Could you manage an international social media campaign?

Could you manage an international social media campaign?

Social media campaigns are hard enough at the best of times. Soggy metrics, a lack of control, unexpected reactions…So adding an international dimension can make them even harder.

But if you are faced with managing an international campaign, what are the areas you need to consider?

I have been involved with a good number of international clients over the years and they are never easy to manage. Some of the learnings from international advertising campaigns are easy to apply to social media though.

Global vs local

The problem with international campaigns is knowing how “global” or “local” campaigns should be – to what extent they should be the same around the world and to what extend they should be designed for individual markets. And the answer to this is likely to vary across markets.

In some territories local activity will predominate. While in other territories it may be appropriate to use global assets that are produced by head office. The balance will depend on a number of factors.


The simplest thing to address is language. If a client is headquartered in an English speaking country then running campaigns in English may be a logical solution for other English speaking countries and even in countries (such as Sweden, the Netherlands and India) where large parts of the population speak English.

However, while this is an easy solution, it may not be the best. Cultural differences may mean that campaign messages in one country may not be well received in another. Early UK advertisements for Coca Cola’s Dasani water used the message “Can’t live without spunk”. True possibly, but not something calculated to attract the average UK consumer. Research into whether localisation is needed is essential. And this is true whether or not messaging is being translated from one language to another.

Consumer perceptions

Another very obvious thing to address is the consumer. It is quite possible that the brand you are working with is perceived very differently in certain markets.

The oddest example of this I have come across was a UK cough sweet that was associated in Germany with, er, physical love! Fashion and retail brands often show differences around the world: for instance Levi Jeans have less fashion cachet in the USA than they do in Europe. Fast food too: Millward Brown show how Burger King is a weak brand in Belgium (compared with MacDonalds) but a strong brand in Mexico.

But getting the right message across to consumers isn’t necessarily the hardest part of managing an international social media campaign. There are many other issues.

Local platforms

A “one size fits all” approach to which social media platforms to use is unlikely to work. For instance Twitter penetration in Spain is around three time that of France but only half that of Saudi Arabia. Some markets, notably China and Japan, are very different from Western Europe and North America.

Local strategy implementation will need to take account of the strengths of different social media platforms. For instance if the strategy is to disseminate lots of photographs, then using Instagram to supplement picture posts on Facebook may be wasted effort in markets like Canada and France but worthwhile in Germany and Indonesia.

Local resources

If you are working with local operations in international markets then you will almost always find that resources in individual countries will vary widely, as will skill levels. One market may have a team of half a dozen experienced social media marketers, while in another the intern looks after social media in between doing the filing.

This means that you may need to moderate the amount of global assets you share with some local markets, or at least give territories with less resource the option to pick and choose between which global assets they decide to use.

 Local perceptions of social media

In most countries around the world consumers use a lot of social media. But that doesn’t mean that local marketers take social media seriously. There may be a big education job to be done helping local marketing managers understand why, and how, to use social media.

Where you are dealing with a local market that is sceptical about social media, it will be important to avoid a situation where social media is managed by a junior who may post inappropriately, without any (informed) supervision; social media is global and you won’t always be able to stop people in one country reading damaging posts in another country.

Local independence

Some local marketing operations will be more independent and harder to influence than others. Managers in a large territory such as the USA may well feel that they don’t need (or want) central control.

This may be especially true if the territory concerned has a heritage in effective social media marketing (which you could argue is the case in many English and Spanish speaking markets).

Dealing with resentment aimed at “interference from the centre” is always difficult. Providing reasons to use global strategies and assets (such as cost saving) is likely to be more effective than simply mandating the approach they must take.

Building consensus through joint development of assets and best practice will also help. And with social media, this shouldn’t be too difficult given that accepted knowledge of how best to use social media is still building.

Local laws

And finally do remember that laws vary across the world. For instance a competition that is legal in one country may be illegal in another. And similarly some countries have very stringent rules about endorsements.

Ensuring that local market operations are aware of the rules of what they can and cannot do on social media is important if you don’t want the humiliation of having your campaigns being deemed illegal or noncompliant by local regulators.

All in all

Setting up and managing an international social media campaign isn’t easy. As well as understanding how consumers differ across markets there are many practical issues around the nature and relative strengths of local marketing partners.

The safest way forward is to develop a global strategy with input from local markets and then allow local markets to tweak the global strategy, localise global assets and, if appropriate, add their own local content. Developing appropriate best practice guidelines to help less experienced local partners will also be important.



What to do if your social media accounts are hacked

If your Twitter feed is hacked, it isn’t likely to knock $160 billion off the Dow Jones. But it could still be very damaging to sales, recruitment or share price.

What will a hack look like?

You will know you have been hacked if unauthorised posts are sent out from your social media account. These might be for “spam” products like diet pills or Viagra. Or they might be designed to damage your reputation perhaps by endorsing competitors or vilifying your own products and brands. Or they might simply be mischievous. Alternatively a hack might involve a change in your social media profile: perhaps a new profile picture or a change to your description, again often with the aim damaging your business. Even if you have taken reasonable measures to stop your accounts from being hacked, they can still happen. So it is a good idea to have a plan in place, just in case. After all, if you are hacked then you will need to respond as rapidly as possible. So here is a simple 5-step plan for damage limitation after a social media hack.

Step 1. Regain control by resetting passwords

The first thing to do (or at least attempt) is to regain control of any hacked accounts. You will do that by changing the password on the account (ideally to something not quite so easy to hack!) If you can’t get access to the account, because the hackers have changed the password, then try resetting your password using the forgotten password link on the site. You should then get a message, sent to the email registered as belonging to the account’s administrator, which will allow you to reset the password. At the same time you should also change the password of the account administrator’s email address. This may have been hacked too and if it has then it will be all too easy for the hackers to gain control again.

If you can’t regain control

If the hackers have locked you out of your account and you can’t get back in, then you will need to contact the social platform directly. This may take a little time as there will be forms to fill in and proof to provide so it is important to start this process as soon as possible. All the big social media sites provide an easy way into this process:

  • Facebook:
  • YouTube: (link to AutoRecovery at bottom of page)
  • LinkedIn: (link to Contact Us at bottom of page)
  • Twitter: (link to Contact Support at bottom of page)
  • Google+:

Lock down content publishing if you can

If you can, it’s a good idea to lock down any publishing activity while you check the security of all your social media accounts. Some software providers such as Nexgate’s ProfileLock will do this automatically should they detect an unauthorised change to your profiles.

Step 2. Protect your other platforms

The next thing you need to do is to check all your other social media platforms and ensure they have not been hacked as well. If they are safe check that they have a secure password and that this is different from the passwords on your other social media sites.

Step 3. Get back to normal

Once you have control back you will want to get your social media accounts back to the state they were in before the hacking incident.

Delete unwanted content

You will need to delete any unwanted content such as tweets that have been sent out without your authorisation. This doesn’t guarantee the content will disappear completely and for ever. Other people may have seen it and saved it or shared it with other people. But you can at least limit the possibility of other people seeing being exposed to messages you don’t want them to see.

Check account settings

Back in control, you will also want to make sure there aren’t any nasty surprises waiting for you. Have any automated responses been tampered with? Does your profile or email signature contain new and unwanted links? Have any Twitter lists been tampered with? Do you have new some “friends” you weren’t expecting to see?

Step 4. Let people know

There is no point in hiding the fact that you have been hacked. If it is embarrassing they are bound to find out. It is far better to tell people what has happened and apologise for it.

Tell your audience

Post messages, e.g. tweets, to anyone following you apologising for any inconvenience or offence caused. It may be appropriate to pay to promote these messages if that option is available on the platform you are using. If you don’t it is highly likely that many people who follow your social media accounts won’t see your explanation. It may also be sensible to put a message upon your website and any other “static” content such as blogs and even social media profiles. Some companies have ready-made web pages that are pre-approved and can be published quickly in the event of an emergency. It is likely that you will want this page to be a template of some sort so that the precise content can be adapted to suit the nature of the crisis.

Tell your employees

Make sure you have a clear communication plan that is directed towards your employees. They may need reassurance that the damage won’t affect them; they will certainly need to know what to do and say if they are asked about the crisis by friends or peers.

Tell the media

It is also sensible to tell the media, who are likely to pick up on a crisis anyway. Of course if the breach is trivial then there may not be any reason to do this but if the breach is potentially damaging then you will want to make sure any relevant media have your version of events as soon as possible.

5. Review your security

Once things have settled down you will want to review your security to reduce the risk of anything similar happening again. You will of course cover off the basics: make sure that passwords are robust and that you have managed and limited access to your social media accounts. But there are a few other things you need to do as well.

Review any apps that have access

Review any applications that have access to your social media accounts and remove any that you don’t recognize. Apps may include measurement tools, media owner sites, or tools that link different social media platforms. For instance if you want to see the apps that have access to your Twitter profile you can find them at If in doubt it may be safest to delete all applications and then start adding apps to your account from scratch.

Check for viruses

Run a virus scan on any devices that have been used to access your social media accounts to ensure you haven’t picked up a virus or other malware. Don’t forget to check any mobile devices that may be used and if home computers are ever used to access your social media accounts then ask the relevant people to check these too.

Enable 2-factor authentication

Many social networks now offer “2-factor authentication”. This is a security system which requires a number sent to a device like a mobile phone as well as your password to get access. Generally this makes it very difficult for a hacker to break into your account. So if this hasn’t been set up on your social media accounts you should do so right away, unless you are using software such as Single Sign On software that makes this unnecessary.

Review your training

Most hacking events are the result of human error – clicking on a phishing URL or using weak passwords for instance. In order to guard against future risk, review the knowledge of anyone who has the ability to log on to your social media accounts, whether or not they ever do so. Do they understand the need for strong passwords, are they aware of the risks caused by cookies, do they always check which site they are going to when clicking on shortened URLs, are they aware of how they might get fooled in a phishing attach? If your staff are knowledgeable about these issues then the chance of a social media hack will be very much reduced. Any other tips? Please do let us know.

3 steps to planning for a social media crisis

You might as well accept it. You’ll be involved in a social media crisis one day. And without the right planning that can hurt.

Planning to meet a crisis takes time and effort. But the principles behind the planning are reasonably simple.

So here are Mosoco’s 3 (not-so) easy steps!

Step 1: Audit

As usual, the first step is a little strategic auditing: where am I now, where do I want to get to; and how am I going to get there.

First of all you need to agree your crisis management requirements:  the types of crisis you are likely to face, the scale of the possible downside (so you can understand how much to invest), the ideal way you want to handle those crisis (how much can you afford to care about individual customers), and the results you want to see.

Once you have identified the “ideal world”, you need to audit your existing processes:

  • Are they complete; do they cover all your business functions and processes or are they firmly placed within PR or Marketing? Do you have a system for directing problem content to appropriate people within the organisation?
  • How do you identify what content needs to be responded to and when negative content starts to become a crisis?
  • Are your processes effective? Are you sure: have they been tested? Are they up to date in terms of social media landscape and employee/agency contact details?
  • Do current staff with responsibility for crisis management have adequate understanding of social media and the crisis management processes and are they able to deliver them with available resources?
  • Are your current social media management tools adequate, especially your social listening and archiving tools? How are you currently moderating inbound and outbound comments, and what is your approach to interacting on social media accounts you don’t own (e.g. review sites)?

Once you have answered those questions you will need to undertake a “gap analysis” in order to identify what needs to be done to achieve your strategic goals for social media crisis management.

Step 2: Prepare

The team

Next, if you haven’t got one already, you will need to establish a multi-functional crisis management team. You might have people from social media triage, HR, sales, compliance, marketing and IT in this team. It shouldn’t be from a single department though as social media problems can affect all parts of an organisation.

You will also need a clear chain of command with a senior crisis manager who will confer with, and delegate to, other team members.

Another important team member is what I call the “triage nurse”. This is a person who is responsible for listening to social buzz, deciding what needs a response, and forwarding each post to the appropriate person to deal with it. They should ideally be “business function agnostic”, capable of recognising compliance issues, HR issues and security issues as well as marketing or PR issues.

You will need to ensure individual team members have appropriate training and skills as well as understanding that they have the freedom of movement to manage a crisis within agreed guidelines.

Scenario planning

In order to develop crisis management guidelines for people to work within, you will need to be aware of the most likely crisis scenarios you might face. Use your imagination as well as reading up as many case studies as you can to identify what these might involve. Typically, a crisis can be caused by things like:

  • Senior executives resigning
  • Inappropriate employee behaviour
  • Problems with products or customer service
  • Marketing failures such as non-compliance or astro-turfing
  • Security issues such as brand-jacking

Pre-prepared crisis content

You will also want to develop crisis management guidelines for how to respond to each different type of crisis including:

  • The process: where to respond, how to respond, how to maintain a “single voice”, when and how to escalate
  • The tone of voice you will use for different platforms (Facebook is likely to be different from LinkedIn for instance, while Pinterest will need a more visual approach)

One of the hardest tasks is to develop pre-prepared position statements for the early stages of each likely scenario, especially where the scenario hasn’t been faced before. Depending on the individual scenario, prepare content such as sincere apologies, an explanation of what has gone wrong, and statements that “the issue is in hand”. They won’t be exactly right when the issue hits of course, but they should save you time by acting as a sensible starting point.

Ensure an appropriate tone of voice is used by taking account of the cause of the crisis and the effect it will have on people. Are people in genuine danger? Are they merely being inconvenienced? Or are people simply laughing at you for some reason?


Once you have developed management guidelines you will need to ensure that the right technology is in place. This will include:

  • Appropriate social media management tools including listening, moderation, post management and archiving
  • A website that has the ability to host crisis statements in a way that is easy to access on mobile devices
  • Presence of your brands on all major platforms including YouTube, Twitter, Google+, and Facebook so crisis statements can be placed there
  • Appropriate security, including robust password protocols – just giving anyone access to the Twitter account is generally a bad idea!

Places and people

Another useful thing to do up-front is to identify influencers and important channels. Ensure the team has access to data about:

  • The most important social media channels and sites, in terms of their size and their relevance to organisation
  • The most important brand and industry influencers (e.g. bloggers, tweeters, specialist communities, activists journalists etc)

Step 3: Practice

Ensure the whole team has the opportunity to practise managing a social media crisis using a realistic scenario.

This does two things. First it tests the crisis process for each type of scenario to find out how effective it is. Is it up to date? Does it work in practice – for instance if an escalation process involves the CEO, is he available when needed?

Practising with a simulated crisis also exposes the team members to the reality of managing a social media crisis. They will see the speed a crisis can move at and experience the need to prioritise on different platforms. They will be exposed to the need to take individual decisions. They will discover the need to accept a certain level of personal abuse and not get upset by it.

The result

By planning for a social media crisis you should ensure that your organisation has the right tools and processes in place to manage a social media crisis. This involves a further six steps:

  • Listening to the social buzz and identifying an emerging crisis
  • Triaging posts (some dogs are best left lying) and directing content to appropriate team members
  • Maintaining transparency by acknowledging negative comments and even sharing them and asking for feedback
  • Responding to individuals and the audience at large with positive and helpful information
  • Resolving the problem, reporting this and asking for feedback, especially from customers who were affected
  • Reviewing the crisis and learning from it

More on those steps another day! But in the meantime, if you want help with planning your approach to social media crisis management don’t hesitate to get in touch with Mosoco’s social media risk team on


HR and social media risk

Social media risks are marketing risks, right? Wrong. They extend across the whole organisation.

Take Human Resources. This is a particularly tricky area for social media. There are substantial risks associated with recruitment, management, and an organisation’s duty to look after its employees. Let’s take a look at a few of these issues.

social media presents HR risks in recruitment, employee management and employer duty of care


It’s always tempting to look though a candidate’s social media profile before inviting them in. But if you do, you might just find information that you don’t want to have, because possession of it could be used to imply that you were prejudiced in some way.

For instance you don’t want to know anything about gender, race, age, disability etc before you decide whether to interview someone. And you could find that in their Facebook pages. Once you have this information, you can’t “not” have it. In the UK disability rights, age discrimination, racial discrimination and other laws could be used against you if you fail to offer the candidate a job.

A simple way of mitigating this risk is to ask someone who doesn’t have a role in selection to do the research and edit out any unwanted information before giving it to the selection team. And make sure the edited information (and the process) is archived.

By the way, never demand access to a candidate’s social media profiles during the recruitment process: the Information Commissioner will definitely frown on this!

Managing employees

You may also feel the urge to “spy” on employees’ use of social media. But it’s best not to do this unless you have a real reason to be worried about their behaviour. Monitoring employee social media posts could potentially expose you to data protection penalties as well as damaging your reputation as an employer.

If you are simply worried that someone is spending too much time on social media at work it’s probably going to be counter-productive to stop their access (they probably have a smart phone with them!) What you need is a robust social media policy that explains when and how they can use social media at work. You will need to explain this to them face to face, to give them an opportunity to ask for clarifications. And you should explain any sanctions for lack of compliance with the policy.

Once you have that in place then you will still need to avoid monitoring their use – unless you have a real and valid reason for doing so. This could be something like productivity, worries about confidentiality, or bullying. But you will need a reason. (And as always keep a record of any evidence that has prompted you to monitor them.)

In addition to making sure you have a robust social media policy in place, refrain from asking employees to link with you on social media sites in such a way that you can see their posts: they might argue they were “coerced” into letting you have access to their private information. And if employees invite you to follow them, then if you accept remind them that this does give you access to their posts.

Caring for employees

All employers have a duty to take reasonable care of their employees. With social media, at the very simplest level, this can be a requirement to protect people from workplace bullying that can take place through social media. If you are faced with a complaint about this you will need to take it as seriously as you would any complaint about bullying – it’s no less serious just because it is online. And remember, if it is a colleague doing the bullying it doesn’t matter whether this happens when they are at home on their “private” social media accounts.

The risks multiply if you have asked (or even encouraged) people to use social media as part of their working day.

Social media activity often involves dealing with the general public, for instance replying to a customer complaint. But dealing with the public can sometimes be problematic as some people feel that it is appropriate to use abusive language to people they don’t know and can’t see. This can be upsetting to people, especially if the abusive language is personal.

You will need to ensure that all employees who deal with the public via social media realise that there is a possibility of personal abuse when having conversations with members of the public. Ensure that employees are aware that abusive language from anyone is unacceptable and that if it happens they should escalate the problem to a senior colleague if they feel the need to.

There are also potentially some privacy issues. Encouraging staff to use social media is fine, but forcing them to sign up to networks they don’t want to could be construed as a constructive breach of their privacy. For instance if you force someone to sign up to Facebook in order to post messages about your company then you are forcing them to give information out such as their birthday and gender. Instead provide them with a company owned account they can use.

Remember that privacy can also be infringed if pictures of employees (or clients) at company events are published without their permission, especially if they are depicted in an embarrassing situation. So do get people’s permission first!

Don’t leave it to the marketers!

These aren’t the only HR risks associated with social media. But they are the most commonly found ones. And they are serious. That’s why you need to have a risk management process that is capable of dealing with these risks.

If someone in the marketing department is in charge of social media (as they frequently are) you will also need to ensure that your HR department also have access to the necessary information and has an input into how you manage social media. It’s common sense business practice.

Want to learn more? Then get in touch with Mosoco on 07855 341 589 or

Archiving social media

Does it really matter what you said on Twitter last week?

Archiving may not be the most exciting subject in the world, but as organisations increasingly use social media to communicate with consumers there is an ever growing need to archive their social media conversations.

Why archive?

There are four excellent reasons for archiving social media content.


Litigation is an ever present problem for organisations. This can be staff bringing cases for unfair dismissal or discrimination. Or it can be consumers bringing cases relating to unfair contracts or products and services that don’t deliver as promised.


Archiving of marketing communications can be a compliance requirement for certain industries such as financial services; although there are some record-keeping requirements imposed on all companies.

Business operations

It can be important to archive records so that negotiations and transactions can be continued in the event of systems failure. In addition, an easily accessible record of social media can in some circumstances make it easier for employees to work efficiently (e.g. finding an important email or chat record easily).

Knowledge management

A good archive can be used to generate learning and case studies.

How much to archive?

Ideally you would archive everything in social media that relates to your organisation. But this may simply not be feasible. For instance, if people get customised views of social media it is obviously impossible to archive these. This is also true of websites that are delivered “on the fly” where one may be confined to recording for instance the different experience of a logged in and a logged out visitor.

Two questions need to be asked:

  • What is it reasonable to invest in archiving (given the size and nature of your organisation)
  • What is it important to keep (not all social media data is equally important)

There are no hard and fast rules here, except that more is likely to be safer than less. But bebar in ind that how uch you archive is likely to affect how much you pay.

How to build an archive

There are some fundamental requirements of social media archiving systems:


You need to capture both “static” content that is not changed on a regular basis (such as a Twitter profile) and “interactive” content which delivers a stream of data from the organisation and consumers or other stakeholders.

With interactive content, there is generally a good deal of important contextual information that goes beyond the simple text of a post and this need capturing. This can include:

  • Actions such as “Likes” and Shares
  • Views and subscriptions to content streams
  • Phototags and hashtags
  • Page URL
  • Links
  • The nature of the conversation, in particular whether it is a public exchange or a private (e.g. Direct Message) exchange

Another important consideration for archiving is whether deleted posts can be recorded. When data collection happens on an occasional basis, for instance every day, posts that are deleted may well be lost to the archive. One solution is to record data directly via the platforms API rather than from the web.


There are a number of storage requirements for any archiving system and these include:

  • Data and information security: archives should be secure so that only authorised people can access them
  • Resilience: the will always be a need to have one or more back ups of the archive so that data can be retrieved in the event of system failure
  • Access logs: A record of who has used an archive is an important management tool – as anyone who watches “whodunits” on TV knows
  • Integrity: It is important to prevent modification or deletion of content within the archive which means that data should be stored as “read only”

Searching and retrieving

In most circumstances social media records should be searchable at least by the following:

  • Platform (e.g. Twitter) and type (e.g. re-tweets, direct messages)
  • Author
  • Date and time
  • Content “strings” (i.e. keywords and key phrases)
  • Metadata (e.g. tags on Facebook pictures)

Once data has been found then it needs to be exportable easily and in a sortable format e.g. XML.

Choosing the right tool

There are dozens of archiving tools available. Some are free, other range from low prices that an SME will find attractive to “enterprise level” expense.

And the functionality offered offers widely too, with some tools very much simple back up tools while others are more truly information management tools.

As a result choosing the right tool isn’t simple. Ideally, your requirements will be agreed by a multi-functional team composing of IT, archiving, compliance, workflow, website and social media experts. But if you are uncertain that you have the right knowledge in house, then Mosoco will be very happy to help.

Social media risks? Too important to be left to the marketing department

Social media risks? They are all about business reputation aren’t they? Not at all. They stretch right across most organisations.

To demonstrate this we have created a matrix (consultants do love a matrix!) dividing business concerns into four areas:

  • operational efficiency
  • costs and competitiveness
  • customer influence
  • stakeholder support

Operational efficiency is about the smooth running of an organisation – everything from managing logistics to having a motivated and talented set of employees

Costs and competitiveness concerns the heart of any commercial organisation – the ability to deliver a profit; but is also relevant for not-for-profit organisations which need to operate within budgets

Customer influence considers the way customers and prospective customers feel about an organisation and their brands and products

Stakeholder support concerns the degree to which stakeholders such as shareholders and regulators have confidence in the organisation.

As you can see from the image below, social media risks are spread right across these four areas.


In the top left, under Costs and competitiveness we have a number of fairly unrelated risks. Social media use can result in the accidental disclosure of confidential information resulting in breach of confidence cases or the loss of a potential patent application. Employees can infringe the IP of third parties bringing potential damages on the company. And, in the carelessness which typifies so much of social media use, contracts can be accidentally entered into. And breaches of data rules can be expensive as well as damaging to a company’s reputation.

Bottom left we have Customer influence. Most of the issues here are about reputation management. Badly managed social media use might result in breaches of advertising rules (which can also be expensive) or a loss of control of company assets, such as the company Facebook page (again, an expensive thing to rectify). Employees can post inappropriate comments that damage the reputation of their employer. Obsolete content can circulate via social media long after a marketing campaign has finished and this brings its own reputational problems. And problems with products and services can sometimes escalate into a full blown social media PR crisis.

There are a good number of issues in the area of Operational efficiency. Problems with social media use can create issues with employee motivation caused perhaps by bullying or over-rigid and unfair management. This in turn can lead to the perception of a company being a bad employer, making it hard to recruit the best talent. Managerial over-enthusiasm can result in staff privacy being breached and even problems with the duty of care employees have to their staff.

And finally there is the area of Stakeholder support. Having the confidence of non-executive stakeholders such as the Board, shareholders and external regulators is very important. And this confidence can easily be damaged through social media. Potential risks include the impersonation of Board members, a failure to adhere to regulations, accidental disclosure of financial information, and even the libelling of clients and suppliers! It is a key part of corporate governance to manage this.

All in all, it is surprising how far social media risks penetrate into every corner of an organisation. And these risks are too complex to leave to a single organisational function such as marketing or PR. Multi-functional teams are required to manage the risks appropriately. 

Managing the corporate risks of social media

So you think you are safe with social media?Digital risks include many risks from social media

It’s true that using social media is now an established part of the marketing armoury of most organisations. But how safe is it really?

In fact social media present some potentially massive risks and it is important to be aware of these risks and to have processes for dealing with them. It may well be that these risks are covered off in your corporate digital risk management system. But if you don’t have one of these, or if (as is generally the case) it doesn’t cover off social media risks, then you will need to think carefully  about how to identify and mitigate the very real risks that stem from your company and its employees using social media.

But the first thing I want to say is: posting on Twitter or Facebook is the same as taking out an advert in a newspaper and publishing it there. IT IS NOT PRIVATE (sorry for shouting). So if you think someone might be upset by what you say on Twitter, be prepared for the consequences.

 So what about those risks?

Internal risks

It is not unknown for employees to use social media accounts to post inappropriate content about your competitors, or your suppliers. This is obviously not desirable.

It is even more common for salacious or unflattering content relating to a social event, to be posted, and this can be a problem whether or not the event has been formally sponsored by your organisation. For instance photographs of staff members behaving ‘indecorously’ at a party could have a negative effect on your company if the people involved are identified as working for it, say in a caption, or even if they are just tagged.

In addition, personal opinions that do not reflect the organisation’s position can be expressed on a social media account. This can cause confusion or, worse, affect the way people feel about your brand.

These problems are particularly great when the social media account used is owned (or appears to be owned) by your organisation. But even when employees use personal accounts problems can occur, especially where people can be identified as working for your organisation.

At least part of the answer is to develop a social media policy and then train all your staff in its use.

Social media policies

Your social media policy needs to warn people that they are responsible for anything they post online. Not everyone knows that it is possible to libel people, steal Intellectual Property (IP), and even commit criminal offences by using Twitter or Facebook. So tell them this.

It is also generally sensible to tell employees that, unless they are formal spokespeople for your organisations, any content they submit on any site where they are identified as being an employee (e.g. LinkedIn) should be tagged as being their personal opinion and not that of their employer.

But perhaps the most important part of a social media policy is to lay down some rules about what people can say about colleagues and your organisation – whether or not they are posting content at work or on work-related websites. Simple courtesy would dictate that they should not ridicule colleagues or clients. Self-preservation should indicate that they should not be unkind about their employer! Common sense? Then why are there so many ‘accidents’? A social media policy, developed for your particular circumstances, and then shared with your staff will be your first line of defence here.

Board members

Senior employees such as board members should take particular care with social media. Comments about their working day or events in their industry could have unforeseen negative effects, for instance on share price, sales or recruitment, that could in some cases even be deemed illegal.

This will obviously be the case on company-owned accounts. But for anyone remotely in the public eye, comments on private social media accounts can also have unwanted effects. Politicians seem particularly prone to this type of gaffe, perhaps because they are so closely monitored by rivals.

Malicious content

Spoof sites

Spoof and hate accounts can also be a problem for organisations. For instance disaffected employees may create accounts that focus on unflattering descriptions of an organisation.

Negative opinions expressed on a personal account must be endured, although you can choose to ignore, acknowledge or rebut them. Anyone telling lies or setting up an account falsely purporting to be an official account may well be opening themselves up to civil or legal redress although it is often a good idea for large organisations to keep the lawyers at arms length for fear of making the damage worse.


A big risk relates to organisation social media accounts being “hacked”.

While there isn’t necessarily much that you can do against a determined and skilled hacker, care can be taken to ensure that company accounts have adequately secure passwords. Without secure passwords it can be easy for company social media accounts to be hijacked as Burger King found out in February 2013.

Image of Burger King's Twitter profile after it was hacked

Weak passwords can result in social media accounts being hijacked

Ownership risks

Who owns your company Facebook page? Is it a member of the IT team? Or has it been set up in such a way that the company owns and controls it?

Google+ and Facebook procedures mean that business “Pages” are set up from personal accounts, rather than directly by the organisation involved. If a social media enthusiast in your organisation has set up an “official” Facebook page linked to their personal Facebook account you are exposing yourself to unnecessary risk.  After all what happens if they leave?

To guard against this risk, make sure you employ an appropriate strategy when setting up these pages: get a senior trusted employee to set up the business page without using their own personal account; implement appropriate security protocols such as having strong passwords; and ensure you have  back up processes (for instance make sure the password can be found by other people) if key employees are absent.

Managing a PR crisis

Another type of external threat is that of consumers reacting badly about a product or brand and causing a PR crisis.

While this doesn’t happen that often, it is important to be aware of the potential for a PR crisis and to have plans for mitigating them. Listen, prepare and practice.


Monitoring social media is a very effective way (indeed the only way) of identifying an approaching crisis so that action can be taken before it happens. Ideally you will be monitoring social media constantly – especially if you are providing a constant service such as an airline.

Monitoring social media can be time consuming (there are a lot of conversations going on around the world after all) and difficult. It can be done in a variety of ways and, depending on the goals defined in your strategy, can cost very little or a substantial amount. It is however important to ensure that someone in your team has responsibility for monitoring any mentions of your organisation in social media. They will need the authority to respond and/or  a process for bringing significant conversations to the attention of appropriate decision makers.

There are many free social media monitoring tools, such as These are fine if you don’t want to extract a lot of data. For instance it will normally be quickly apparent when a crisis is growing as the number of negative mentions of your organisation or brand will be rising rapidly. However, using a paid service is likely to be easier and safer if your brand is of any size.

Be prepared

It is important to have plans in place to enable appropriate actions to be taken in the event of a crisis. Getting a quick press release out is no longer sufficient. You need to be able to respond, rapidly, in the places where the crisis is building. This is likely to be on Twitter, Facebook or YouTube.

How to prepare? Well, the first thing to do is to imagine the most likely types of crisis. Is it a faulty product, a rogue employee comment, a marketing campaigns that has gone wrong? Identify these potential crises and then create a set of template communications that you can use.

Some of these will probably be holding statements along the lines of “We are urgently looking into this”. Others will be tactical responses such as “We are withdrawing this product line”. They won’t be appropriate if and when a crisis does strike. But they will help you rapidly develop a set of communications designed to manage the crisis.

In addition you will need to set up a triage and escalation process. You will need to define what counts as a crisis (if you are a large brand a handful of unhappy customers probably doesn’t – although insights from these people should be passed to appropriate teams) and you will need to put in place appropriate roles and responsibilities so that predefined people have the authority to react in certain ways. An escalation process for a large crisis is also needed.

Practice makes perfect

It is great having a set of template responses and an emergency team in place. But practising those responses will be invaluable. Social media crises can move very rapidly and this can take people by surprise. They can be very stressful. And the messages you have to deal with can be personal and hurtful.

Setting up a pretend crisis, flooding your response team, with messages from ‘angry’ consumers and giving them the opportunity to practice their responses is the only way to prepare them for a real crisis. In addition it is an essential way of testing whether your template responses and your escalation processes are robust.

A stitch in time…

Social media risk isn’t the same as “digital risk”; so even if you have a digital risk management process in place your organisation may well still be open to considerable social media risk. And managing that social media risk will not be simple. But it can be done, even if you can never avoid any risk completely. 

So if you are worried that your organisation may be exposed to social media risk, or if you would like to know more about how to listen to social media buzz, how to plan for social media emergencies, or how to practice your response,  then call mosoco on 07855 341 589 or email us on We would love to chat.