Business processes and cyber risk

Cyber risk doesn’t just involve malicious techies hacking into corporate accounts. It can also involve risk to every day business processes: “process cyber risk”. Unfortunately, because the IT Department are kept busy defending the corporate network from the hackers, these process risks are often left to themselves.

What do I mean by process cyber risk? Quite simply, a risk of loss or damage to an organisation caused by a weak business process combined with the use of computer technology. These weak processes are often found within finance departments, but you will also find them in HR, in marketing and across organisations.

Process risk and identity

Many business processes rely on a particular document being signed off by an authorised individual. As many processes migrate online, the assumption is that the sign-off process can also be undertaken online. Sign on as an individual and perhaps you have authorisation to access a particular document or process.

As most people have to log in to company systems with a password and a name, then this shouldn’t be a problem. Except that passwords get shared. Busy people often share log-in details with juniors, allowing unauthorised people to access systems and documents that they are not authorised to access.

Any authorisation process that simply relies on someone logging in with name and password is weak because it is easily subverted. Issuing “dongles” as a second factor authentication device isn’t much better as these can get shared (unless they are integral to a company identity card). Robust processes where sensitive data or decisions are concerned should assume that a password has been shared (or stolen) and require additional security such as a second pair of eyes.

Process risks and finance departments

One big risk for finance departments is invoice fraud. This can happen in several ways. A common way is for thieves to gather information about a company, perhaps the news that it is investing in new technology. They will then use this information plus other easily obtainable assets such as company logos and the names of senior people in an organisation to put together a scam.

This might involve an email “from” a director of the organisation to a mid ranking person in the finance department asking for an invoice to be paid promptly; the invoice, which is of course a fake, is attached to the email.

In other cases the invoice is genuine. For instance thieves may pose as a supplier and ask for details of any unpaid invoices. They then resubmit a genuine invoice – but with the bank payment details changed.

All too often the unwitting finance executive passes the invoice for payment. Once the money has reached the thief’s bank account it is quickly transferred to another account making it unrecoverable.

This type of fraud is big business. Earlier this year Ubiquiti Networks disclosed that thieves stole $46.7 million in this way. While in the UK, the police’s Action Fraud service received reports of around 750 in the first half of 2015. And of course many similar frauds go unreported – or undetected.

What can you do to protect against this? Well start by educating staff about the nature of the threat – all staff not just in the finance department. Ensure that the details of all invoices are scrutinised carefully: Is the logo up-to-date? Is the email address correct (perhaps it is a .org instead of a .com)? Are the bank payment details the same as usual (if they have changed then telephone someone you know at the supplier to ask for confirmation)? And take extra care with larger invoices, for instance requiring them to be check by two separate people.

There are other cyber risks within finance processes – and often these are internal risks, initiated by employees. Examples include purchase fraud when personal items are bought using company money or when required items are bought at inflated prices, with the purchaser then getting a kick back at a later date. Again fake emails can be used to support these purchases. And again simple processes can disarm the threat.

Process risks within HR

Within HR there are numerous process risks. Let’s start with recruitment. The risks here can involve social media profiles designed to misinform, perhaps with fake endorsements or untrue job details. Looking at a LinkedIn profile is an easy way to identify potential candidates – but it is important to realise that the profile you see may well be substantially embroidered.

Another short cut, especially when looking for “knowledge leaders”, is to see what sort of “rating” candidates have on sites like Klout.com. Superficially this is fine. However, it is essential to be aware of how people are rated by the site (for instance what data is used) before making a judgement using this type of data as you may well be given an untrue perspective.

Another risk of using social media to identify candidates is that you open yourself to accusations of discrimination. An attractive cv may not have information on social media about age, ethnicity or sexual preference. Social media will. You really don’t want to know this sort of information but once you know something you can’t “unknown it”: and this can open you up to accusations of bias. It isn’t unknown for companies to commission an edited summary of a candidate’s social media profiles with anything that could lead to accusations of discrimination taken out in order to de-risk the profile before it is given to the recruiter.

In fact HR is full of cyber risk, especially where social media is concerned. There may be problems with the posts employees make on social media. There may be issues around bullying or discrimination at work. And maintaining a positive “employer brand” can be very difficult if an ex-employee starts to deride their old employer on line in sites such as Glassdoor.

Process risk and marketing

Process risk is also very at home in marketing. Again social media is one of the culprits. Not everyone, even in marketing, is a social media addict. Senior marketers frequently hand over their brands’ social media profiles to junior marketers, or even interns, because “they have a Facebook page”.

It’s a mistake. Not only is it likely that the output will be poor, the junior marketer may well (they frequently do) break advertising regulations (for instance by glamorising alcohol, or even fair trading laws (e.g. by including “spontaneous” endorsements from paid celebrities).

This shouldn’t be difficult: there is no reason that the processes that govern advertising in general can’t be applied to social media.

Procurement and cyber risk

Finally there is procurement – and the process of ensuring that third party suppliers don’t represent a cyber risk. This is a huge area of risk and one that is not always well appreciated.

The issue is not just that the third party may be insecure (for instance the massive hack to US retailer Target came about via an insecure supplier) and it is hard to know whether they are secure or not. It is also that people working for a supplier who have been given access may then leave the supplier without you being told: and as a result they retain access to your information, perhaps after they have joined a competitor. In additions suppliers may well have their own reasons for being a risk – they are in dispute with you, they are in financial difficulty, they have been taken over by a competitor…

Business processes frequently have the potential to be undermined by online technologies. It takes imagination to identify where the threats lie. However once they have been identified, actions to reduce the effect of the threat are often very simple.

Advertisements

Ten cultural barriers to cyber security

Cyber security doesn’t only get breached because clever hackers manage to break through your cyber defences. Ask most IT professionals and they will say that the people they fear most are their colleagues.

Why is that? Why does business culture so often mean that the employees of an organisation are such a major cause of cyber damage?

Of course it depends on the organisation, but here are ten common reasons (plus a bonus reason) why employees can cause trouble.

1. It doesn’t matter

Everyone knows that what you say on the internet, especially on social media, doesn’t matter. It’s unofficial, it doesn’t count legally, and it’s not important. Hmm, ask Sally Bercow and countless like her who have found out otherwise. Anything you write on social media (or in an email, or in an online or mobile message), cannot be unwritten, can be archived and may have an impact on any legal, compliance, contractual or HR wrangles you become involved in.

2. It’s too difficult

We have all experienced directive from IT like this: “Passwords must be changed every month, must contain numbers, capital and lowercase letters, and symbols, can’t be the same as a previous password, and must be at least 12 characters”. If things are too difficult people will simply ignore them, or find ways of working round them. Force people to use an impossible password protocol and expect to see their passwords on Post-it notes stuck on their screens – hardly secure. (Or ask me how to help them remember “random” passwords that comply with these rules.)

3. It’s inconvenient

This one is similar to the “too difficult” reason. Make people’s life hard – for instance by forcing them to log on too many times or go through over-complex routines to get data, and you can be sure that they will invent clever ways of getting round the obstacles you have imposed. And if they can’t get round them, well you are simply making them spend a lot of time on unconstructive tasks.

4. It’s a waste of time

If people don’t understand why you have out certain security procedures in place then they will simply ignore them. Few people (in British culture anyway) follow the rules just because they are there. (After all “rules are for the obedience of fools and the guidance of wise men.”) People want to know why they have to do something. And if they think they are being forced to do something unnecessary, a lot of people will simply ignore the requirement: after all their time is too valuable to spend on pointless activities.

5. I thought it was the right thing to do

If you don’t train people in best practise they won’t know what is appropriate. Give your social media marketing to an intern (because they use Facebook and you don’t) and they will do things to your brand you may not be too happy with. Let inexperienced people “chat” with customers by email in order to develop better relations and they may accidentally agree to contract variations that take all the profit out of hard-won deals. Fail to protect crucial documents from unauthorised “helpful” editing and you may have a problem on your hands. Honest people doing the wrong thing is a cause of real concern.

6. I didn’t realise it was a problem

If people simply don’t know something is dangerous then they may well do it. What harm could there possibly be in sharing that social media password with your colleague? Why should it matter if I download a list of our customers to my smartphone – it will be handy when I am on the road? What is wrong with discussing our plans for expansion into China/our new IT security software/our search for a replacement marketing director (delete as appropriate) on LinkedIn? Education is a key part of cyber security.

7. It’s a laugh

The Labour Party’s Twitter-based policy promising everyone free owls was amusing of course. But not everything that is meant as a laugh is amusing. Online jokes can be misinterpreted and end up as discrimination cases or damage corporate and brand reputations. Social media jokes, especially those made in bars at 2 a.m., are rarely as funny as you think they are at the time and may result in you being fired. Don’t do it. Tell your colleagues not to do it.

8. Just in case you sack me

This is a difficult one. Especially if you are intending to sack them. Employees who feel threatened will often take data out of the office via email, cloud services, memory sticks or smartphones. Some organisations lock down their information – no mobile devices, no data downloads. Most can’t (or won’t) do that though: it demotivates people and reduces efficiency. So unless you are in an organisation that is very risk averse, the best way forward is to protect the most important information (blueprints, strategic plans, customer lists) by passwords and restricting access, and trust people to deal fairly with the rest (they won’t, but the reality is that most of the information they can access will be of little real value to your competitors).

9. It’s none of your business

“So you want to have access to the data on my smartphone in return for letting me use it for work? Why should I let you do that?” Because if you don’t then I will be unimpressed with your loyalty and your business acumen; and that will have an effect on your career prospects. And just as I retain the right to read the emails you send out on the company system, and review the websites you visit, so I need to be able to demand access to (and potentially destroy) the data on your personal mobile devices if you are using them for work. I’ll only do that if there is a problem, and if I need to. But it’s the company’s data after all.

10. I hate you all

Disaffected employees (political activists as well as people with grievances) may well be tempted to cause cyber security breaches, perhaps by destroying information or by making it easy for others to steal information. The way organisations respond to this threat will depend on their appetite for risk. Making systems too secure will reduce efficiency: that may be a price worth paying if you are running a nuclear power station but most organisations will want to reduce the risk from disaffected employees while maintaining flexibility. Scenario planning is one way of managing this: Imagine that a senior IT executive decides to steal the client list. How can you prevent them? Disaffected employees are a major threat and unless you use your imagination to identify how this threat might appear, you will be unable to manage it.

Bonus reason: I’m the boss, don’t tell me what to do

It’s not the boss’s fault if you are too frightened to tell them (tactfully of course) why a certain way of behaving could cause problems. And if you feel you can’t tell a senior executive that their behaviour is putting the organisation in danger then try to find someone who can. Security is the responsibility of everyone in an organisation: cleaners, interns and receptionists as well as Directors. So if you are the boss and run an organisation where people are too scared to tell you there is a problem, well you deserve that cyber breach.

KPIs for B2B social media

“Not everything that counts can be counted. And not everything that can be counted, counts.” Albert Einstein could have been talking about social media. And in truth, for companies who are not selling products via Facebook or Pinterest measuring the ROI from social media can be problematic.

But even if ROI – in simple terms of pounds and pennies – can be difficult, that doesn’t mean it is impossible to define some strong KPIs from BtoB social media campaigns. After all not all advertising is measured in terms of sales.

Vanity KPIs

Let’s start with vanity KPIs: things like Twitter Followers and Facebook page Likes. These have little, if any, value as KPIs – although they are very visible and thus superficially attractive. The trouble is that most followers and fans don’t do much: the average person will engage once and then have nothing more to do with your brand on social media.

The same is true of “trivial engagements” such as Facebook post Likes or Twitter Favourites: these are easy-to-perform (and easy-to-forget) actions that mean very little to your brand.

If you want to use followers and fans as a useful metric you will have to identify a subset: followers who can be considered to be prospects or customers; you can then track this number over time as a valid KPI.

Indicative KPIs

Indicative KPIs are a little more important because they tell you that things are moving in the right (or wrong) direction. However they don’t tell you much else. Change in numbers of followers/fans over a particular time may be indicative or success or failure, and movement in a positive direction is at least likely to keep the boss happy. Sentiment is another example: Tracking sentiment will rarely give you an accurate picture of how people really feel about your brand. However, if sentiment is steady or slowly becoming more positive over time this should at least give you some comfort even though there isn’t much you can do with this information. More useful is a “blip” in sentiment (a sudden rise or fall in positive or negative sentiment) which may indicate that something of importance has happened that needs investigating.

Other indicative KPIs are the “weak engagement” signals – content sharing such as re-tweets. If these are increasing you will feel that you are doing something right although it will be impossible to know whether this sharing is having an effect on your brand, and even harder put a value on this.

Another popular indicative KPI is website traffic from social media. Again, an increase in traffic looks as though it should be considered to be a positive result. It’s worth tracking but traffic on its own is a poor indicator: after all you don’t know why people have visited and it is perfectly possible that most of your visitors are disappointed when they arrive.

Brand KPIs

KPIs that indicate some sort of brand support or uplift are very important. These are things like positive brand perceptions such as “Brand X is a thought leader” or “Brand X is in my consideration set”. Generally these brand-based KPIs will need to be measured using one-on-one research such as surveys. This inevitably makes them more expensive to measure and many BtoB organisations may feel that this sort of measurement is not worth while.

Another type of branding indicator is the number of your followers and fans who are influencers. There is no set definition of what makes someone influential but you could decide to include people with, say, over 1000 followers. These influencers are likely to be of two types: “direct” influencers who are prospects or existing customers; and “indirect” influencers such as journalists and bloggers; track them separately.Unfortunately you will probably have to do this by hand.

Content effectiveness

If you are spending a lot of money on developing content (as you probably should be) then you will want to track loyalty: the percentage of people who have read your content who then return; and you will also want to track how frequently they return. This will involve setting up some customised reports in your social media analytics tools, for instance tracking the behaviour of people who have visited a particular set of pages or people who have visited your main website from your blog pages.

You may also want to track content engagement. This is hard to do as you cannot know whether people are actively reading your content or drinking a cup of tea while the page is open. The simplest way is to set up your analytics tool to track page scroll depth so that you can see how far down a page people have scrolled. As an alternative you can encourage people to rate content at the end or even divide content into a number of pages and then track each time people click on the link to pages, 2, page 3 etc. Alternatively there are more sophisticated tools (e.g. contently.com’s analysis) that can help with this by using clues such as mouse movements to estimate whether someone is actively engaged on a page and even whether they finished reading the whole article.

Strategic KPIs

Strategic KPIs don’t relate directly to marketing investment or sales success but are nonetheless important to track.

One set of strategic KPIs relates to competitors. Metrics such as social media “Share of Voice” compared with competitors will show you if you are shouting louder than your competitors (of course that is only important if you are shouting the right things.) And an analysis of comparative sentiment will also be useful (with an analysis of any blips giving you some actionable information). In a similar way an analysis of keywords around dissatisfaction with competitors will be useful information, although not strictly a KPI.

Another set of strategic KPIs relates to consumer insights. Here you need to analyse the content of any social media conversations and match the key words you are using to describe your brands with the keywords and topics that are generating engagement. You may find that one set of topics is going well at generating positive consumer reactions but that you are failing with another topic. This knowledge is important for advertising as well as for New Product Development.

Marketing KPIs

Unlike all of the preceding KPIs, some marketing KPIs can have a genuine value in terms of monetary ROI attached to them.

While the volume of website traffic from social media doesn’t in itself have a value, we could attach a value to it by estimating the cost of generating traffic using paid search or advertising. We could also attach a value to non-sales conversions such as product sheet downloads – if we know how many of these are likely to convert into a sale. And similarly we can value leads (such as email addresses) if we know what our conversion rate is likely to be. And finally we could potentially value any back-links that have been achieved from social media if we are able to calculate the cost of a single back link achieved via SEO activity.

Another area where we can potentially attach real value is in social media activity. Qualified followers and fans (i.e. people who have been identified as prospects) will have a quantifiable value if we know the average conversion rate we achieve with prospects. And so will people who are identified as being dissatisfied with a competitor.

Other KPIs worth tracking are the total number of “strong engagements” i.e. comments on your posts, and the numbers of qualified followers and fans who engage weakly or strongly with your content: while it is hard to ascribe an monetary ROI to these KPIs, they are important as they tell you whether your campaigns are succeeding in generating engagement and, importantly, whether they are doing so with the target audience.

Sales KPIs

And finally there is what every BtoB marketer will want to be able to measure: sales generated from social media.

At the soft (i.e. hard-to-value) end there are CRM interactions – the number of contacts with customers or prospects that have been made via social media. This isn’t the same as the number of leads as one customer or prospect may have been contacted several times via social media. Track number of customers/prospects contacted and also average number of contacts per customer/prospect.

And then there is the “gold standard”: sales converted from social media leads. Did I say “gold standard”. Well, that would mean that the sale was made in the absence of any other drivers such as advertising, email etc. And that’s unlikely to be the case. So track this figure; but bear in mind that giving social media total credit for the sale is probably over-estimating its importance. As Einstein said “Not everything that is worth counting can be counted”!

 

The FCA and social media

OK, this isn’t the most exciting post. But it is important. The Financial Conduct Authority (FCA) has finally published its draft guidelines on the use of social media by financial services organisations.

There is some very sensible advice in the FCA guidelines. For instance they recommend identifying a tweet as a promotion by including the hashtag #ad.

However there are a number of illogicalities and omissions.

Take tweets. The FCA advise that promotional tweets for financial services need to contain a lengthy risk statement along the lines of, in the example they give, “Your capital is @risk & losses can exceed your deposits.” That’s 56 characters – getting on for half the characters available, and more than half once you have included a link to your products.

But why have a risk statement at all? Consumers don’t expect full information in a tweet. They expect to find more information behind any links. A more sensible rule would to be  to require the risk statement to appear on the landing page beneath the tweet. Alternatively perhaps a shorter statement leading to a risk statement along the lines of “Risks: [link]” should be allowed.

Perhaps they should think of a promotional tweet as being like the header of an email – something designed to persuade you to look for further information. Just as email headers don’t contain risk statements, why should tweets? Including one seems to offer no extra protection to consumers.

The FCA also mandates risk statements on banner ads. They give an example of an ad with three frames, the last of which contains a risk statement. But is this sensible advice? Consumers can’t be guaranteed to watch an animated banner until its completion. So what is the purpose of a risk statement in the final frame? Either the risk statement should be visible all the time – or it should be available on the landing page that links from the banner.

Another problem with the guidelines is the absence of any recognition that social media content can be either static or interactive. The FCA guidance states that social media content needs to be pre-authorised. While this is clearly possible for banners ads, blog posts and even promotional tweets, it is simply not practical for interactive content that takes place within an exchange of tweets for instance. Clearer guidance is needed here – US regulators such as Finra accept that “unscripted” interactions need a different kind of management.

Another weakness is the use of the word “significant” when describing content that needs archiving. This leaves a lot up to the financial services provider. What is “significant”? Surely sensible guidance would insist on all content available to consumers being archived, not a hard thing to achieve with a digital medium. 

My final major worry is that the FCA seem to think that awareness is not part of a promotional journey. Thus a tweet saying “To see our current mortgage offers, go to…” is not a promotion but a tweet saying “To see our great mortgage offers, go to…” is a promotion. Presumably the FCA are saying that “current” is not a word that promotes value? If it isn’t, then will the FCA provide a list of other words that are safe to use? It might be more logical to say that the inclusion of any adjective turns something from an invitation to look at information into a promotion. However, even without an adjective, an informational tweet that generates awareness is a promotion (remember AIDA?)

The FCA is asking for comments on these guidelines and will accept them until 6 November 2014. If you work in financial services marketing you will need to make your feelings known.

 

How to manage your reputation online (4 of 4)

Responding to critical posts

People are posting very unpleasant things about you in social media. What can you do about it?

You have prepared well. You have registered all the necessary social media accounts. You have built up a strong online profile. And now your efficient social listening process has uncovered some unpleasantly critical comments.

But those unpleasant comments are showing up right at the top of Google’s  results when you search for your name. You need to take action.

Now, if the comments are untrue (as opposed to opinion) then you may have some legal redress: although that is expensive and sometimes self defeating if it casts you, or your organisation, in the role of a bully.

So if you don’t want to go down the legal route, or if the critical   comments are true (I am sure they are not!) what else can you do?

The first thing to accept is that you probably won’t be able to get rid of the comments completely. What’s on the web remains on the web. Even if you can somehow get the original source taken down, the chance is that the comments have been repeated somewhere.

Your strategy is to make the comments less prominent. And this means making sure they don’t feature in the first 4 or 5 search results and ideally taking them off the first page of Google’s search results: results here get 94% of clicks with only 6% on the second page and almost nothing on the third page.

Engage

So how are you going to do that? The first step, if the criticisms are justified, is to engage with your critics. Disarm the criticism by apologising for whatever you have done wrong and explain what you are planning to do about it; remember to take any discussion with critics offline if you possibly can. The intention here is to limit the damage so that further criticisms are not posted.

Try to take the links down

The next step is to try to get rid of the information or the links to it.

  • Ask for the page to be taken down by approaching the webmaster and explaining why the comments are unfair (OK this probably isn’t going to work unless the comments are libellous, but it is worth a try)
  • Ask Google to take the links down. As a rule they won’t unless the links lead to a page with highly sensitive personal information such as a signature, credit card number or a social security number. However, for European websites they are now bound to go further and take down links to content that is “irrelevant, outdated or otherwise inappropriate”. At the moment it is Google’s call whether to take the links down; there is no guarantee that they will and in any case as things stand at the moment the links will still be there on non-European versions of Google

Make sure your own pages rank higher

If that doesn’t work (and it may well not) then your next move is to try to ensure your own pages rank more highly than the critical comments you are unhappy with:

  1. Review your web assets and web profile: Do you have all the large social media accounts you could have? Do you have your own YouTube channel and a  Google+, LinkedIn and Twitter profile and have you optimised them, for instance making sure you have “vanity URLs” which contain your name rather than a long number?  And are your web site pages sufficiently rapid and mobile friendly?
  2. Analyse why those unwanted links are ranking well: if it is because lots of sites are linking to those pages you may be able to ask the owners of the linking pages to take down the links, or to give you a link as well. Some people recommend aggressively targetting the sites that are ranking well using “reverse SEO” techniques such as buying lots of dodgy links to them from link farms in the hope that Google will penalise them. I wouldn’t recommend it: there are no guarantees and you may make things worse (besides this isn’t ethical behaviour especially if your critics have a point)
  3. Analyse the words that the unwanted sites are using about you. Say it is “customer service”: you need to put a positive spin on this by developing new positive content around the key phrase “customer service”: This could be a white paper; blog posts; comments in media sites relating to customer service; you could also develop social media pages that contain your name and the key phrase; and you might even want to buy some new URLs with the along the lines of JohnSmithCustomerService.com and develop appropriate content for them
  4. Freshen up your own web pages with new content so Google is likely to rank them more highly: the more popular the content, the higher they will rank. Start adding a new piece of content a couple of times a week at least. Get more active on sites like LinkedIn – changing your profile, posting updates and entering into discussions within Groups
  5. Develop content for social bookmarking sites like Digg, Delicious and Squidoo: It needs to be new content, not a duplicate of articles published elsewhere but that shouldn’t be difficult if you think “lists”: favourite restaurants, books, flowers, dogs, capital cities, flags…the opportunities are literally endless
  6. Upweight your PR activities: seek to get quoted in the press
  7. Upweight your SEO activities: focus on building more back links from high quality sites through social bookmarking, article submission, guest posts, and comments on other people’s blogs and articles
  8. Identify your friends (happy clients etc) and ask them to engage with all your social media profiles, following you and sharing your content with their followers. Start to write testimonials for suppliers and customers and make sure they include the words you identified in point 3
  9. Look for other ways to get mentioned on line: Register a company in your name. Join a service that will list you as an expert such as nonexecutivedirector.com, opentoexport.com or liveperson.com. If you can afford it, pay to be a speaker at a large conference as these often rank very well
  10. Self publish: take advantage of Amazon’s search profile buy publishing an ebook and an audio book on the site

None of this is free: but then having your name appear below pages that are critical of you isn’t exactly free either!

And sadly none of this is guaranteed to work every time. If you have been caught out doing something unsavoury, and if the public or the press create a social media crisis for you, then there is little you can do to reduce your exposure on search engines. But if you are just trying to down-weight some criticism or reduce the prominence of an unfavourable stories, then taking the steps I have outlined should help.

How to manage your reputation online (2 of 4)

Listen

Managing your online reputation isn’t just about ensuring you have registered all the appropriate social media accounts and URLs for your name. As well as preventing people from using your name online in social media accounts and URLs as far as possible, you also need to:

  • Listen to what people are saying about you online
  • Create a strong profile, using the social media accounts and URLs you have registered
  • Repair any damage caused by people abusing your name online

This post briefly looks at how to listen out for when people are using your name.

Monitor the web

The first thing you need to do is to monitor when people use your name (or your company name or brand names). It is very simple to set up a Google alert that will email you when Google finds someone using your name. You shouldn’t rely on this though. Google isn’t perfect and may miss some mentions. It’s sensible to set up an alert using another tool like Yahoo. Alternatively simply  use another search engine such as Bing on a regular basis (say once a week) as an extra check.

Remember to set your searches up for appropriate variations of your name: I have alerts for jswinfengreen, “j swinfen green”,” j swinfen-green”,  “jeremy swinfen green” and “jeremy swinfen-green” (my fault for having a silly name). You can also include your twitter handles such as @jswinfengreen.

Google allows various options when setting up your alerts such as how often they are delivered. You may want to consider selecting “All results” rather than the default “Only the best results”.

It is also sensible to use a dedicated social listening tool to search for mentions of your name on social media. There are plenty of free tools. I particularly like SocialMention but there are dozens of others. SocialMention does have an Alert facility although it is disabled at the time of writing.

Note that the social media tools (especially the free ones) are generally less comprehensive than the big search engines so you will get a different and probably much smaller set of results. But they will be results from social media which may be useful as it can be easier to manage comments in the social media space than in the wider web. If you want to be more certain of who has mentioned you on social media then you will need to go to each platform and search: a useful exercise on Twitter and YouTube ( where it is just a simple search) as well as LinkedIn (search for Posts) but less so on Facebook which will not show you posts where your name is mentioned.

Identify themes

Once you have pulled out the relevant results, perhaps those where people are being unpleasant about you or your brands, you should start to identify the themes that reoccur. For instance if you work for a motor manufacturer (let’s call them “Supa Carz”) and people are complaining about the breaks failing you will want to monitor that closely and make sure you don’t miss any instances of a complaint that you need to respond to.

In this case you will want to set up alerts for things like Supa Carz breaks failure as well as more general alerts such as Supa Carz sucks.

Note that if you are paying for a social media listening tool you may still need to search the web for mentions of your name or brand because not all tools will monitor sites beyond the main social media platforms. This means that mentions in online communities like mumsnet may get missed.

Monitor sentiment

A change in sentiment can be a signal for an approaching problem. So it also makes sense to monitor this. Doing this well takes time but if you just want an indication  of sentiment then simply use the free sentiment measure on SocialMention or Coosto (shown below). coosto sentiment

Don’t fool yourself

The search engine you use will typically customise the results it shows you depending on your previous behaviour. This means that you may not see the same set of results for a brand that I see. This can be a problem: perhaps it means that you are seeing a set of results on the first couple of pages that are favourable to you: because you are always checking out your social media pages, your blog and your website these come up at the top of the list of links you are shown.

But, because I rarely if ever check your social media pages out, I may see other links at the top of my list of results. And some of these may be damaging to your reputation.

Because of this, it is a good idea to make sure that “personalised search” is disabled when you search for your name. There are several ways of doing this but the simplest is to toggle between the two buttons found to the right of “Search tools” and the left of the Options “cog” to see or hide personalised results for a particular search.

Icons that allow you to turn personalised search on and off in Google

Listening isn’t enough

If you are not listening you won’t be able to manage your reputation online. But listening is not enough. You will also need to create a robust profile so that your name appears linked to positive content such as your Twitter and LinkedIn profiles. And you will need to know what actions to take should someone start damaging your reputation online. More on that shortly.

Could you manage an international social media campaign?

Could you manage an international social media campaign?

Social media campaigns are hard enough at the best of times. Soggy metrics, a lack of control, unexpected reactions…So adding an international dimension can make them even harder.

But if you are faced with managing an international campaign, what are the areas you need to consider?

I have been involved with a good number of international clients over the years and they are never easy to manage. Some of the learnings from international advertising campaigns are easy to apply to social media though.

Global vs local

The problem with international campaigns is knowing how “global” or “local” campaigns should be – to what extent they should be the same around the world and to what extend they should be designed for individual markets. And the answer to this is likely to vary across markets.

In some territories local activity will predominate. While in other territories it may be appropriate to use global assets that are produced by head office. The balance will depend on a number of factors.

Language

The simplest thing to address is language. If a client is headquartered in an English speaking country then running campaigns in English may be a logical solution for other English speaking countries and even in countries (such as Sweden, the Netherlands and India) where large parts of the population speak English.

However, while this is an easy solution, it may not be the best. Cultural differences may mean that campaign messages in one country may not be well received in another. Early UK advertisements for Coca Cola’s Dasani water used the message “Can’t live without spunk”. True possibly, but not something calculated to attract the average UK consumer. Research into whether localisation is needed is essential. And this is true whether or not messaging is being translated from one language to another.

Consumer perceptions

Another very obvious thing to address is the consumer. It is quite possible that the brand you are working with is perceived very differently in certain markets.

The oddest example of this I have come across was a UK cough sweet that was associated in Germany with, er, physical love! Fashion and retail brands often show differences around the world: for instance Levi Jeans have less fashion cachet in the USA than they do in Europe. Fast food too: Millward Brown show how Burger King is a weak brand in Belgium (compared with MacDonalds) but a strong brand in Mexico.

But getting the right message across to consumers isn’t necessarily the hardest part of managing an international social media campaign. There are many other issues.

Local platforms

A “one size fits all” approach to which social media platforms to use is unlikely to work. For instance Twitter penetration in Spain is around three time that of France but only half that of Saudi Arabia. Some markets, notably China and Japan, are very different from Western Europe and North America.

Local strategy implementation will need to take account of the strengths of different social media platforms. For instance if the strategy is to disseminate lots of photographs, then using Instagram to supplement picture posts on Facebook may be wasted effort in markets like Canada and France but worthwhile in Germany and Indonesia.

Local resources

If you are working with local operations in international markets then you will almost always find that resources in individual countries will vary widely, as will skill levels. One market may have a team of half a dozen experienced social media marketers, while in another the intern looks after social media in between doing the filing.

This means that you may need to moderate the amount of global assets you share with some local markets, or at least give territories with less resource the option to pick and choose between which global assets they decide to use.

 Local perceptions of social media

In most countries around the world consumers use a lot of social media. But that doesn’t mean that local marketers take social media seriously. There may be a big education job to be done helping local marketing managers understand why, and how, to use social media.

Where you are dealing with a local market that is sceptical about social media, it will be important to avoid a situation where social media is managed by a junior who may post inappropriately, without any (informed) supervision; social media is global and you won’t always be able to stop people in one country reading damaging posts in another country.

Local independence

Some local marketing operations will be more independent and harder to influence than others. Managers in a large territory such as the USA may well feel that they don’t need (or want) central control.

This may be especially true if the territory concerned has a heritage in effective social media marketing (which you could argue is the case in many English and Spanish speaking markets).

Dealing with resentment aimed at “interference from the centre” is always difficult. Providing reasons to use global strategies and assets (such as cost saving) is likely to be more effective than simply mandating the approach they must take.

Building consensus through joint development of assets and best practice will also help. And with social media, this shouldn’t be too difficult given that accepted knowledge of how best to use social media is still building.

Local laws

And finally do remember that laws vary across the world. For instance a competition that is legal in one country may be illegal in another. And similarly some countries have very stringent rules about endorsements.

Ensuring that local market operations are aware of the rules of what they can and cannot do on social media is important if you don’t want the humiliation of having your campaigns being deemed illegal or noncompliant by local regulators.

All in all

Setting up and managing an international social media campaign isn’t easy. As well as understanding how consumers differ across markets there are many practical issues around the nature and relative strengths of local marketing partners.

The safest way forward is to develop a global strategy with input from local markets and then allow local markets to tweak the global strategy, localise global assets and, if appropriate, add their own local content. Developing appropriate best practice guidelines to help less experienced local partners will also be important.