In the news today, social media risks for individuals are certainly grabbing the headlines. Celebrity hacking, child exploitation, identity theft and fraud, just to name a few. However, the risks for corporations are even greater when you consider the sheer volume of social media channels and number of ways people can use those channels to destroy shareholder value. Chief Information Officers seem to agree that the new digital world companies face is increasingly risky. According to Gartner’s 2015 CIO Survey released today at our US Symposium in Orlando, FL, 89% of CIOs agree that the digital world is creating new types and levels of risk for business.
First, let’s focus on the two areas where the new types of risks can emanate – inside the company and outside the company. Below is a sample listing of risks categorized into these two areas:
Inside the company
- Improper disclosure of company information in violation of securities trading laws
- Improper disclosure of personally identifiable information in violation of privacy laws
- Employee disclosure of proprietary data / intellectual property
- Employee fraud
- Disgruntled employee disclosure of grievances and/or company practices
Outside the company
- Cyber-attack / malware
- Fraudulent representation of company identity
- Customer complaints / negative commentary about the company
- Personal employee conduct impacting company reputation
So, the real question for business and IT leaders today is “what can you do to protect your company?” Gartner has identified three key ways that companies can improve their ability to address these risks.
1. Develop a clear policy and employee training for social media use
Representatives from IT, legal and human resources must collaborate to create a comprehensive policy that outlines accepted use of social media for employees. In addition, this policy must be communicated and reinforced through regular training of all employees. Failure to do so will not only result in inappropriate social media usage, but also potential litigation risk from future legal discovery of inaccurate information.
2. Establish a social media risk management function
Evaluating social media risk cannot be a one-time event given the dynamic nature of the activity – both within and outside the company. Ongoing risk assessments should be conducted by business representatives and risk experts to determine the risk trends and mitigation strategies. Unfortunately, according to a recent survey by Grant Thornton, 59% of companies do not conduct regular social media risk assessments. These companies are essentially “flying blind” when it comes to social media usage.
3. Provide technology capabilities to support social media risk management
New technologies are available to help companies perform regular risk assessments as well as ensure proper compliance with laws and regulations. Social media monitoring tools can help evaluate communications by key employee groups such as sales and marketing. In addition, software tools for advanced analytics related to external social media usage, such as customer sentiment analysis applications, can prove to be very useful in proactively identifying sources of reputation risk.
I’ll be exploring these issues and more today with Gartner Symposium attendees and look forward to hearing how companies are utilizing these steps to mitigate the ever-present risks of social media.
View Free, Relevant Gartner Research
Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.Read Free Gartner Research
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.