Social media offers startups a powerful platform to cost-effectively market their products and services, get their brand recognized, and engage with a wide audience of customers. Yet social media also throws up multiple risks. Many of these risks—be they security and privacy risks, compliance risks, or reputational risks—are not new. However, companies have become more vulnerable to these risks due to social media’s real-time dissemination of information and broad reach.
For a startup, the risks are even greater. If an employee posts a personal rant about a company, or if a customer tweets their complaint about a product or service, it can quickly spiral into an enormous PR crisis, nipping the startup in the bud much before it has the chance to bloom.
Meanwhile, multiple regulatory agencies such as FINRA, FFIEC, FTC, and SEC are incorporating new guidelines around the use and monitoring of social media—which means that startups can no longer put off implementing effective social media risk management strategies.
With that in mind, here are a few best practices to effectively manage and mitigate social media risks:
Identify and Assess Your Risks
In a recent ThriveonRisk and ComplianceOnline survey on social media risk management, which covered over 180 professionals from 8 industries, the majority of respondents indicated that the social media risks most likely to hurt their organizations are data privacy and confidentiality risk (73 percent) and reputational risk (72 percent).
Reputational risk, in particular, can cause immense damage. Consider designer Kenneth Cole’s infamous tweet on the Egyptian conflict (“Millions are in uproar in #Cairo. Rumor is they heard our new spring collection is now available online…”) or the more recent comment made by PR executive Justine Sacco (“Going to Africa. Hope I don’t get AIDS. Just kidding. I’m white”). Both posts went viral, sparking public outrage against the individuals and their companies.
To avoid such backlash, it is critical to clearly identify and assess your social media risks as soon as possible. Measure the severity of those risks in terms of their impact and likelihood: How much damage can they cause? Who can be harmed and how? Based on these findings, you can implement the most appropriate controls.
Clearly Define Your Social Media Risk Appetite
In December 2013, Liberty Bottleworks’ co-founder and chief operating officer took a significant risk when he responded to an unreasonable customer through a polite but scathing Facebook post where he defended his employees’ rights to enjoy the holidays. The post went viral, generating tremendous support online with Facebook users who appreciated the company’s “family first, product second” philosophy .
The company took a risky but calculated decision to put up that post—a move that would only come from understanding what their unique risk appetite was, and where they could draw the line.
A well-established social media risk appetite with clearly defined definitions of what is acceptable and not, helps you balance the opportunities of social media with the associated risks. The key is to first identify your risks, and then determine how much of each risk is acceptable to take. So if you’re concerned about online customer feedback, you might want to ask: “At which point should I start getting worried about what customers are saying about my products and services online?”
Develop Social Media Policies that Describe Expected Procedures
Developing a social media policy might seem a bit daunting at first, but take a cue from companies that have already done it. Intel and Dell, for instance, encourage social media connections but insist on transparency as well as the protection of company information. Ford includes guidelines such as: make it clear that the views expressed are yours, mind your manners, and be sure you mean what you say and say what you mean. Best Buy has clearly defined do’s and don’ts—for instance, “Don’t disclose numbers, promotions, personal information, or legal information.”
Here are a few other points to consider when developing social media policies:
- Spell out what employees can and cannot do with as many examples as possible.
- Ensure that all employees are trained on the policies.
- Address the differences between professional and personal use of social media.
- Detail appropriate social media usage, roles, and responsibilities.
- Review and update your policies regularly.
Assess and Implement Technical Controls
In the ThriveonRisk and ComplianceOnline survey, 93 percent of the respondents agreed that social media risk management is important and must be part of their risk management program. However, a significant 30 percent have not yet implemented systematic social media monitoring systems or escalation processes to respond to social media risks in real time.
On the other hand, a company like Dell has an impressive social media listening command center that monitors thousands of conversations every day. They also have a social media outreach team with a 98 percent resolution rate, and a 34 percent success rate at turning online “ranters” into “ravers.”
While startups may not have the resources or scale to compete with Dell’s social media risk management efforts, there are multiple simpler tools in the market that leverage analytics and language processing capabilities to “listen” to online conversations around brands. Startups can use these tools to regulate data confidentiality, consumer feedback, and reputation management.
The Wall Street Journal reported that a growing group of venture capitalists are investigating each startup’s social media presence before deciding to fund them. In other words, startups can’t afford to be inactive on social media. Neither can they afford to ignore the associated risks. Organizations need to incorporate social media accounts into their risk frameworks and controls, and view, assess, and manage them as a risk across the organization.