Felled by Facebook. Turned off by Twitter. Many companies still seem baffled by social media.
From tweets to trolls, posts and wikis, the arrival of social media is making an array of strange new words part of everyday life.
While social media can create new opportunities, it also brings significant challenges. As Ernst & Young information security leader Mike Trovato explains, “The world is changing quite a bit and a lot of organisations are struggling with it in terms of the volatility, visibility and velocity.”
Despite the difficulty, Trovato believes organisations have little choice but to cope as the rising use of social media means there is a range of tricky reputational, security and legal risks that need to be negotiated.
Enterprises are recognising the risk, with Ernst & Young’s 2011 Global Information Security Survey, Connecting through social media, finding close to 40 per cent of almost 1700 respondents in 52 countries rated social-media-related risk issues as challenging. In response, 53 per cent have blocked access to social media sites and 12 per cent have introduced new disciplinary processes.
No clear guidelines
Research conducted late last year by Professor Macnamara, Deputy Dean and Professor of Public Communications at University of Technology Sydney (UTS) has found many Australian organisations are yet to come to grips with this issue.
Trovato also points to the increased IT security risk. This covers issues including the introduction of malicious software via social networks, hacking of accounts and the release of confidential or negative company information or personal data.
Malcolm Burrows, legal practice director at Dundas Lawyers in Brisbane. believes the risks are growing. “Various rulings indicate organisations need to monitor what is said about them and ensure it is true.”
Policy role for HR
Given the clear risks presented by social media, experts urge organisations to develop and implement an appropriate governance framework, and they believe HR has a vital role to play.
Macnamara believes the best solution is a clear governance framework rather than a punitive approach.
“With social media, the first knee-jerk reaction is to ban or block it, but that is not going to work. You need to adapt the organisation’s governance and management framework, not try to control the use of social media,” he says.
Developing a framework
Macnamara believes a good social media policy should help employees understand both the role of social media and the limits. Trovato agrees that empowerment is the right approach. “Employees can misuse applications at work, but if the organisation creates the right culture then that will not happen – or may only happen occasionally – so there is a key role for HR in this area,” Policies on scrutinising social media also need to be covered, as do
appropriate protocols for social media usage – particularly around security, access and archiving.
Training to tweet
“Education and training is absolutely key and is the top way to help control social media,” Trovato says. Macnamara agrees: “You need to establish and enhance employees’ digital media literacy, and help them understand the benefits and risks.”
Bringing the outside in
Using electronic devices with an organisation’s secure network opens up significant data security risks.
Many Australian organisations have taken a ‘safety first’ approach. “Most companies ban employees bringing in their own devices and plugging them into the system,” explains Professor Jim Macnamara of the University of Technology Sydney (UTS).
However, this approach may no longer be appropriate, with employees, customers and suppliers increasingly expecting to be able to access data wherever they are located.
Trovato believes that in the future companies will allow employees to bring their own devices, but not every platform will be permitted.
Facing the law
In addition to IT security and reputational risks, organisations face clear legal risks from social networking, according to Dundas Lawyers’ Malcolm Burrows.
These include:
- Loss of confidential information.
- Tweeting location and activities.
- Trademark infringement.
- Misleading and deceptive conduct.
- Discrimination.
- Liability for employee defamation.