So you think you are safe with social media?
It’s true that using social media is now an established part of the marketing armoury of most organisations. But how safe is it really?
In fact social media present some potentially massive risks and it is important to be aware of these risks and to have processes for dealing with them. It may well be that these risks are covered off in your corporate digital risk management system. But if you don’t have one of these, or if (as is generally the case) it doesn’t cover off social media risks, then you will need to think carefully about how to identify and mitigate the very real risks that stem from your company and its employees using social media.
But the first thing I want to say is: posting on Twitter or Facebook is the same as taking out an advert in a newspaper and publishing it there. IT IS NOT PRIVATE (sorry for shouting). So if you think someone might be upset by what you say on Twitter, be prepared for the consequences.
So what about those risks?
It is not unknown for employees to use social media accounts to post inappropriate content about your competitors, or your suppliers. This is obviously not desirable.
It is even more common for salacious or unflattering content relating to a social event, to be posted, and this can be a problem whether or not the event has been formally sponsored by your organisation. For instance photographs of staff members behaving ‘indecorously’ at a party could have a negative effect on your company if the people involved are identified as working for it, say in a caption, or even if they are just tagged.
In addition, personal opinions that do not reflect the organisation’s position can be expressed on a social media account. This can cause confusion or, worse, affect the way people feel about your brand.
These problems are particularly great when the social media account used is owned (or appears to be owned) by your organisation. But even when employees use personal accounts problems can occur, especially where people can be identified as working for your organisation.
At least part of the answer is to develop a social media policy and then train all your staff in its use.
Social media policies
Your social media policy needs to warn people that they are responsible for anything they post online. Not everyone knows that it is possible to libel people, steal Intellectual Property (IP), and even commit criminal offences by using Twitter or Facebook. So tell them this.
It is also generally sensible to tell employees that, unless they are formal spokespeople for your organisations, any content they submit on any site where they are identified as being an employee (e.g. LinkedIn) should be tagged as being their personal opinion and not that of their employer.
But perhaps the most important part of a social media policy is to lay down some rules about what people can say about colleagues and your organisation – whether or not they are posting content at work or on work-related websites. Simple courtesy would dictate that they should not ridicule colleagues or clients. Self-preservation should indicate that they should not be unkind about their employer! Common sense? Then why are there so many ‘accidents’? A social media policy, developed for your particular circumstances, and then shared with your staff will be your first line of defence here.
Senior employees such as board members should take particular care with social media. Comments about their working day or events in their industry could have unforeseen negative effects, for instance on share price, sales or recruitment, that could in some cases even be deemed illegal.
This will obviously be the case on company-owned accounts. But for anyone remotely in the public eye, comments on private social media accounts can also have unwanted effects. Politicians seem particularly prone to this type of gaffe, perhaps because they are so closely monitored by rivals.
Spoof and hate accounts can also be a problem for organisations. For instance disaffected employees may create accounts that focus on unflattering descriptions of an organisation.
Negative opinions expressed on a personal account must be endured, although you can choose to ignore, acknowledge or rebut them. Anyone telling lies or setting up an account falsely purporting to be an official account may well be opening themselves up to civil or legal redress although it is often a good idea for large organisations to keep the lawyers at arms length for fear of making the damage worse.
A big risk relates to organisation social media accounts being “hacked”.
While there isn’t necessarily much that you can do against a determined and skilled hacker, care can be taken to ensure that company accounts have adequately secure passwords. Without secure passwords it can be easy for company social media accounts to be hijacked as Burger King found out in February 2013.
Weak passwords can result in social media accounts being hijacked
Who owns your company Facebook page? Is it a member of the IT team? Or has it been set up in such a way that the company owns and controls it?
Google+ and Facebook procedures mean that business “Pages” are set up from personal accounts, rather than directly by the organisation involved. If a social media enthusiast in your organisation has set up an “official” Facebook page linked to their personal Facebook account you are exposing yourself to unnecessary risk. After all what happens if they leave?
To guard against this risk, make sure you employ an appropriate strategy when setting up these pages: get a senior trusted employee to set up the business page without using their own personal account; implement appropriate security protocols such as having strong passwords; and ensure you have back up processes (for instance make sure the password can be found by other people) if key employees are absent.
Managing a PR crisis
Another type of external threat is that of consumers reacting badly about a product or brand and causing a PR crisis.
While this doesn’t happen that often, it is important to be aware of the potential for a PR crisis and to have plans for mitigating them. Listen, prepare and practice.
Monitoring social media is a very effective way (indeed the only way) of identifying an approaching crisis so that action can be taken before it happens. Ideally you will be monitoring social media constantly – especially if you are providing a constant service such as an airline.
Monitoring social media can be time consuming (there are a lot of conversations going on around the world after all) and difficult. It can be done in a variety of ways and, depending on the goals defined in your strategy, can cost very little or a substantial amount. It is however important to ensure that someone in your team has responsibility for monitoring any mentions of your organisation in social media. They will need the authority to respond and/or a process for bringing significant conversations to the attention of appropriate decision makers.
There are many free social media monitoring tools, such as socialmention.com. These are fine if you don’t want to extract a lot of data. For instance it will normally be quickly apparent when a crisis is growing as the number of negative mentions of your organisation or brand will be rising rapidly. However, using a paid service is likely to be easier and safer if your brand is of any size.
It is important to have plans in place to enable appropriate actions to be taken in the event of a crisis. Getting a quick press release out is no longer sufficient. You need to be able to respond, rapidly, in the places where the crisis is building. This is likely to be on Twitter, Facebook or YouTube.
How to prepare? Well, the first thing to do is to imagine the most likely types of crisis. Is it a faulty product, a rogue employee comment, a marketing campaigns that has gone wrong? Identify these potential crises and then create a set of template communications that you can use.
Some of these will probably be holding statements along the lines of “We are urgently looking into this”. Others will be tactical responses such as “We are withdrawing this product line”. They won’t be appropriate if and when a crisis does strike. But they will help you rapidly develop a set of communications designed to manage the crisis.
In addition you will need to set up a triage and escalation process. You will need to define what counts as a crisis (if you are a large brand a handful of unhappy customers probably doesn’t – although insights from these people should be passed to appropriate teams) and you will need to put in place appropriate roles and responsibilities so that predefined people have the authority to react in certain ways. An escalation process for a large crisis is also needed.
Practice makes perfect
It is great having a set of template responses and an emergency team in place. But practising those responses will be invaluable. Social media crises can move very rapidly and this can take people by surprise. They can be very stressful. And the messages you have to deal with can be personal and hurtful.
Setting up a pretend crisis, flooding your response team, with messages from ‘angry’ consumers and giving them the opportunity to practice their responses is the only way to prepare them for a real crisis. In addition it is an essential way of testing whether your template responses and your escalation processes are robust.
A stitch in time…
Social media risk isn’t the same as “digital risk”; so even if you have a digital risk management process in place your organisation may well still be open to considerable social media risk. And managing that social media risk will not be simple. But it can be done, even if you can never avoid any risk completely.
So if you are worried that your organisation may be exposed to social media risk, or if you would like to know more about how to listen to social media buzz, how to plan for social media emergencies, or how to practice your response, then call mosoco on 07855 341 589 or email us on firstname.lastname@example.org. We would love to chat.