Managerial.
Social
Media
Responsibilities:
Responsible
for
day-‐to-‐day
management
of
social
media
efforts
including
channel
management,
content
and
channel
planning,
content
creation
and
approval,
channel
and
application
security,
5
7. social
analytics,
social
network
monitoring,
and
initial
issue
and
crisis
identification
and
response.
Key
Social
Media
Risk
Concerns:
Internal
and
external
(fraudulent
or
copycat)
channel
and
site
proliferation,
minimizing
operational
risks
through
policies
and
training,
and
on-‐channel
security
management.
Social
Community
Management
and
Customer
Service
Representative
Titles:
Social
Community
Manager
and
Social
Customer
Service
Manager
Role
Level:
Managerial
and
operational
Social
Media
Responsibilities:
Day-‐to-‐day
customer
interaction,
community
management,
monitoring
of
the
community
and
brand
in
the
social
landscape,
and
management
of
acceptable-‐use
policies.
Key
Social
Media
Risk
Concerns:
Poor
community
management,
inappropriate
community
use,
customer
interactions,
customer
data
management,
social
media
spam,
and
customer
issue
escalation
and
intensification.
Legal
and
Audit
Representative
Titles:
Chief
Legal
Officer,
Chief
Compliance
Officer,
Chief
Risk
Officer,
Compliance
Manager,
and
Audit
Manager.
Role
Level:
Strategic
to
operational
Social
Media
Responsibilities:
Regulatory
and
legal
compliance,
oversight
of
social
media
policies
and
governance,
auditing
of
brand
accounts,
fraud
identification
and
management,
ensuring
standardization
of
the
brand
and
brand
compliance
across
social
networks,
identification
and
addressing
of
brand
hijacking,
and
brand/reputation
management
and
protection.
Key
Social
Media
Risk
Concerns:
Brand
compliance,
including
internal
use,
partner
and
affiliate
use,
and
community
use,
intentional
and
unintentional
brand
hijacking,
and
erosion
of
brand
reputation.
Human
Resources
Representative
Titles:
Chief
People
Officer
and
Director/Manager
of
Human
Resources
Role
Level:
Strategic
to
operational
Social
Media
Responsibilities:
Employee
oversight,
training
on
social
media
governance,
policies
and
tools,
and
management
of
internal
non-‐compliance
with
social
media
policies.
6
8. Key
Social
Media
Risk
Concerns:
Lack
of
employee
training
on
social
media
policies
and
tools,
identification
and
correction
of
employee
actions
on
social
media,
and
safety
of
employee
personal
use
of
social
media.
Social
Media
Risk
Management
Responsibilities
For
too
many
companies,
initial
social
media
efforts
are
haphazard
and
uncoordinated,
yet
require
the
participation
of
multiple
roles
(see
Figure
2).
While
Marketing
has
set
up
a
Facebook
page
and
maybe
a
Twitter
feed,
Human
Resources
has
established
a
presence
on
LinkedIn
for
recruiting,
and
individual
sales
reps
are
tweeting
away,
while
IT
is
trying
to
lock
down
all
of
the
systems
to
protect
the
company.
It
borders
on
the
edge
of
pandemonium
and
it
exposes
the
brand
to
unnecessary
risk.
Effective
social
media
risk
management
requires
internal
coordination
across
departments
and
groups
for
the
following:
1) Agreeing
on
the
corporate
purposes
and
strategy
for
adopting
social
media
channels
and
platforms;
2) Claiming
the
corporate
geography
on
the
different
social
media
channels;
3) Monitoring
access,
content,
and
applications
across
the
social
landscape;
4) Putting
together
and
executing
an
implementation
plan
for
the
strategy,
including
a
crisis
communications
and
response
plan;
and
5) Following
up
on
the
execution,
including
success
metrics.
None
of
these
can
happen
without
help
from
multiple
parts
of
the
organization.
7
9. Figure
2:
What
Roles
Should
Be
Involved
in
Social
Risk
Management?
Marketing
&
Communications
Managements
• Chief
Marketing
Ofhicer
• Vice
President
of
Marketing
• Vice
President
of
Corporate
Communications
Information
Technology
• Chief
Information
Ofhicer
• Chief
Information
Security
Ofhicer
Social
Media
Technology
• Chief
Technology
Ofhicer
• Digital
Security
Manager
• Digital
Infrastructure
Manager
Social
Media
Marketing
Social
Community
Management
&
Customer
Service
Legal
and
Audit
Human
Resources
• Director/Manager
of
Social
Media
• Director/Manager
of
Digital
Marketing
• Director/Manager
of
Corporate
Communications
• Social
Media
Agency
• Social
Community
Manager
• Social
Customer
Service
Manager
• Social
Media
Agency
• Chief
Legal
Ofhicer
Chief
Risk
Ofhicer
• Chief
Compliance
Ofhicer
Compliance/Audit
Manager
• Chief
People
Ofhicer
• Director/Manager
of
Human
Resources
For
example,
agreeing
on
the
corporate
purposes
and
strategies
for
social
media
is
primarily
a
function
of
marketing
or
corporate
communications.
But,
as
social
media
is
used
for
purposes
other
than
marketing,
such
as
a
customer
service
tool
or
a
recruiting
tool,
the
Customer
Service
team
and
the
HR
team
need
to
be
involved
from
a
platform
and
tool
selection
perspective,
and
IT
from
a
security
technology
view.
The
monitoring
of
social
media
is
primarily
the
responsibility
of
the
social
media
team
and
any
agency
support
they
utilize,
but
could
also
include
Customer
Service,
as
customers
compliment
or
complain
about
the
brand
on
social
media.
It
could
include
market
research,
as
information
is
gleaned
about
customers.
It
should
also
include
risk
and
security
teams
as
social
media
provides
a
channel
for
spear-‐phishing,
social
engineering
and
other
risks.
Though
different
for
each
organization,
effective
social
media
risk
management
requires
the
active
participation
of,
at
the
minimum,
Marketing,
IT,
Legal,
and
perhaps,
other
departments
like
Human
Resources,
Audit,
and
Customer
Service.
8
10. Roles
and
Responsibilities
in
Common
Risk
Scenarios
Once
roles
with
a
vested
interest
in
social
media
are
identified,
clear
lines
of
responsibility
for
issues,
incidents,
and
normal
management
aspects
of
social
media
need
to
be
clearly
defined.
The
best
way
to
do
this
is
by
recognizing
common
risk
scenarios
that
the
company
faces
from
social
media
and
identifying
the
necessary
roles
and
responsibilities
of
the
various
interested
and
involved
departments
and
groups
in
addressing
those
risks.
Below
are
five
commonly-‐seen
risk
scenarios
and
issues
in
social
media.
For
each
one,
a
high-‐level
overview
is
provided,
along
with
example
roles
and
responsibilities
found
in
most
companies
and
organizations.
Scenario
1:
Tracking
and
reporting
approved
and
fraudulent
social
media
accounts
• Overview:
It
is
determined
that
someone
external
to
the
organization
has
set
up
one
or
more
unauthorized
social
media
accounts
that
purport
to
represent
the
organization.
• Roles
and
Responsibilities:
o Social
Marketing
tech
team
and
any
agency
supported
and
services,
Marketing
and
IT
are
responsible
for
monitoring
for
new,
unauthorized
accounts.
o Legal
is
responsible
for
notifying
the
social
network
with
a
request
to
remove
the
account.
Once
complete,
legal
should
report
back
to
Marketing
for
verification.
Scenario
2:
Social
media
account
being
hacked
• Overview:
One
or
more
social
media
accounts
are
compromised
and
unauthorized
content
is
published
on
those
accounts.
• Roles
and
responsibilities:
o Corporate
Communications
is
responsible
for
having
a
defined
(and
tested)
internal
/
external
communications
plan
and
process
created
that
includes
agency
support.
o Social
Media
with
any
agency
support
is
responsible
for
monitoring
all
social
channels.
o Marketing
leads
communications
with
the
advisement
of
Legal.
o IT
leads
from
a
systems
perspective,
interfacing
with
Marketing
and
the
o
social
networks.
IT
Security
should
investigate
and
respond
to
each
incident
as
a
security
breach,
and
take
actions
to
preclude
future
risk.
9
11. o
Marketing
and
Security
should
report
to
a
broader
Social
Media
Committee
and
Board
with
regard
to
outcome
and
risk
mitigation.
Scenario
3:
Spam
and
malware
content
identified
• Overview:
Malware,
and
to
a
lesser
degree
spam,
is
identified
either
being
introduced
through
or
existing
on
corporate
social
media
accounts.
• Roles
and
responsibilities:
o Community
Manager
first
identifies
the
bad
content,
ideally
using
automated
technology,
implemented
with
the
support
of
IT
Security
and
policy
already
defined
by
Legal.
o Security
and
Legal
review
incident
reports,
remediation
efforts,
and
workflow
periodically
for
verification.
Scenario
4:
Release
of
customer
data
• Overview:
There
is
the
potential
for
a
release
of
customer
data
either
by
the
customer,
inadvertently
by
the
company,
or
through
hacking
efforts.
• Roles
and
responsibilities:
o Community
Manager
should
identify
incidents
using
technology
configured
by
the
IT
security
team,
under
the
guidance
of
Legal
and/or
Compliance.
o Community
manager
and
Social
Media
team
should
audit
and
report
issues
regularly
to
Legal
and/or
Compliance.
o Legal
and/or
Compliance
should
monitor
incidents
and
changes
to
laws
and
government
guidelines,
and
recommend
necessary
policy
changes
accordingly.
o Risk
Management
should
evaluate
risk
to
the
organization
based
on
the
potential,
volume
and,
severity
of
incidents.
o Compliance
reviews
incidents
and
handling
of
regulated
or
controlled
data
in
coordination
with
IT
Security.
Scenario
5:
Compliance
violations
or
release
of
sensitive
company
data
• Overview:
The
company
has
the
potential
for
violations
of
compliance
regulations
or
is
susceptible
to
unauthorized
release
of
company
data.
• Roles
and
responsibilities:
o Legal
and/or
Compliance
should
define
a
policy
and
plan
for
addressing
this
issue,
based
on
state,
regional,
and
industry
requirements.
o Legal
and/or
Compliance
should
work
with
the
Social
Media
team
to
understand
application,
and
with
IT
to
map
technology
against
enforcement
capabilities.
10
12. o
o
o
Compliance
reviews
incidents
and
handling
of
regulated
data,
and
adjusts
policy
and
rules
for
communication
on
a
regular
basis.
IT
Security
implements
the
policy
via
technology
controls.
Social
Media
team
follows
defined
process
and
is
audited,
and
reports
back
on
progress
and
any
irregularities
or
challenges
to
the
workflow.
Who
Is
Responsible
for
the
Costs?
The
most
often
asked
question
regarding
new
technology,
after
answering
“Who
is
responsible
for
what?”
is
“Who
has
to
pay
for
it?”
Social
media
protection
is
no
exception.
With
the
social
media
platforms,
the
cost
of
the
technology
and
managing
it
is
often
a
shared
expense
between
the
IT
department
and
Marketing,
with
Marketing
assessed
the
largest
portion.
The
cost
of
managing
the
risk
of
social
media
is
also
often
a
shared
expense
(see
Figure
3).
Figure
3:
Functional
Areas
and
Common
Social
Media
Risk
Cost
Responsibilities
Functional
Area
Marketing
and
Communications
Management
Information
Technology
Common
Cost
Responsibilities
•
•
•
•
•
•
•
Social
Media
Technology
Social
Media
Marketing
•
•
•
Social
Community
Management
and
Customer
Service
Legal
and
Audit
•
Human
Resources
•
•
•
Agency
services
and
support
fees
(Marketing)
Social
media
risk
management
system
(Share
with
IT)
Social
media
listening
system
(Share
with
IT)
Other
social
media
technologies
and
platforms
(Share
with
IT)
Social
media
risk
management
system
(Share
with
Marketing
and
Communications)
Social
media
listening
system
(Share
with
Marketing
and
Communications)
Other
social
media
technologies
and
platforms
(Share
with
Marketing
and
Communications)
Ongoing
management
of
social
media
risk
management
system
Ongoing
management
of
social
listening
system
Staffing
costs
of
social
media
marketing
efforts,
including
agency
services
Staffing
and
related
costs
of
community
platforms
and
social
customer
management
systems
Staffing
and
related
costs
related
to
legal
management
and
ongoing
audit
efforts
Staffing
and
related
costs
related
to
social
media
training
Staffing
and
related
costs
related
to
internal
policy
management
For
example,
the
actual
technology
need,
such
as
a
risk
and
compliance
application
or
a
monitoring
application,
is
often
a
shared
expense
between
IT
and
Marketing
or
Corporate
Communications,
with
Marketing
assessed
a
majority
of
the
expense.
Other
costs,
such
as
legal
support,
audit
and
compliance
support,
and
employee
training
are
often
taken
on
by
other
groups
in
whole
or
with
a
charge
back
11
13. mechanism
to
Marketing.
For
example,
the
costs
taken
on
by
Legal
and
Compliance
for
resources,
such
as
having
an
attorney
and/or
compliance
person
on
staff
that
has
been
trained
and
has
expertise
in
social
media,
would
be
taken
by
the
Legal
or
Compliance
departments
with
the
potential
for
some
chargeback
to
Marketing.
Training
all
employees
and
agency
staff
on
good
social
media
policies
and
practices
is
often
times
covered
by
Human
Resources,
though
training
specific
groups
such
as
social
media
Customer
Service
representatives,
or
the
home
department
of
employees
who
engage
in
social
media.
Making
It
Real:
Actual
Responses
to
Social
Media
Risk
In
order
to
understand
how
this
plays
out
in
reality,
we
spoke
with
the
former
Vice
President
of
Social
Media
for
one
of
the
world’s
largest
financial
institutions.
He
described
two
use
cases,
based
on
actual
events,
and
how
his
cross-‐functional
team
worked
together
to
manage
them.
Use
Case
#1:
Discovering
and
tracking
bank-‐owned
social
media
accounts
and
reporting
fraudulent
accounts
At
our
bank
we
had
a
Social
Media
Operations
team
that
reported
to
me
as
the
head
of
Social
Media.
The
staff
on
the
operations
team
was
responsible
for
finding,
via
any
mechanism
possible,
social
accounts
owned
and
being
run
by
the
bank.
This
involved
web
searches,
as
well
as
querying
the
social
networks
via
their
native
search
tools,
and
leveraging
data
from
listening
platforms.
The
team
maintained
a
running
list
of
accounts.
For
any
accounts
that
were
deemed
‘unauthorized,’
we
would
try
to
connect
directly
via
internal
company
communications
to
either
authorize
and
incorporate
the
account,
or
have
it
shut
down.
For
any
accounts
that
were
external
and
were
found
to
be
fraudulent
and
otherwise
inappropriately
using
our
bank’s
brand,
we
would
report
the
account
to
our
assigned
legal
resource.
The
Legal
Compliance
Department
had
a
person
assigned
to
work
with
the
Social
Media
team
on
this
very
issue.
They
would
take
any
list
of
fraudulent
and
inappropriate
accounts
and
report
them
to
the
social
networks
themselves
to
confiscate
them
or
have
them
shut
down.
12
14. Figure
4:
Real-‐World
Case
One
-‐
Unauthorized
Accounts
Use
Case
#2:
Handling
‘bad
content’
moderation
Our
bank
is
a
highly
visible
entity
that
has
garnered
a
significant
amount
of
social
engagement
and
interaction.
As
engagement
increased,
such
as
Facebook
comment
interaction,
we
recognized
the
need
to
remove
and
hide
certain
comments
on
the
page
to
protect
sensitive
data
of
the
commenter
where,
for
example,
they
inappropriately
posted
PII,
account
info,
and
other
confidential
data
to
our
wall.
We
also
had
to
remove
things
like
social
spam,
offensive
content,
and
audience-‐on-‐audience
abuse
or
exploitation.
For
all
of
these,
it
is
important
to
note
that
this
was
and
is
not
about
removing
negativity
toward
the
bank.
It
is
about
protecting
the
audience
and
fostering
a
positive
social
community.
First,
my
Social
Media
team
–
in
conjunction
with
the
Social
Customer
Service
team
–
worked
with
Legal
to
create
a
content
use
policy
to
publish
on
our
accounts
as
a
link
(see
Figure
5).
After
publishing
our
policy,
the
Social
Customer
Service
team
was
responsible
for
enforcing
the
policy
across
our
accounts,
while
our
Social
Operations
team
kept
reports
on
bad
content
moderation
activity
and
published
that
metric
in
broader
social
media
reports
for
our
executive
stakeholders.
Figure
5:
Real-‐World
Case
Two
-‐
Effective
Moderation
13
16. Next
Steps
The
only
guarantee
is
this
new
age
is
that
every
company
is
at
risk.
It
may
be
today
or
it
may
be
next
year,
but
it
is
more
likely
than
not
that
a
social
media
risk
will
manifest
itself.
To
mitigate
and
minimize
the
potential
impact
to
your
company,
you
need
to
act
today
by
doing
the
following:
Step
1:
Define
a
governance
structure.
Any
successful
social
media
risk
management
and
mitigation
effort
needs
a
foundation.
That
foundation
is
a
governance
structure.
The
governance
structure
is
often
determined
by
the
head
of
social
media,
leading
a
working
group
made
up
of
representatives
from
Marketing
Management,
IT,
Social
Media
Marketing,
Legal
and
Audit,
and
Human
Resources.
The
governance
architecture,
at
a
minimum,
needs
to
explain
who
is
responsible
for
what,
but
should
also
address
items
like
the
scope
of
your
social
media
efforts,
branding
guidelines,
approval
processes,
continuity
planning,
and
training
and
education.
Step
2:
Put
a
social
media
policy
in
place.
A
social
media
policy
(or
set
of
policies)
that
provides
guidance
for
employees
and
protects
the
company
and
customers
from
risk
should
come
right
after
governance.
This
may
take
the
form
of
a
single
policy,
a
set
of
policies,
or
even
a
set
of
guidelines.
The
purpose
of
these
policies
should
be
to
provide
a
set
of
guardrails
for
all
employees,
those
specifically
engaged
in
social
media
on
behalf
of
the
brand,
and
managers
across
the
organization.
For
a
social
media
policy
or
set
of
guidelines
to
be
both
useful
and
usable,
the
policy
should:
1)
Be
clear
in
its
purpose;
2)
Be
in
sync
with
the
company
culture;
3)
Explain
how
the
correct
use
of
social
media
is
beneficial
to
the
company;
4)
Be
written
in
plain
language
and
not
legalese;
5)
Have
the
input
and
buy-‐in
from
all
departments;
and
6)
Be
as
short
and
to
the
point
as
possible.
Step
3:
Select
technologies
that
will
support
your
organization.
Once
companies
have
a
foundational
governance
structure
in
place,
then
IT
departments
and
social
media
technology
groups
can
put
into
place
the
appropriate
technology
tools
to
manage
and
mitigate
risk.
This
should
include
tools
that
allow
the
company
to
have
visibility
into
the
social
infrastructure
(how
many
accounts
and
on
15
17. what
platform)
of
the
company,
provide
governance
for
those
accounts
around
types
of
content
and
data
that
are
published
across
them,
ensure
compliance
with
internal
policies
and
external
regulations,
and
protect
company
social
accounts
and
platforms
from
being
hacked.
Once
these
platforms
are
in
place,
the
Social
Media
Technology
Group
would
be
responsible
for
training
the
social
media
marketing
roles,
the
social
media
community
management
and
customer
service
roles,
and
as
necessary
legal,
audit,
and
human
resources
roles.
Step
4:
Test
your
organization.
After
the
governance,
the
policies,
and
the
technologies,
companies
need
to
test
and
retest
to
make
sure
that
all
the
moving
parts
remain
in
sync.
For
example,
training
employees
and
agency
staff
on
an
out-‐of-‐date
social
media
policy
is
almost
as
dangerous
as
not
having
one.
Not
keeping
track
of
all
of
the
brand
presences
on
social
media
and
allowing
them
to
proliferate
without
control
can
open
the
brand
to
unnecessary
risks.
Not
updating
a
technology
application
to
cover
a
new
platform
can
place
the
company
at
increased
risk.
Companies
should
test
their
ability
to
respond
to
different
social
media
risks
by
running
a
series
of
scenario
exercises
based
upon
known
or
expected
social
media
risks.
These
might
range
from
a
scenario
covering
a
miss
sent
tweet,
such
as
a
personal
statement
on
a
company
channel,
to
a
scenario
involving
an
irate
customer
who
takes
to
social
media
to
voice
their
issue,
to
a
scenario
covering
a
social-‐media
based
reputation
attack
by
an
NGO,
like
efforts
by
Greenpeace
against
Nestle
and
British
Petroleum.
16
18. About
Nexgate
Nexgate
provides
cloud-‐based
brand
protection
and
compliance
for
enterprise
social
media
accounts.
Its
patent-‐pending
technology
seamlessly
integrates
with
leading
social
media
platforms
and
applications
to
find
and
audit
brand
affiliated
accounts,
control
connected
appliances,
detect
and
remediate
compliance
risks,
archive
communications,
and
detect
fraud
and
account
hacking.
Nexgate
is
based
in
San
Francisco,
California,
and
is
used
by
some
of
the
world’s
largest
financial
services,
pharmaceutical,
Internet
security,
manufacturing,
media,
and
retail
organizations
to
discover,
audit,
and
protect
their
social
infrastructure.
i
Facebook
Reports
Second
Quarter
2013
Results,
July
24,
2013.
http://investor.fb.com/releasedetail.cfm?ReleaseID=780093
ii
Smith,
Craig.
(September
2013)
By
The
Numbers:
31
Amazing
Twitter
Stats.
September
5,
2013.
http://expandedramblings.com/index.php/march-‐2013-‐by-‐the-‐
numbers-‐a-‐few-‐amazing-‐twitter-‐stats/
iii
YouTube
Hits
a
Billion
Monthly
Users.
March
3,
2013.
http://youtube-‐
global.blogspot.com/2013/03/onebillionstrong.html
iv
Harvard
Business
Review
Analytics
Services.
The
New
Conversation:
Taking
Social
Media
from
Talk
to
Action.
http://www.sas.com/resources/whitepaper/wp_23348.pdf
v
Fox,
Zoe.
10
Most
Liked
Brands
by
U.S.
Facebook
Users.
Mashable,
Sept
6,
2013.
http://mashable.com/2013/09/06/facebook-‐brands-‐likes/
vi
Larcker,
David,
Larker,
Sarah,
and
Tayan,
Brian.
What
Do
Corporate
Directors
and
Senior
Managers
Know
about
Social
Media?
The
Conference
Board,
October
2012.
http://www.gsb.stanford.edu/sites/default/files/documents/TCB_DN-‐V4N20-‐
12.Social_Media.pdf
vii
Lauicella,
Tom,
Stewart,
Christopher,
and
Ovide,
Shira.
Twitter
Hoax
Sparks
Swift
Stock
Swoon,
The
Wall
Street
Journal,
April
23,
2013,
http://online.wsj.com/article/SB1000142412788732373560457844120160519348
8.html
17