This document discusses risks associated with social media use for organizations. It outlines both personal risks for employees from using social media as well as risks to organizations from employee social media use. The document provides examples of social media mishaps by companies. It emphasizes the importance of reputation management on social media and discusses strategies for organizations to manage social media risks, including developing policies, training employees, monitoring content, and being engaged on social media.
3. Burger King Twitter Hijack
2013
Fransesco’s CEO tweets too soon
2012
McDonalds failed Initiative
2012
Kitchen Aid’s Obama Tweet
2012
4. • Competitive advantage
• Free advertising
• Launching of initiatives/competitions
• Business model structured around social media
• Identify Trends / future direction
• Build a reputation/following
5. • Organisation’s Risk due to Employee use of Social Media
• Intellectual Property & Data leakage
• Extreme views of staff
• Virus risk
• Loss of password risk
• Personal Risk
• Identity theft
• Virus & Phishing scams
• Personal reputation
Types of Risk :
1.Personal Risk
2.Risk to Organisation due to employee use
3.Organisation’s social media presence
6. • Organisation’s social media presence
• Others posting negatively about your organisaiton
• Campaigns backfiring
• Inefficient use of Social Media
• Lack of updates
• Inconsistent/conflicting info across various Social networks
• Risk of doing nothing………
7. “Risk Management is not just about insurance”
REPUTATION CANNOT BE INSURED!
80%
of risks faced byof risks faced by
organisations areorganisations are
notnot insurable!insurable!
‘‘Chance or choice’ -Chance or choice’ -
SOLACE/ZMMSSOLACE/ZMMS
8. “It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you'll do
things differently.” Warren Buffett quote
• 8
10. Objectives
Customer engagement
Reputation
Attracting talent
Sales
Governance
Opportunities and risks
Risk of not engaging
Communicate policies
Activities
Platforms
Resource requirements
Responsibilities and time
Link to offline activities
• 10
11. ENGAGEMENT
Listen
Engage
Measure
• 11
Listen
Identify relevant monitoring tools
Optimize use of tools
Understand current reputation
Identify influencers and communities
Engage
Enter Conversations
Add value
Engage with influencers
Positive responses
Measure & Refine
Set and monitor KPI’s
Success stories
Report internally
12. • 12
Learn
Use Social Media
Study Case Studies
Educate Senior Execs
Practitioners
Understand Trends
Develop
Internal Champions
Train staff
Establish Pilot
Develop Culture of
transparency
15. Develop a social-media policy and train
staff
Monitor user-generated content
Deal with customer complaints carefully
Review social-media sites’ terms of use
Monitor use of your brand and fake user
names and pages
Manage employee access to social media
Manage user access rights
16. Policy – guidelines on acceptable use.
Cover personal and organisation guidelines.
Communicate to staff.
17. Companies can be held liable for
comments made by employees. Currently
Australia but has alerted regulators and
brand owners.
Opt-in program? Join our page and you may
use your account at work.
18. Training is vital
Communication plan (Comms matrix –
Messages vs Stakeholders/Social Media
Platform)
Avoid deleting comments or negative posts.
TRIPADVISOR MANAGER COMMENTS
Avoid aggressive comments, instead bring
the conversation to another platform.
19. Monitor use of your brand and fake user
names and pages
Legal advisors
Coca Cola was originally started by two
fans on facebook
Not all social networking sites will take
down usernames
20. Promotions/Competitions – ensure users
are not setting up multiple accounts to win.
Avoid legal disputes
Monitor fake promotions (win apple ipad
etc.)
21. Total ban
Only some sites approved (can help with
your own organisational presence)
Monitor personal use
Beware the consequences
Opt-in program? Join our page and you may
use your account at work.
22. Download
Upload
Sensitive files access
Enforced virus/malware protection
Ensure passwords are in place and
updated
Perhaps introduce 2nd
question rather than
forcing users to have 7 different passwords
Change to Apple???
24. Risk Management :
Hurricane/Tsunami warning to citizens
Voice for staff to :
Raise risk management concerns in a transparent
fashion
Share opportunities with management and one
another
Google Moderator (20% projects) & Google +
25. Business Continuity :
Hurricane/Tsunami warning to citizens
Spouse management
Connecting with stakeholders during an
incident
Internal staff communication as part of BCM
Need to consider battery life, of devices,
availability of mobile and internet network etc.
Need to consider and communicate WHICH
media to use.
26. Microsoft's worked with partners to create local applications such as J!ResQ to help
people find family and friends and to aid relief efforts with aid agencies.
Business Continuity ensured ongoing network capacity and electricity in effected areas
On Windows Azure, Microsoft provided a cloud-based disaster response communications
portal to governments.
Red Cross used social media to request donations.
Earthquake in Japan benefitted greatly from Social Media both in terms of
getting up to date information from the ground as well as connecting with loved
one.
Pages were set up on Facebook in order to keep the public up to date. Other
sites were set up to put relatives in touch with visitors .
27. Install theft protection software.
Make sure never to click the box to save your password
when you are on a public, work or laptop computer.
Use your real name.
Avoid personal information on social media sites,
such as address, phone number or your birth date
Change your privacy settings.
Type in the name of the social media site, or use a bookmark, instead of
clicking on email links.
Create complicated passwords when you sign up for social media accounts.
Never give out your travel plans over social media sites.
Avoid using online applications on social media sites, or the Internet in
general, that require access to your personal or profile information.
Use extreme caution when opening links on social media sites.
Notes de l'éditeur
1. Examples of social media disasters
2. Types of Social Media Risks
3. Opportunity of Social Media
4. Social Media Governence, framework etc.
5. Management of specific risks
5. Opportunities for Risk Management
6. Case Study
6. Personal Risk
McDonalds
Back in January, McDonald's tried to promote its brand and engage with customers through two promoted trends: #meetthefarmers and #mcdstories.Unfortunately for McDonald's, many Twitter users decided to post their horror stories at the fast food chain using the second of those hashtags. In essence, McDonald's paid to promote a trend that showered the company in bad publicity. McDonald's later admitted that "#mcdstories did not go as planned."
Kitchen Aid
When it comes to offensive tweets, KitchenAid takes the cake. After President Obama mentioned his grandmother during the first presidential debate in October, the kitchen appliance manufacturer responded by posting the following tweet to its 24,000 followers: "Obamas gma even knew it was going 2 b bad! She died 3 days b4 he became president. #nbcpolitics"
To the company's credit, it quickly removed the tweet and issued an apology, explaining that a member of the KitchenAid team had mistakenly posted it from the company account instead of from a personal handle.
Burger King
hackers who broke into the official Burger King Twitter account tweeted the company had been sold to McDonald’s. Then the tweets turned into photos of a man in a Burger King bathroom and a needle in his arm with the message: “We caught one of our employees in the bathroom doing this.”
Although led to MORE twitter followers.
We empathize with our @burgerking counterparts. Rest assured, we had nothing to do with the hacking.
— McDonald’s (@McDonalds) February 18, 2013
Fransesca
Francesca’s, a clothing retailer with stores in 44 states, started the year on the wrong foot when its CFO sent out this tweet after a confidential meeting on March 7. The problem is that Francesca’s is a publicly traded company. The CFO disclosed company info to his followers before it went public, thus sharing inside information - a violation of long-held SEC regulations. He was promptly fired.
Similar personal photos on facebook and twitter of staff doing horrible things to burgers and chickens etc.
Competitive advantage :
Lets customers know about sales
Build a following
Build a cult brand
Customer relationship
See example below (HOTEL Twitter)
Advertisement
1. Name spread across internet through social media
2. Product placement on certain sites
3. Word of mouth… “likes”, “tweets”
4.
Initiatives/Competitions
1. Reach more people for free.
2.
3.
4.
Business Model
Cult following
“Cool” brand
New and up and coming brand. Exclusive or first to know.. (Music industry uses this method extensively – Arctic monkeys became huge in UK through Social Media initiatives. Kaizers Orchestra used social media to connect fans with fans creating a Kaizers Virus… releasing new songs only upon infection of the virus… users could find other infected fans through gps and could get within 100 meters and automatically get infected themselves… which resulted in being able to download new material etc.) – David Bowie use of white square on new album cover shared on social media with people pasting the white square on pictures across the web and as their profile picture on Facebook etc.
Connect to your customers. Consultancies, artists, service providers etc. can support customers 1 on 1 and can offer free advice through social media building relationships.
CASE
_______
EXAMPLE of TWITTER at hotel.
Waiting in a line… I tweet….
Hotel next door tweets back….
Could have gone wrong… “Come to us instead… we have no lines… (WHY? And stop stalking me!)
Instead “Sorry for your hassle.. Hope you have a good holiday”
Got business next time… and from some friends of mine etc.
Password risk
If someone gets facebook account details then they can guess that it is the same as work password. Hack…
(implement question following password?)
Inefficient use
People will perceive you as being slow, waste of time, not effiecient as a company.
Ever been to an out of date website? What are your impressions? Wrong numbers, wrong maps etc.
Risks of doing nothingSo maybe you’re thinking you can avoid altogether the many risks related to social media use. Simply eliminate its use in marketing, recruiting, and other bank departments, and ban employees from using it on company time or equipment.However, failing to exploit the opportunities social media provides for building a brand, attracting new customers, and retaining current customers exposes banks to risks, too. Banning any official participation in social media ignores the positive effects of using a powerful channel appropriately to build relationships with stakeholders, customers, potential employees, and other affiliates. Banks would give up the ability to use a potent communication tool and expand the reach of their products and services in a quick and cost-effective manner.Face it: Social media channels have become part of the fabric of social interaction for an increasing segment of the population, and it’s impossible to put the social media genie back in the bottle. However, organizations that formally assess the risks of social media and implement guidelines that promote its responsible use will be better equipped to reap the benefits of these new tools.
Beautify this slide… boxes of quotes etc…
CLICK
Some may ask, doesn’t Saudi Aramco already have ERM in place?
CLICK
1. Engage a multidisciplinary team. Social media is not just an IT or marketing problem.Since social media activity affects a wide range of functions, an effective strategy brings together senior representatives from Human Resources, Legal, Information Technology, Marketing, Risk Management, Public Relations, Compliance, and any other affected functions. Assigning a project or program manager will help to track and maintain the team’s progress.Nestlé’s Facebook page, for instance, was inundated with negative comments in March 2010 following a Greenpeace campaign against the company’s use of palm oil. The company’s attempt to restrict commentary drew more unwanted attention to the issue and created a public relations disaster.
7. Monitor social media channels. Banks also need to consider how they will stay current on social media chatter that could have an impact on their objectives. Social customer relationship management (CRM) tools, composed of software products and vendor services, can help banks monitor public channels for social media chatter that could affect the organization. How an organization responds to negative comments made via social media entails significant risks of its own. Nestlé’s Facebook page, for instance, was inundated with negative comments in March 2010 following a Greenpeace campaign against the company’s use of palm oil. The company’s attempt to restrict commentary drew more unwanted attention to the issue and created a public relations disaster.
Develop a social-media policy and train staff
Most employers should be considering implementing a policy to set guidelines on acceptable use of social media. The policy should cover employee use of social media — for example, employees’ own Facebook or Twitter accounts - and use by the business.
Clearly, risks and priorities will vary from business to business, so it is important to tailor policies. Also, policies need to be able to adapt to the broad and fast-changing nature of social media, which is not just Facebook and Twitter, and can include blogs and sites such as YouTube.
Once finalised, the social-media policy should be communicated to staff. There is certainly a case for training all staff in the use of social media, but brand managers and social-media page administrators in particular need skills in dealing with users on social networks.
2. Monitor user-generated content
A recent landmark ruling by Australia’s advertising watchdog has confirmed that companies could be liable for comments made on their Facebook pages by users.
While the ruling is applicable to Australia only, it has alerted regulators and brandowners around the world to the importance of monitoring user-generated content on social-media sites, and whether they need to be doing more on this front.
Under the ruling, no differentiation was made between comments posted by the company and those made by users, leaving the company liable under advertising laws for all comments made on its page.
In the UK, the current indication is that the Advertising Standards Authority (ASA), which has had an online advertising remit since March 2011, will not be making changes to its current position. Essentially, it will only intervene on user-generated content if an advertiser takes a user post and highlights it as a testimonial.
However, the Committee of Advertising Practice (CAP) is presently conducting a two-year review of the ASA’s online remit, so it remains to be seen whether this position will ultimately change.
In the meantime, brandowners are taking a risk in having completely unmonitored social-media pages - for brand-reputation reasons, if not because of advertising law.
3. Deal with customer complaints carefully
Administrators of company’s social-media pages should be vigilant about content posted by users, but they should also be careful when interacting with them.
A number of brands use social media to interact direct with fans and users - for example, dealing with commonly-asked questions and customer complaints.
However, some companies have made situations worse by simply deleting negative posts or tweets. This practice raises potential advertising-law concerns. Others have engaged in online arguments with users on social networks, unwittingly creating bad publicity.
An aggressive reaction, however justified, to a complaint is usually best avoided. Instead, it’s better to have a measured response, informing the user what is being done to address his or her concerns.
If the issue is complex, your social-media presence may not be the best place to conduct a conversation with a disgruntled customer.
5. Monitor use of your brand and fake user names and pages
Brandowners should also be vigilant about the generic use of their brands by social-media users and should look to prevent their trademarks losing distinctiveness and therefore legal protection.
Brandowners should also keep a careful eye on infringers on social networks, in particular the use of fake pages and usernames. On the one hand, fan pages may not necessarily cause harm to a brand: Coca-Cola’s Facebook page was originally started by two fans.
But the potential for, in particular, infringement of intellectual- property rights and defamation is clear. Facebook and Twitter will take down infringing content, but at the moment, there is no equivalent process for social-media usernames to the uniform dispute- resolution policy used for domain-name disputes.
So a brandowner may need to consider court action if a social network refused to take down a fake page or username.
4. Review social-media sites’ terms of use
Before using Facebook, Twitter and other social networks, you should carefully check their terms and conditions. This measure is particularly important in the context of running promotions and competitions. Not complying with their rules risks your page being removed.
For example, you cannot use Facebook’s Like button functionality as a voting mechanism for a promotion, nor can you notify winners through Facebook, such as through messages, chat or posts on profiles.
You must acknowledge that the promotion is in no way associated with Facebook. With Twitter promotions, a key rule is that you must discourage users from creating multiple accounts - to dissuade them from entering a contest more than once.
5. Monitor use of your brand and fake user names and pages
Brandowners should also be vigilant about the generic use of their brands by social-media users and should look to prevent their trademarks losing distinctiveness and therefore legal protection.
Brandowners should also keep a careful eye on infringers on social networks, in particular the use of fake pages and usernames. On the one hand, fan pages may not necessarily cause harm to a brand: Coca-Cola’s Facebook page was originally started by two fans.
But the potential for, in particular, infringement of intellectual- property rights and defamation is clear. Facebook and Twitter will take down infringing content, but at the moment, there is no equivalent process for social-media usernames to the uniform dispute- resolution policy used for domain-name disputes.
So a brandowner may need to consider court action if a social network refused to take down a fake page or username.
5. Monitor use of your brand and fake user names and pages
Brandowners should also be vigilant about the generic use of their brands by social-media users and should look to prevent their trademarks losing distinctiveness and therefore legal protection.
Brandowners should also keep a careful eye on infringers on social networks, in particular the use of fake pages and usernames. On the one hand, fan pages may not necessarily cause harm to a brand: Coca-Cola’s Facebook page was originally started by two fans.
But the potential for, in particular, infringement of intellectual- property rights and defamation is clear. Facebook and Twitter will take down infringing content, but at the moment, there is no equivalent process for social-media usernames to the uniform dispute- resolution policy used for domain-name disputes.
So a brandowner may need to consider court action if a social network refused to take down a fake page or username.
CLICK
Some may ask, doesn’t Saudi Aramco already have ERM in place?
CLICK
http://www.bizjournals.com/houston/blog/socialmadness/2013/04/social-media-has-an-emerging-role-in.html?page=all
Voice for staff to Raise Risks : (BP incident indicated that risks were raised but not considered)
Share Opportunities :
Google Moderator, an innovation management tool designed by Google’s engineers. The simple idea behind it is that when people have tech talks or company-wide meetings, it lets anyone ask a question and then people can vote up the questions that they’d like answered. Through Moderator, people can discover existing ideas, questions or suggestions, vote for ideas, questions or suggestions and see the aggregate votes to date, create a new series asking for ideas organized by topic, event or meeting. Google Moderator itself is one of Google’s infamous “20 percent” projects. By allowing its engineers to spend 20% of their work week on projects that interest them, Google is able to tap into the many talents of its employees
Google+ conversations.
TGIF: Google’s weekly all-hands meetings, where employees ask questions directly to the company’s top leaders and other execs about any number of company issues.
Google Universal Ticketing Systems, or ‘GUTS’, which is a way to file issues about anything, and is then reviewed for patterns or problems.
‘FixIts’, 24-hour sprints where Googlers drop everything and focus 100 percent of their energy on solving a specific problem;
Internal innovation reviews, which are formal meetings where executives present product ideas through their divisions to the top executives;