Social media and reputational risk

A good reputation is the lifeblood of any organisation. And managing reputation in a world where social media plays an increasing part is hard. After all, no organisation can stop consumers criticising them if they choose too. In the past it might not have mattered much if one or two unhappy consumers complained to their friends. But now, a bad review (whether fair or not) can spread around the globe in hours.

Social media risk is the risk that the use of social media by an organisation, or by third parties including the general public, causes loss or damage to that organisation. The risk can be divided into five basic types:

  • reputational risk
  • operational risk
  • compliance risk
  • legal risk
  • asset risk

Reputational risk is the most common form of social media risk, and certainly the most well known. This is in part because much reputational risk is a consequence of other risk factors. In other words, most social media risk factors can lead to reputational damage.

The risks can involve damage to an organisation’s reputation, or to the reputation of brands and products it owns and the services it provides.

These risks vary in importance but they can be found right across most organisations, in finance, operations, HR, marketing, sales and general management.

Social media reputational risks occur across an organisation

There can be a wide variety of causes including:

  • Unethical employee behaviour online or offline such as inappropriate tweets or the uncovering of unethical manufacturing practices by an organisation
  • Consumer reactions to poor quality products and services or inadequate after sales service, especially where these are amplified by the media
  • Impersonation of prominent people associated with the organisation who are then apparently heard saying inappropriate things; or the takeover and altering of corporate social media assets so that they are no longer “on-brand”
  • Inappropriate use of social media by employees such as bullying behaviour or simply the posting of unwise content
  • Poor marketing activity including allowing consumers to discover and respond to obsolete marketing campaigns
  • Unflattering comments by third parties on social media platforms (e.g. poor reviews, aspersions made against directors, negative analysis of financial performance)
  • Unwise comments by executives that are amplified by the media (the “Gerald Ratner syndrome”) with disastrous results

Many instances of reputational damage are not particularly important. There is often a lot of fluttering by social media commentators but if the damaging issue isn’t seen by mainstream consumers the main outcome can be red faces in the marketing department! In these cases it is important not to over react.

The real danger is that a particular issue – low quality, unethical practices, inappropriate public comments by senior executives – gets taken up by the mass media and “amplified”.

 Growth of a social media crisis

Organisations often place their social media risk management processes within PR or marketing. However, reputational damage is not just a concern for marketing departments. A damaged reputation can affect many things adversely, including:

  • Finance: The ability of an organisation to borrow at the best rate of interest; the ability to attract investment can also be damaged and this can result in damage to the share price
  • Operations: The image of the organisation as a “corporate good citizen”, which in turn may reduce influence with external stakeholders such as regulators or suppliers, ultimately resulting in less efficient operations
  • HR: The organisation’s “employer brand” which if damaged can result in difficulties recruiting the best talent
  • Sales: The sales a company makes; in addition the profitability of those sales can be reduced due to increased costs (less influence with suppliers) or by the inability to charge higher prices (less credibility with consumers)

Because the potential effect of reputational risk extends across organisations, it is sensible to monitor the risks outside PR and marketing departments. The ideal organisational structure will allow for social media risk management to be a separate and stand alone function which can work with the relevant business function to manage any difficulty.

As with other social media risks, the simple ALP management process should be applied:

  1. Audit: Identify potential risks using scenarios or knowledge of previous social media “fails
  2. Listen: Listen out for potential problems
  3. Prepare: Prepare for potential problems by:
    1. Developing an appropriate social media policy and training all employees in its meaning and use (this includes Board members)
    2. Agreeing management processes to handle likely risks including escalation processes and generic position statements
    3. Simulating problems and practising the response

As we said at the start of this post, reputational risk isn’t the only risk area to stem from social media. More on the other social media risk areas next week.

Advertisements

What to do if your social media accounts are hacked

If your Twitter feed is hacked, it isn’t likely to knock $160 billion off the Dow Jones. But it could still be very damaging to sales, recruitment or share price.

What will a hack look like?

You will know you have been hacked if unauthorised posts are sent out from your social media account. These might be for “spam” products like diet pills or Viagra. Or they might be designed to damage your reputation perhaps by endorsing competitors or vilifying your own products and brands. Or they might simply be mischievous. Alternatively a hack might involve a change in your social media profile: perhaps a new profile picture or a change to your description, again often with the aim damaging your business. Even if you have taken reasonable measures to stop your accounts from being hacked, they can still happen. So it is a good idea to have a plan in place, just in case. After all, if you are hacked then you will need to respond as rapidly as possible. So here is a simple 5-step plan for damage limitation after a social media hack.

Step 1. Regain control by resetting passwords

The first thing to do (or at least attempt) is to regain control of any hacked accounts. You will do that by changing the password on the account (ideally to something not quite so easy to hack!) If you can’t get access to the account, because the hackers have changed the password, then try resetting your password using the forgotten password link on the site. You should then get a message, sent to the email registered as belonging to the account’s administrator, which will allow you to reset the password. At the same time you should also change the password of the account administrator’s email address. This may have been hacked too and if it has then it will be all too easy for the hackers to gain control again.

If you can’t regain control

If the hackers have locked you out of your account and you can’t get back in, then you will need to contact the social platform directly. This may take a little time as there will be forms to fill in and proof to provide so it is important to start this process as soon as possible. All the big social media sites provide an easy way into this process:

  • Facebook: http://www.facebook.com/hacked
  • YouTube: support.google.com/youtube/answer/175276?hl=en (link to AutoRecovery at bottom of page)
  • LinkedIn: help.linkedin.com/app/answers/detail/a_id/1501/ft/eng (link to Contact Us at bottom of page)
  • Twitter: support.twitter.com/articles/185703-my-account-has-been-hacked (link to Contact Support at bottom of page)
  • Google+: support.google.com/mail/answer/50270?hl=en

Lock down content publishing if you can

If you can, it’s a good idea to lock down any publishing activity while you check the security of all your social media accounts. Some software providers such as Nexgate’s ProfileLock will do this automatically should they detect an unauthorised change to your profiles.

Step 2. Protect your other platforms

The next thing you need to do is to check all your other social media platforms and ensure they have not been hacked as well. If they are safe check that they have a secure password and that this is different from the passwords on your other social media sites.

Step 3. Get back to normal

Once you have control back you will want to get your social media accounts back to the state they were in before the hacking incident.

Delete unwanted content

You will need to delete any unwanted content such as tweets that have been sent out without your authorisation. This doesn’t guarantee the content will disappear completely and for ever. Other people may have seen it and saved it or shared it with other people. But you can at least limit the possibility of other people seeing being exposed to messages you don’t want them to see.

Check account settings

Back in control, you will also want to make sure there aren’t any nasty surprises waiting for you. Have any automated responses been tampered with? Does your profile or email signature contain new and unwanted links? Have any Twitter lists been tampered with? Do you have new some “friends” you weren’t expecting to see?

Step 4. Let people know

There is no point in hiding the fact that you have been hacked. If it is embarrassing they are bound to find out. It is far better to tell people what has happened and apologise for it.

Tell your audience

Post messages, e.g. tweets, to anyone following you apologising for any inconvenience or offence caused. It may be appropriate to pay to promote these messages if that option is available on the platform you are using. If you don’t it is highly likely that many people who follow your social media accounts won’t see your explanation. It may also be sensible to put a message upon your website and any other “static” content such as blogs and even social media profiles. Some companies have ready-made web pages that are pre-approved and can be published quickly in the event of an emergency. It is likely that you will want this page to be a template of some sort so that the precise content can be adapted to suit the nature of the crisis.

Tell your employees

Make sure you have a clear communication plan that is directed towards your employees. They may need reassurance that the damage won’t affect them; they will certainly need to know what to do and say if they are asked about the crisis by friends or peers.

Tell the media

It is also sensible to tell the media, who are likely to pick up on a crisis anyway. Of course if the breach is trivial then there may not be any reason to do this but if the breach is potentially damaging then you will want to make sure any relevant media have your version of events as soon as possible.

5. Review your security

Once things have settled down you will want to review your security to reduce the risk of anything similar happening again. You will of course cover off the basics: make sure that passwords are robust and that you have managed and limited access to your social media accounts. But there are a few other things you need to do as well.

Review any apps that have access

Review any applications that have access to your social media accounts and remove any that you don’t recognize. Apps may include measurement tools, media owner sites, or tools that link different social media platforms. For instance if you want to see the apps that have access to your Twitter profile you can find them at twitter.com/settings/applications. If in doubt it may be safest to delete all applications and then start adding apps to your account from scratch.

Check for viruses

Run a virus scan on any devices that have been used to access your social media accounts to ensure you haven’t picked up a virus or other malware. Don’t forget to check any mobile devices that may be used and if home computers are ever used to access your social media accounts then ask the relevant people to check these too.

Enable 2-factor authentication

Many social networks now offer “2-factor authentication”. This is a security system which requires a number sent to a device like a mobile phone as well as your password to get access. Generally this makes it very difficult for a hacker to break into your account. So if this hasn’t been set up on your social media accounts you should do so right away, unless you are using software such as Single Sign On software that makes this unnecessary.

Review your training

Most hacking events are the result of human error – clicking on a phishing URL or using weak passwords for instance. In order to guard against future risk, review the knowledge of anyone who has the ability to log on to your social media accounts, whether or not they ever do so. Do they understand the need for strong passwords, are they aware of the risks caused by cookies, do they always check which site they are going to when clicking on shortened URLs, are they aware of how they might get fooled in a phishing attach? If your staff are knowledgeable about these issues then the chance of a social media hack will be very much reduced. Any other tips? Please do let us know.

Reducing the risk of social media hacks

Imagine you are the CEO of a bank. Despite the grey suit you are down with the kids, tweeting regularly, and generally being hip.

And then your twitter account is hacked. Someone sends out a tweet in your name that says your bank has made huge losses in the financial markets and doesn’t have enough money to repay current account holders. People panic and there is a run on the bank…

Couldn’t happen could it! Or could it? It’s only a year since the AP Twitter account was hacked and messages about bombs in the White House caused a massive 143 point drop on the Dow Jones Index.

Social media are very credible and as a result very powerful.

So of course you want to avoid your social media accounts getting hacked. It’s not easy, in fact it is impossible to guarantee absolute security (and I won’t be surprised if someone hacks into this blog just because I am writing about security!), but there some steps you can take to keep them reasonably secure.

How do social media hacks happen?

First of all though, knowing how social media accounts get hacked will help protect you. Generally this happens because someone who wants to cause mischief or wreak revenge gets access to a password. And they get access in a number of ways including:

  • Simple passwords are hacked using “brute force” software that runs through all the possible combinations of letters and numbers
  • Unprotected portable devices are lost or stolen
  • Devices are infected with spyware
  • People who know a password leave a company and that password isn’t changed
  • A shared personal device allows access to a social media account by non-authorised people
  • Password lists are made available to non authorised people

So what can you do about this?

Use strong passwords

The very first thing you need to do is ensure that social media passwords are strong. That means: a minimum of 12 characters including at least one each of an upper case letter, a lower case letter, a number, and a keyboard symbol (like ! % or &).

Words and names should not be used as part of this: so Password isn’t a great password. And guess what. People realise that numbers are commonly substituted for letters. So P455w0rd isn’t great either!

As words and names are a no-no you will need a simple trick to come up with a great password. It’s easy in fact. Think of a phrase such as “I love my wife Delvina and my two boys Caspar and Tarquin!”. Now take the first letters and turn that into a password: “IlmwD&m2bC&T!”. Complex but easy to remember. And so much better than Password!

Next it is sensible to ensure that passwords are different for all your social media accounts. After all if one does get hacked you don’t want them all being hacked. And change them a couple of times a year. Scott Aurnou has written an excellent post on passwords.

Limit access

The next step is to limit the number of people who have access to the social media accounts. Simple if they are your own accounts but more complex in a company where you may want several people to be able to post content.

Start by doing an audit. And remember to check whether any third parties like your PR company also have access (if so do you will want to know whether they share your password with all their employees).

Next, severely limit the number of people who have access in future. And make sure that written into their contracts is a stipulation that passwords must not be shared and an explanation of sanctions if they do so. If necessary appoint an “editor” who uploads content written by other people. Oh, and do make sure you keep a record of who does have access somewhere.

Ideally, and if budgets allow, you will also implement Single Sign On (SSO) technology (such as Nexgate provide) to manage access to your social media accounts. This means that when people sign into their work computers only authorised people will be given access to social media accounts, but they will be given access without having to input a password. As they don’t know the passwords then you can simply deny them access should they leave or their role change.

One more thing to lookout for. Some social media platforms including Facebook and Google+ require business pages to be set up from private social media accounts. If this is the case you will have trouble managing these accounts in the future if the person who set them up leaves your company. The easiest thing to do is probably to start afresh with these platforms, even if it means sacrificing some assets such as people who Like you.

Prevent cookie attacks

Several big social media platforms including Twitter and Facebook are designed to remain open continuously, so that every time you go to your computer or mobile phone you can read and post content.

Convenient; but keeping an account open all the time can give people a really easy way into your social media account, especially if the account is open on a mobile device which subsequently gets lost or if you are using a shared device and forget to log out.

As people will inevitably forget to log off on some occasions, the most secure way to handle this is to require access to corporate social media only via fixed company equipment. This does mean that people won’t be able to post updates from Twitter and Facebook when they are out and about. I’ll come you how you manage that disadvantage in a moment.

Avoid phishing attacks

Another common problem is “phishing” which is where a hacker sends you message that seems to be from your social network, asking you to log in to your account for some plausible reason. They provide you with a handy link. You, thinking you are logging into your Twitter account, enter your username and password into a fake login page, which promptly captures the data. You have been hacked. Often these attacks are highly personalised and will use your name, as a result looking very credible.

The only way to prevent phishing attach is through education. Train people to look for suspicious emails. Get people to check the actual address of the site they are logging into by looking at the address bar or better still avoid clicking on links (especially shortened URLs) in emails and navigate directly to their social media account instead.

Additional security can be provided by using the SSO technology mentioned earlier as these tools won’t automatically complete your log in information if you aren’t on a legitimate site. But if you don’t have that then education (and common sense) is your only defence.

Protect mobile devices & manage wi-fi use

Business people who have a requirement to post on social media sites for their employers are highly likely to have a smart phone or a laptop. And mobile devices represent a real risk because:

  • They can be lost or stolen
  • They may connect to the internet via unsecure or dangerous connections

The easiest way to manage risk this is to limit access to corporate social media accounts via fixed computers in secure office locations. This might sound draconian but in practice most social media can be managed in this way with executives who are out of the office mailing posts to colleagues who can post from the secure location of the office.

But what about newsy posts that require immediate publication? For instance tweets at a conference or Facebook posts at an industry event? Here are some ideas:

  • Ensure the mobile device you are using is adequately password protected, especially if you are using a password vault like LastPass to make logging on to a number of different accounts easy
  • Password vaults remember passwords for you. Ideally I wouldn’t use them on a mobile device but if you do make sure you have the ability to lock or wipe it remotely in case you lose it; (IT managers should audit the remote use of social media and where appropriate provide such remote locking or wiping capabilities to privately owned devices)
  • If you are logging on to Twitter or Facebook on a mobile device make sure you log off after you finish
  • If you are accessing social media via wi-fi then check to make sure it is the official wi-fi (check the exact name) and don’t be tempted to use an unsecured wi-fi that seems to offer easy access; (personally I would never use wi-fi outside the home or office for any sensitive purpose, but then I am a cynic)
  • If you are tweeting via wi-fi then don’t use the corporate account, or your own account if you are a prominent person (e.g. a director of a large corporate). Set up a secondary account and use it for out-of-office events. Use the hashtag for the event to ensure that people find your posts. Get colleagues to follow the secondary account and share your posts via the main corporate account as soon as possible

Educate

Ultimately a lot of protection can be gained through education. Help people understand where the risks lie and what they can do to minimise them. Education is a cornerstone of security. It won’t protect you all the time (nothing will) but with the right processes and attitudes in place the risks can be reduced massively.

Social media risks: are you tooled up?

Angry customers dissing your brand; employees who give away trade secrets in their Facebook posts, chief execs whose Twitter accounts get hacked: The risks from social media are not always easy to manage. Even the well known risk of negative PR can be hard to manage if you don’t have the right social listening tools in place. The tools available to help manage social media risks go a long way beyond social listening, but let’s start with that.

Social listening tools

There are dozens of social listening tools available. Some of these are free. Some of them cost a modest amount, a few hundred dollars a year. And some can cost thousands. But they all do the same thing: identify what people are saying about your brand or company on social media platforms. So why pay, when there are so many free tools? Well, it depends on resources of course, and the importance of social media listening to your organisation. Some things to consider (beyond cost) when choosing a tool are:

  • Which platforms are monitored? There are a lot of tools that just focus on Twitter for instance
  • How much data can you get? Some tools will only give you results for a limited number of posts or a limited time frame
  • Is anything beyond a list of posts included? Some tools include analysis of sentiment (are the posts positive, negative or neutral) or potential reach; others enable you to filter the results by language, influence, demographics or region
  • Is the tool primarily a listening tool or does it double up as a content management tool?

Free multi-platform tools worth considering include Social Mention, Ice Rocket (especially good for blogs) and Google Alerts (you set up an email alerts so that  Google tells you whenever anyone uses your brand name, strapline or url).

Point of presence tools

Tools that can identify brand “points of presence” are similar to social listening tools although they perform a slightly different function. By a point of presence we mean a site on the internet that is, or purports to be, associated with your brand. Many social listening tools just listen for conversations and won’t be able to pick up sites that are using your brand assets such as your brand name, logo or strapline. If someone is using your brand assets this may be because they are a fan. But it may also be because they want to say unpleasant things about you, or to sell fake products. Having a tool that will identify when your brand name, logos and straplines are being used can be an important safeguard. Some tools can help you identify when your logo is being used while others will look for “strings” of text to find brands in URLs or social media profile pages. For a free way to identify places where your logo is being used, paste its image into Google images. To find your brand name in a URL, go to Google Advanced Search and select “in the URL”, within the “terms appearing” option. And to find mentions in particular social media platforms simply type in the platform name (e.g. Twitter.com) into the “site or domain” option of Google Advanced Search. Free tools have their limitations and a much more powerful paid solution that is worth investigating is provided by Brandle.

Moderation

If you are serious about posting to social media platforms the chances are that you already have a moderation tool. But if you don’t, then should you consider it? Moderation tools can help you prevent inappropriate posts by employees – for instance posts containing particular words can be flagged up for authorisation by a more senior person. This is a risk for companies that don’t have content marketing management tools in place, simply because without them it is easy for an enthusiastic employee to forget whether they are posting on their personal account or the company’s account. Moderation tools can also manage the risks that exist if your site accepts content from the general public, e.g. reviews or forums. It can be expensive to use a human to moderate all the posts that come in so automating the process to delete or quarantine any posts with unsuitable language can be a sensible investment. One company in this space is Discussit although if human moderation (which provides better risk management)  is also necessary, then a specialist firm like eModeration, which can moderate posts in many different languages, is also worth investigating.

Productivity

One of the big risks from social media is the potential loss of productivity that can occur when employees spend too much time on Facebook and Twitter. As preventing their use totally is likely to be counter productive, one strategy can be to manage their use possibly by limiting the times when access is available to social media platforms although tools like Websense provide more sophisticated management such as letting people use LinkedIn but disallowing job searches or letting people post on Facebook but not chat.

Archiving

Saving social media conversations in case of future legal actions is a sensible precaution if budgets allow (or if you work in a regulated industry where this is required). There are many archiving tools available and things to consider include:

  • Is the archive easily searchable and rapidly available?
  • Are actions (e.g. retweets) and metadata (e.g. tags) archived as well as original content?
  • Are “conversations” (forum threads, series of tweets etc) archived as conversations or individual posts?
  • Does all content get archived or can posts that are subsequently deleted become lost?

Archiving can be expensive and choosing the right tool isn’t easy. There is a comprehensive (probably over-comprehensive) list of options at USA’s National Archives; companies worth looking at include Smarsh, Hanzo Archive, and  Archive Social.

Security

One of the big risks associated with social media is inadequate security: having the corporate Twitter account hacked can be embarrassing but could also result in real reputational damage. Protection requires secure passwords – and yet according to SplashData the most common password is “123456”. Any social media account using that (or “password”, the second most common password) is ignoring some massive risks. Some content management platforms such as Crowd Control HQ can force certain password protocols on users of corporate social media platforms, making them more secure while at the same time providing an easier way to manage complex passwords.

Testing and practising

You can take a lot of time and effort developing ways of reducing social media risk. And you can invest in the best tools to help you with this. But unless you test your systems then you can still be wrong footed. To that end various tools are available that enable you to practise managing a social media crisis. These use a combination of software, content templates and real people to simulate a PR crisis over a number of hours or days which you can then respond to. As well as giving your social media team experience of what it is like to handle a crisis, your processes (any template content, together with management and escalation processes) will be stress tested and any weaknesses should be uncovered. A number of PR companies have developed services here. Check out Polpeo for an excellent example.

Disclaimer

We don’t have any formal connection with any of the tools and services mentioned in this post. They are all well thought of but there are many more out there, and the right tool for you will depend on your budget, your corporate and social media goals, and your particular circumstances. If you want some advice about what is right for you then call us on 07855 341 589 or email jeremy@socialmediarisk.co.uk: we would be happy to explore your options.

Managing the corporate risks of social media

So you think you are safe with social media?Digital risks include many risks from social media

It’s true that using social media is now an established part of the marketing armoury of most organisations. But how safe is it really?

In fact social media present some potentially massive risks and it is important to be aware of these risks and to have processes for dealing with them. It may well be that these risks are covered off in your corporate digital risk management system. But if you don’t have one of these, or if (as is generally the case) it doesn’t cover off social media risks, then you will need to think carefully  about how to identify and mitigate the very real risks that stem from your company and its employees using social media.

But the first thing I want to say is: posting on Twitter or Facebook is the same as taking out an advert in a newspaper and publishing it there. IT IS NOT PRIVATE (sorry for shouting). So if you think someone might be upset by what you say on Twitter, be prepared for the consequences.

 So what about those risks?

Internal risks

It is not unknown for employees to use social media accounts to post inappropriate content about your competitors, or your suppliers. This is obviously not desirable.

It is even more common for salacious or unflattering content relating to a social event, to be posted, and this can be a problem whether or not the event has been formally sponsored by your organisation. For instance photographs of staff members behaving ‘indecorously’ at a party could have a negative effect on your company if the people involved are identified as working for it, say in a caption, or even if they are just tagged.

In addition, personal opinions that do not reflect the organisation’s position can be expressed on a social media account. This can cause confusion or, worse, affect the way people feel about your brand.

These problems are particularly great when the social media account used is owned (or appears to be owned) by your organisation. But even when employees use personal accounts problems can occur, especially where people can be identified as working for your organisation.

At least part of the answer is to develop a social media policy and then train all your staff in its use.

Social media policies

Your social media policy needs to warn people that they are responsible for anything they post online. Not everyone knows that it is possible to libel people, steal Intellectual Property (IP), and even commit criminal offences by using Twitter or Facebook. So tell them this.

It is also generally sensible to tell employees that, unless they are formal spokespeople for your organisations, any content they submit on any site where they are identified as being an employee (e.g. LinkedIn) should be tagged as being their personal opinion and not that of their employer.

But perhaps the most important part of a social media policy is to lay down some rules about what people can say about colleagues and your organisation – whether or not they are posting content at work or on work-related websites. Simple courtesy would dictate that they should not ridicule colleagues or clients. Self-preservation should indicate that they should not be unkind about their employer! Common sense? Then why are there so many ‘accidents’? A social media policy, developed for your particular circumstances, and then shared with your staff will be your first line of defence here.

Board members

Senior employees such as board members should take particular care with social media. Comments about their working day or events in their industry could have unforeseen negative effects, for instance on share price, sales or recruitment, that could in some cases even be deemed illegal.

This will obviously be the case on company-owned accounts. But for anyone remotely in the public eye, comments on private social media accounts can also have unwanted effects. Politicians seem particularly prone to this type of gaffe, perhaps because they are so closely monitored by rivals.

Malicious content

Spoof sites

Spoof and hate accounts can also be a problem for organisations. For instance disaffected employees may create accounts that focus on unflattering descriptions of an organisation.

Negative opinions expressed on a personal account must be endured, although you can choose to ignore, acknowledge or rebut them. Anyone telling lies or setting up an account falsely purporting to be an official account may well be opening themselves up to civil or legal redress although it is often a good idea for large organisations to keep the lawyers at arms length for fear of making the damage worse.

Hacking

A big risk relates to organisation social media accounts being “hacked”.

While there isn’t necessarily much that you can do against a determined and skilled hacker, care can be taken to ensure that company accounts have adequately secure passwords. Without secure passwords it can be easy for company social media accounts to be hijacked as Burger King found out in February 2013.

Image of Burger King's Twitter profile after it was hacked

Weak passwords can result in social media accounts being hijacked

Ownership risks

Who owns your company Facebook page? Is it a member of the IT team? Or has it been set up in such a way that the company owns and controls it?

Google+ and Facebook procedures mean that business “Pages” are set up from personal accounts, rather than directly by the organisation involved. If a social media enthusiast in your organisation has set up an “official” Facebook page linked to their personal Facebook account you are exposing yourself to unnecessary risk.  After all what happens if they leave?

To guard against this risk, make sure you employ an appropriate strategy when setting up these pages: get a senior trusted employee to set up the business page without using their own personal account; implement appropriate security protocols such as having strong passwords; and ensure you have  back up processes (for instance make sure the password can be found by other people) if key employees are absent.

Managing a PR crisis

Another type of external threat is that of consumers reacting badly about a product or brand and causing a PR crisis.

While this doesn’t happen that often, it is important to be aware of the potential for a PR crisis and to have plans for mitigating them. Listen, prepare and practice.

Listen

Monitoring social media is a very effective way (indeed the only way) of identifying an approaching crisis so that action can be taken before it happens. Ideally you will be monitoring social media constantly – especially if you are providing a constant service such as an airline.

Monitoring social media can be time consuming (there are a lot of conversations going on around the world after all) and difficult. It can be done in a variety of ways and, depending on the goals defined in your strategy, can cost very little or a substantial amount. It is however important to ensure that someone in your team has responsibility for monitoring any mentions of your organisation in social media. They will need the authority to respond and/or  a process for bringing significant conversations to the attention of appropriate decision makers.

There are many free social media monitoring tools, such as socialmention.com. These are fine if you don’t want to extract a lot of data. For instance it will normally be quickly apparent when a crisis is growing as the number of negative mentions of your organisation or brand will be rising rapidly. However, using a paid service is likely to be easier and safer if your brand is of any size.

Be prepared

It is important to have plans in place to enable appropriate actions to be taken in the event of a crisis. Getting a quick press release out is no longer sufficient. You need to be able to respond, rapidly, in the places where the crisis is building. This is likely to be on Twitter, Facebook or YouTube.

How to prepare? Well, the first thing to do is to imagine the most likely types of crisis. Is it a faulty product, a rogue employee comment, a marketing campaigns that has gone wrong? Identify these potential crises and then create a set of template communications that you can use.

Some of these will probably be holding statements along the lines of “We are urgently looking into this”. Others will be tactical responses such as “We are withdrawing this product line”. They won’t be appropriate if and when a crisis does strike. But they will help you rapidly develop a set of communications designed to manage the crisis.

In addition you will need to set up a triage and escalation process. You will need to define what counts as a crisis (if you are a large brand a handful of unhappy customers probably doesn’t – although insights from these people should be passed to appropriate teams) and you will need to put in place appropriate roles and responsibilities so that predefined people have the authority to react in certain ways. An escalation process for a large crisis is also needed.

Practice makes perfect

It is great having a set of template responses and an emergency team in place. But practising those responses will be invaluable. Social media crises can move very rapidly and this can take people by surprise. They can be very stressful. And the messages you have to deal with can be personal and hurtful.

Setting up a pretend crisis, flooding your response team, with messages from ‘angry’ consumers and giving them the opportunity to practice their responses is the only way to prepare them for a real crisis. In addition it is an essential way of testing whether your template responses and your escalation processes are robust.

A stitch in time…

Social media risk isn’t the same as “digital risk”; so even if you have a digital risk management process in place your organisation may well still be open to considerable social media risk. And managing that social media risk will not be simple. But it can be done, even if you can never avoid any risk completely. 

So if you are worried that your organisation may be exposed to social media risk, or if you would like to know more about how to listen to social media buzz, how to plan for social media emergencies, or how to practice your response,  then call mosoco on 07855 341 589 or email us on hello@mosoco.co.uk. We would love to chat.

5 steps to an effective social media strategy

Why are we investing in social media? What’s our strategy here? It’s an important question, and all too often one that isn’t adequately explored.

It doesn’t have to be difficult to develop an effective social media strategy. But it does take some structured thinking. Which is why we have created a simple 5 step process for developing a social media strategy.

5 step social media strategy process

5 step social media strategy process

Step 1: Understand what strategy really is

Understanding strategy is important for any organisation. But it is easy to get confused about what a strategy is, and what it isn’t. A strategy isn’t a marketing plan or a project to develop a new product. Strategy isn’t tactical.

At the business level, strategies are about identifying organisational goals, and long term (typically 2 to 5 years) planning to meet those goals by allocating appropriate resources.

But strategies can also be developed at an operational or functional level. So businesses can have social media strategies that define the purpose of social media activities and plan (typically over a period of 1 to 2 years) how to meet them. Two main elements to social media strategies then: what the goals are; and how we are going to achieve them.

So far, so theoretical. In step one there has to be senior level agreement as to how the project needs to be defined. This means appointing a senior project leader,  supported by a board level social media champion.

Step 2. Establish the scope of social media

The next step is to define the scope of  social media within the organisation. This must be done by the project leader leader and the social media champion. They will need to do this in order to agree exactly who should be included in the project team.

This is because social media means different things to different people. Does it include paid advertising on Facebook; does it include wikis; does it include reviews on Amazon; does it include social news and social book marking?

Depending on the organisation, there is a need to establish and agree precisely what fits into the social media space. Failing to do this may lead to confusions and disagreements at a later stage. More importantly it may result in important goals being left out of the project.

Step 3. Agree the goals for social media

What are the reasons for investing in social media? It could be many things. For one of Mosoco’s clients it is purely about CRM. For another, it is about establishing thought leadership.

There is no right or wrong answer. The reasons for spending time with social media can include a variety of marketing goals including:

• Marketing intelligence
• Brand promotion
• Brand positioning

But it doesn’t just have to be focussed on marketing. There can be sales goals too such as:

• Lead generation
• CRM
• Loyalty building

There might even be a need to influence stakeholders who are not customers such as:

• Employees
• Suppliers
• Investors
• Legislators

It’s complicated. So the social media team needs to take some time establishing social media goals, and agreeing how these fit with wider organisational goals.

Step 4. Agree on objectives and how to achieve them

This is where it gets busy! Goals are fairly broad but objectives need to be narrow and precise: they need to define:

• The current position
• The desired position
• The methods and resources that will be employed to achieve the desired position

Objectives need to be SMART (specific, measurable, achievable, relevant, time based). So if one of our social media goals is lead generation we need to define:

• How many (and what sort of) leads are currently generated via social media
• How many we want to generate in the future
• What methods we will use to achieve this
• Who will be responsible for implementing the methods
• What resources they will have, and
• How long they will be given

In practical terms some of the issues that need to be addressed are:

• Which platforms do our target audience use
• Of those platforms, which will be best for achieving our goals
• How will we achieve our goals on each platform, for instance:

  • Will we be proactive or reactive (e.g. engage with prospects directly on Facebook but use Twitter to understand customer concerns)
  • Will we use different platforms at different times to achieve different things (e.g. promote an event on Google+and a competition on Facebook
  • Will we have a different tone of voice on different platforms (e.g. more formal on LinkedIn and more approachable on Pinterest)

• What tools do we need (e.g. planning tools like Hashtagify, measurement tools like TweetReach, an editorial calendar, a tool for scheduling posts like buffer app, a budget for creating images and info-graphics)

Step 5. Lather, rinse and repeat

It isn’t easy to get social media activities right first time. Being able to measure the effect of our investment is key to any strategy. If we have considered our goals carefully and agreed SMART objectives we should know what success looks like.

And it may not look much like what we have achieved initially! If that’s the case, don’t panic. In any hard-to-predict activity like social media it is important to be confident and flexible, and to have an iterative approach to activities.

Measure, analyse, learn and improve.

If you would like to know more about developing your social media strategy then drop us a line at hello@mosoco.co.uk or call us on 07855 341 589.

Social media for B2B organisations: a topline review

Introduction

How can businesses use social media to promote themselves to other businesses?

Reasons for using social media include: CRM and managing customer complaints; developing insights into target audiences for new product development and communication proposition development; and crisis management.

However, there are lots of marketing benefits to using social media and these include:

  • Developing a thought-leadership position
  • Promoting awareness of new products and services
  • Identifying prospects

The post is deliberately simple. A lot of business leaders are not experts in social media (why should they be?) So, if you are a business leader in the B2B space who is curious about why your company is using social media, or whether it should be, then this post should be useful to you.

Image

LinkedIn

LinkedIn is a powerful business tool for small and large companies. As well as being a way that individual employees can build up networks, it is also an essential part of any business-to-business social media strategy.

There are three main assets to consider when developing your company LinkedIn strategy:

  1. The company LinkedIn page
  2. The groups that you or your employees become a member of
  3. The LinkedIn pages of your employees, especially senior ones

Using LinkedIn is free, although it is possible to subscribe to the premium service where you will get more information about who is visiting your pages. You can also pay to promote your presence on LinkedIn.

The company LinkedIn page

Your company LinkedIn page can be seen as an extension of your website. But it can reach LinkedIn members more easily than your website.

Your company LinkedIn page should contain basic data about your organisation as well as information about your products and services; you can also use it to display job opportunities.

Where possible, clients should be encouraged to provide endorsements of your products and services that you can post on the site

The intention should be to generate as large a group of “followers” as possible, as you will be able to communicate with these people directly on LinkedIn. You don’t need thousands though: aiming for around 100 is a good start and will generate real returns.

Updates

Once the company page is set up, plan to provide your followers with interesting “status updates” (company news, events etc) as well as attracting people who are searching for particular topics on your page. With a large number of followers you can segment the information you send out.

Linkedin Groups

Joining groups

Encourage employees to join relevant LinkedIn groups and to contribute intelligent and thought-provoking comments to discussions. Simply search for keywords and then click “open groups” under “categories” on the left of the results page to filter out results that are not groups.

Plan to monitor the discussions within a few groups on a daily basis and make intelligent contributions when (and only when) you have something useful to say.

Launching groups

It is possible to launch a new group based around a particular interest area. Finding a niche for a new group can position your company as a thought leader. However there is little point in doing this if there are well established and well used groups that will compete with your new group; so look for niche topics or perhaps set up a group intended to appeal to people in a particular geographical area.

LinkedIn pages

Senior company executives should all have LinkedIn pages. But all staff should be encouraged to sign up and spend a little time each week in developing and managing their LinkedIn profile and activities such as joining groups and contributing to discussions.

Employees, especially senior ones, should be encouraged to link their page to the company website in their profile settings. Ideally their description of their role and their background will contain key words and phrases you wish people to associate with your company.

A good example of a company LinkedIn page is Hewlett –Packard. Here’s an example of an interesting HP post on their LinkedIn page.

Twitter

Twitter is a “microblogging” service which allows you to publish short (140 characters) content, known as “tweets”. These posts can include links to images, videos and other documents.

Twitter is another very powerful tool for businesses. While it is often used as a customer service tool (increasingly consumers use it to complain or ask questions about products) it is also a useful promotional tool. It doesn’t cost anything to set up a Twitter profile and to start tweeting although you can always pay to promote your tweets if you think they are worth it.

Profile

The first thing a company needs to do on Twitter is to set up one (or more) accounts. For each account there is an opportunity to set up a small profile page on which you can share a sentence about your company, an address, and a website, together with your logo or an image you can use as a promotional tool.

Posting

By posting tweets about topics you hope your prospects and customers will be interested in you can generate sustained awareness of your business and create a position of thought-leadership. The idea is that people will come across your tweets and if they find them interesting they will “follow” you on Twitter in the hope of getting more interesting information.

There are a few guidelines to follow if you are going to get the most out of Twitter:

  • It is important not just to blow your own trumpet by telling people about your products and services all the time. Use Twitter to generate kudos for your company by sharing useful information from third parties.
  • Send out tweets several times a week, and ideally several times a day. But don’t overdo it. If you send out dozens of tweets everyday you will simply overwhelm people and they will stop following you.
  • Good tweets will be shared (“re-tweeted”) by people. Observe what sort of content gets shared and create more of it.
  • Include “hashtags” in your tweets. Hashtags are keywords that are preceded by a # sign (e.g. #socialmedia) and they will identify your tweet as being relevant to people looking for information about a particular topic.

Campaigning

You can be quite targeted with Twitter. If you want to identify people with particular interests you can do so. For instance a social media service provider might be interested in people talking about using social media; in contrast a manufacturer of printers might be interested in finding influential bloggers who write about office technology as identifying individual printer customers might not be commercially effective.

Tools like twtrland (which starts at about £150 a year) enable you to identify people who talk about your brand, the most influential people in a topic area, or individuals in particular locations who are tweeting about particular subjects. You can then start conversations with these people.

Blogging sites

Blogging sites are where you will probably do the “heavy lifting” part of your thought leadership activities. Blogs are unrestricted in length (although your readers’ attention span will be!) and can contain imagery and videos to make them more attractive.

Blogging is a fairly simple process: it involves sending out a stream of content on a reasonably regular basis. No need to do it every hour, or even every day. But you should aim to write a blog piece once a week or so. These should be designed to showcase and share research and insights you may have, and should contain those key words and phrases you wish to promote online. It is OK to blog about your products and services as well, but if you just write about them you won’t get many people following you!

Remember to use Twitter to tweet about your posts and mention them in your LinkedIn updates as well.

Sites like wordpress.com make it very easy to set up a new blog and it doesn’t have to cost you anything: you don’t need any design skills as there are lots of template designs you can choose, including plenty of free ones.

Google+

Google+ is a rapidly growing social network (it has several hundred million users worldwide), a little like Facebook. It is important in its own right, but also because the Google search engine will rank content on Google+ more highly than the same content it finds elsewhere. So there are obvious advantages to placing your content there.

Once you have created a company Google account and Google+ page you need to do the following:

Circles

Identify some topic areas and then start following relevant people and pages and add them to the appropriate circle .That way you don’t have to share your posts with everyone you are following.  For instance, you could have different circles for clients, prospects, journalists etc

Posting

Once you build a network of people you can start interacting with them by content. You can do this directly on the page or automatically –  for instance by linking blog posts so that they appear on your Google+ page.

By tagging people or businesses and using relevant hashtags you can make your presence on Google+ stand out more and be more relevant.

Communities

Communities on Google+ are a bit like LinkedIn groups: places where you can have debates, leave questions and post answers. By participating in them you will not only be able to engage with other people, you will have the potential to enhance you thought-leadership.

The best of the rest

If you blog, tweet, network at LinkedIn and join in with Google+ communities you will be doing a great deal of social media marketing. There are dozens of other online communities of course. But you can’t do everything.

So once you have covered the basics you need to decide whether you have the resources to get involved elsewhere:

  • If you feel that images and photographs are particularly relevant to your brand then Pinterest may be something to consider.
  • If your audience is quite specific, for instance accountants, then a specialist community like accountingweb might be what you need.
  • If you are recruiting large numbers of people or are having difficulty recruiting the right calibre of applicant then perhaps a presence on Facebook will enable you to promote the more informal and fun side to working at your company
  • If you have the resources to create videos about your products and services then YouTube will also be a natural home.

All of these and more will be relevant in certain circumstances and for certain organisations. But, as we said above, you can’t do everything so deciding on which ones to focus on will depend on your objectives, your resources, and your business profile.

Want to know more? Get in touch with mosoco: email us at hello@mosoco.co.uk to ask us a question about this post or to see how we can help with your social media marketing.