Business Impact of Online Social Networking

Managing the business impact of social networking Managing and leveraging the business impact of social networking sites Presented by: Micheal Axelsen Director Applied Insight Pty Ltd

INTRODUCTION

About this presentation
Objectives
This seminar identifies and discusses social networking websites and how businesses should respond to this business challenge.
Agenda
Social networking overview
What can go wrong for individuals?
What can go wrong for businesses?
Protecting personal privacy
How should the business respond?
What powers do you have?
Developing policies and procedures
Leverage business opportunities through OSN
Conclusion

Meeting the challenges of IT Information Technology & Management Centre of Excellence Forthcoming: Social networking policies & procedures Online social networking etiquette

Your expectations
Housekeeping
Exits, breaks, etc
Expectations
Audience demographics
What are your expectations from this session?
Strawpoll: Who uses social networking websites?
MySpace, FaceBook, Friendster, MyYahoo, Twitter, Flickr, Photobucket, SchoolFriends, Blogger, LiveJournal, Tumblr, Microsoft Live...
Blogs/Vlogs? Others?
Strawpoll: Who didn’t know about these websites?
Strawpoll: Anybody here ‘Vlog Naked’?
(sorry, just wondering)

SOCIAL NETWORKING OVERVIEW

What is social networking?
Definition
Online social networking sites are web-based services that allow individuals to construct a public (or semi-public) profile within a bounded system, identify other users with whom they share a connection, and view and traverse their list of connections and those made by others within the system.
They are simply websites that allow you to maintain relationships with friends online, sharing and talking about common interests
Some social networking websites are internal (private) and some are external (public)

Popular online social networking sites
Websites
Facebook and MySpace are the most well-known examples.
Blogs such as wordpress.com and livejournal.com
YouTube, Flickr, PhotoBucket, Yahoo, Twitter
The CPA Congress 2008 website at cpacongress.ning.com is an example of a private social network.

What can go wrong for individuals?

Some “funny” examples From: Nugent, Katrina Sent: Thursday, 1 September 2005 10:21 AM To: Bird, Melinda Subject: RE: Let's not get person "Miss Can't Keep A Boyfriend". I am in a happy relationship, have a beautiful apartment, brand new car, high pay job...say no more!!

Some “funny” examples Censored Ex-boyfriend site

Some “less funny” examples MOSSSSSSSSYYYYYYYYYY!!!!!!!! I'm gonna knock you out one of these days if you keep putting up stuiped photos when I'm drunk - ban you from tasking a fricken camera anywhere!!!!!!!!!!!!

Some “less funny” examples

Other examples
Exercise: Audience member examples?
Exercise: Reasons for participating in online social networking?

What can go wrong for business?

What can happen?

What can happen? Alritey. The names Ryan workin at #### #### At the moment to get the money to go out and enjoy my much appreciated young life. As far as i know i enjoy life to the max, i love to get wrecked, mwi and be around mates and loud music. No better way to spend a weekend than gettin out my #### in one way or another and be surrounded by loud music and knowing that i have a stunning girlfriend when i go home.

Business risks of social networking
Productivity losses
Addictive and time-consuming
Over-use during work time is a genuine issue
Can actually increase the productivity and effectiveness for some roles
Legal risks
Generally employers can monitor their employees’ web use and email, but notice is needed. Can result in legal liability
Potential for legal liability due to customer actions
Reputation risk
A risk to the business’s reputation
Many examples of gaffes & negative comments
Difficult to remove these comments

Viruses and spyware
Frequently a platform for malicious attacks using viruses and spyware
Privacy breaches and identity theft
Can promote identity theft, even where ‘private’
Third party applications usually get access to data
Social engineering
Use online information to commit targeted acts of fraud
Could profess to be the assistant to a high-level staff member, and know enough ‘internal’ information to convince a staff member to provide cheques or goods
Convincing identity cards/business cards used to gain access to the business or its customers
Grandparent fraud

Inadvertent release of information
Windows into the lives of users
Unintentional release
LinkedIn shows your network your recent connections – who are probably prospective clients
Using an online wiki to collaborate with a client (or even to track tasks and manage projects) may result in the release of confidential client information

Other examples
Exercise: Audience member examples of potential business impact?
Exercise: What role do CPA’s play here?

Protecting personal privacy

How to keep an online world sane
Simple things
Common sense!
Don’t post in your real name – set up three email addresses:
Personal, anonymous email address that forwards to your main email (for blogging comments & mail lists) – but expect that this is not fail-safe
Personal (for all your personal email)
Work (for work email – no personal email!)
Only post online what you’d be happy for Mum (or a potential recruiter/client) to see

Simple things
Wall posts are wall posts on someone else’s wall, and a tweet is forever
Get permission before you post a photo of someone online
Only ‘friend’ friends!
Be coy about your age
Never post photos of official identification documents... Just so you know
Be responsible when writing messages on other people’s sites.

For the more paranoid
If you have a social networking website (e.g. MySpace, Facebook), use the privacy options – so many people don’t
Limit the sites you participate in – perhaps FaceBook for friends, LinkedIn for work colleagues?
Do not accept a flung zombie, which Hero are you?, Blackjack or other application on Facebook
Set up Google Alerts to monitor your name and email address

Privacy settings
Privacy settings
Facebook
MySpace
YouTube
LinkedIn
Flickr
Twitter
Traps for young players
Your network is still visible; until recently, employer search showed up even with privacy
MySpace – owned by News corporation
YouTube – lose control over ‘derivative works’
Flickr – creative commons licence
Twitter – stability?

Google Alerts www.google.com/alerts

How should the business respond?

Dealing with it
Strawpoll: who knows whether their business searches for these discussions?
Good talk is good, right?
The only good way to respond is to give good service and hope that people blog about it
At least show an interest and respond to address a grievance, and be transparent about it
Professional monitoring services
Reputation Hawk
Reputation Defender
Cymfony
There are many others of course

Dealing with it
Simple (and cheap)
Google Alerts/Yahoo Alerts/MonitorThis
Customer representatives join online, private, forums and lurk there while watching for issues
Set clear expectations as to what staff can do with your brand name on the internet
Etiquette
Ensure that potential recruits know if you are researching them online
Avoid a search engine optimisation solution to ‘drown’ a negative comment
Never lie and pretend to be a customer – you will be found out eventually, and the price will be high!

Dealing with it
Responding to online comments
Demonstrate an interest and respond online to address a grievance, and be transparent about it
Don’t post a hot and angry response
Don’t exercise legal muscle unless you really have to
Respond with transparency and honesty, but take up discussions off-line at a senior level, after research!
Engage with the author of the post is most effective
Encourage discussions to flourish by providing and promoting the use of online forums.
Invite genuine customers to respond in a forum

Know your digital footprint

What powers do you have? Disclaimer: the following is not legal advice and merely attempts to present an overview of the law from the layman’s perspective

Employees - what can you do?
Employer controls over private life
Can the employer control what you do in your off hours?
Professional/Staff employee vs a ‘standard’ employee
three core duties of an employee to their employer that may affect your online social networking activities:
to work with care and diligence
to obey all lawful and reasonable orders
to act with good faith and fidelity
An employee can be dismissed if these duties are breached by actions in their private lives

Due care and diligence
Fairly clearly, in work hours we need to work for our employers.
‘ Cyber-slacking’ in work hours
Using social networking tools inappropriately in work hours and at home
Obey lawful and reasonable orders
An act in your private life would need to demonstrate an intention to ‘no longer be bound’ by the contract
Acts in private life may prevent you from carrying out your duties – higher standards for professional/staff employees (for example, a police officer or teacher)

Good faith and diligence
Courts reluctant to intrude on private life
Cannot act in conflict with your employer’s interests (e.g. commence a competing business)
Must not disclose private information
Entitled to ‘blow the whistle’ in the public interest
Acts in private can be governed by the employer if there is a relevant link to the employer (e.g. uniform) and depending on the employee’s role (senior, client-facing would face a higher standard)
Should not ‘tarnish the employer’s image’

Codes of conduct
Set out expectations clearly
Ensure consent is given for contractual terms – that the employee has accepted these terms
Legally enforceable? This will depend – see speculation that a mining company employer could prevent its employee joining a group that is protesting the mining company’s actions.
Process for managing the issue once it is discovered?

Former employees - what can you do?
Former employees
Very limited control - doctrine of restraint of trade
May only legitimately use a post-employment restraint to protect trade secrets or established customer connections
Can draw upon what you learn at a job, but not allowed to take physical (or electronic) documents
Duty of Confidentiality exists even for former employees to keep ‘secret’ information confidential (of a high standard of confidentiality).
Difficult to rely on this though

Former employees - what can you do?
Can have express confidentiality provisions in the contract of employment
Can prohibit the disclosure of information to competitors or third parties
Much easier to identify and enforce with an express provision. Without it, it is difficult for a business to have recourse against former employees should information be disclosed on social networking websites.
The actions available to a business are otherwise generally limited to the same actions available should a comment be made by a current customer (for example, defamation).

Third parties - what can you do?
Defamation
Law was reformed in 2005
Corporations (other than non-for-profit organisations or small businesses) cannot sue for defamation
Defence of "truth" rather than “truth and public benefit"
One year to bring an action rather than six
abolishing the awarding of exemplary and punitive damages in civil defamation proceedings; and
Juries now determine whether a person has been defamed; Judges now award damages

Third parties - what can you do?
See Gutnick v Dow Jones 2002
Gutnick contended that an article in the online Dow Jones newsletter defamed him
Only five physical copies ever sent to Australia
Location of defamation held to be Australia, even though it was published and uploaded in New Jersey
No matter what happens, legal action is going to be commercially expensive and would likely be associated with reputation risk

Develop policies & procedures

AS/NZS 4360:2004 Risk Management

Tailoring your response

Elements of policy & procedure
Standard
Title
Purpose
Revision History
Effective Date
Persons affected
Definitions
Responsibilities
Change to suit risk appetite
Policy
Procedures

Draft Policy – Very Low
For a very low risk appetite
In recognition of the very high impact that online social networking activities have upon the business activities of XYZ Pty Ltd, XYZ Pty Ltd implements very strict restrictions on the use of online social networking activities by employees using XYZ Pty Ltd equipment, and/or making reference to the business of XYZ Pty Ltd.
XYZ Pty Ltd emphasises procedural controls, regular and intense monitoring to online social networking activities referring to the business of XYZ Pty Ltd, and provides explicit guidelines to follow in responding to such activities.

Draft Policy – Very High
For a very high risk appetite
As online social networking activities have minimal impact upon the business activities of XYZ Pty Ltd, XYZ Pty Ltd provides some guidance in the use of online social networking activities by employees.
Responses to online social networking activities that refer to the business of XYZ Pty Ltd are made on a case by case basis as XYZ Pty Ltd becomes aware of them.

Tailoring your procedures
Tailored procedures
Refer to appendices for a process to tailor your response in line with the business’s risk appetite
Workshop exercise
Are there other possible actions a business could include in the procedure?
Identify pros and cons for each suggested action

Acceptable online social networking activities
Possibilities
Could ban all mentions by employees
Could ask for pre-approval of a comment
Could allow employees to publish, but have marketing manager subscribe to RSS feeds and have employees agree to make changes if requested
Only have authorised representatives respond online
Could block online social networking websites in work hours (but please be realistic)

Staff training and awareness program
Possibilities
Content
Awareness of acceptable online social networking activities
Core principles in ensuring the privacy of personal information in an online environment
Specific training on the use of major identified online social networking websites to ensure privacy.
Practical advice in the use and etiquette of online social networking tools, including the use of email
Make your requirements part of induction program, perhaps with an exam
Require existing staff to attend annually, and perhaps pass an exam

Online reputation monitoring
Possibilities
Engage online reputation monitoring service provider
At least set up Google Alerts!
Document risky mentions in monthly, quarterly, or annual online social networking references report
Subscribe to likely private online forums
Ensure that applicants for positions are aware that the candidate’s online profile may be examined in the course of assessing the candidate’s suitability for the position.

Responding
Possibilities
May need to have lawyers involved
For an employee, the HR manager would deal with it
Core principles:
Demonstrate an interest and respond online to address a grievance, and be transparent about it
Never post an immediate, negative, response to an online reference. Have a conversation in person at a senior level
Legal action considered
Making no response may be the least harmful
All responses conducted professionally and honestly
Monitor and document responses in social networking references report

CONCLUSION Business opportunities and OSN

Are there opportunities?
Workshop exercise
Identify other opportunities presented by online social networking

Research and development
Brand monitoring
Understand the reach and impact of your brand
Know what is being said in the ‘hearts and minds’ and be more reactive
Research communities
Share and build ideas within internal and external communities to test their value
Innovation communities
Users can provide recommendations for new features
Communities of users can vote on new features to guide product or feature development

Marketing
Blogs
Promote and discuss on your own blogs
Get a groundswell of discussion amongst your customers
Communities
Build relationships between users and the company products
Video on user-generated sites
Viral marketing promotion
Audience gives more weight to genuine user experiences than paid TV spots

Sales
Social networking sites
Can target sales (but need to be careful!)
Create groups & events e.g. Friends of Ford
Brand ambassador programs
Identify loyal customers who bring others into your community
Communities
Understand and target sales
Embeddable widgets
Users can prove brand loyalty
Points of presence for sales

Customer support
Support forums
Customers can answer their own problems online
Customers can help each other
Become aware of issues much sooner
Proactive support e.g. Direct2Dell
Wikis
Customers can answer their own problems online
Self-documenting
Save on publishing costs and corrections

Operations
Internal social networks
Cross-fertilisation of ideas
From front line to back office – e.g. Blue Shirt Nation (Best Buy Inc)
Promote the sense of culture and can bring together widely dispersed/loosely coupled workforces
Wikis
Provides a platform to develop self-organising teams
Take on responsibility and change
External social networks
Leverage employees’ networks to hire new staff

Cultural change
Recommendations for implementing
Accept the loss of control
Expect pushback from managers
Line up executive backing
Start small and focus on measurable objectives
Expand beyond projects
Stay focussed on culture, not technology

Conclusion

Conclusion
Review the expectations wall
How did we go?
Obtaining a copy of the presentation
See www.michealaxelsen.com for a copy of this presentation
See CPA Congress community: ( http://cpacongress.ning.com
Applied Insight Pty Ltd Services
Social networking training for staff
Social networking review for your business
Social networking policies & procedures

Contact details Micheal Axelsen Director, Applied Insight Pty Ltd m: 0412 526 375 t: +61 7 3139 0325 e: [email_address] blog: www.michealaxelsen.com Applied Insight Pty Ltd PO Box 603 Toowong DC 4066 AUSTRALIA

About the speaker
Services
Micheal Axelsen provides consulting services in the enterprise governance of information technology, and the development and implementation of strategy to deal with the business challenges of information technology.
Position and qualifications
Director of Applied Insight Pty Ltd
Chair of CPA Australia Information Technology & Management Centre of Excellence
Qualifications
Bachelor of Commerce (Hons)
Masters of Information Systems
FCPA

Appendix: For further reference

References
AS/NZS 4360:2004 Risk Management
Boyd, D., and Ellison, N. "Social Network Sites: Definition, History, and Scholarship," Journal of Computer-Mediated Communication (13:1), March 2007, pp 210-230.
Brandenburg, C. ‘The Newest Way to Screen Job Applicants: A Social Networker's Nightmare’. Federal Communications Law Journal. Los Angeles: Jun 2008. Vol. 60, Iss. 3; p. 597 (30 pages).
Emerald Insights. ‘MySpace or yours? Advertising and social networks’. Strategic Direction. Bradford. 2008. Vol. 24, Iss. 8; p. 15
Engdahl, S (Editor). “Online social networking”. Greenhaven Press. Farmington Hills, MI, USA. c2007.

References
Espejo, R (Editor). ‘Should social networking web sites be banned?’. Greenhaven Press. Detroit, MI, USA. 2008.
Johnson, R A, and Middleton, J M. ‘Accounting for Second Life’. Journal of Accountancy. New York: Jun 2008. Vol. 205, Iss. 6; p. 54 (5 pages)
Lavenda, D. ‘Does 'blogging' have a place in the workplace?’. The British Journal of Administrative Management. Orpington: Jul 2008. p. 27 (3 pages)
Mac Sithigh, D. ‘The mass age of internet law’. Information & Communications Technology Law. Abingdon: Jun 2008. Vol. 17, Iss. 2; pg. 79
McCallum, R. “Employer Controls over Private Life”. New South Wales University Press Ltd. Sydney, NSW, Australia. 1999.

References
Stewart, A. ‘Drafting and enforcing post-employment restraints’. Australian Journal of Labour Law. Vol 10 pp181-221. 1997.
Willard, N E. ‘Cyber-safe kids, cyber-savvy teens : helping young people learn to use the Internet safely and responsibly. Jossey-Bass. San Francisco , CA, USA. 2007.

Appendix: Developing your policy

Tailoring your response

Identify the risks
Identify business strategy and market position
Identify organisational focus
Identify organisational strategy and context
Assessment of online presence
Online search for mentions of business name, key products, and senior management team.
Social networking search for current and past employees.
Search of relative subscriber-only forums not indexed by search engines.

Identify the risks
Stakeholder survey
A broad survey of stakeholders (including customers, business owners and staff) to identify the extent of participation in online social networking.
Request suggestions on appropriate online behaviour from stakeholders
Stakeholder interviews
Identify current activities, expectations of appropriate behaviour, and general attitude towards OSN

Identify the risks
Document risks
Review the information recorded above, and identify current and potential online social networking activities, and consider the potential risks that arise as a result of these actions.
Consider the seven potential risks
Document the risks, identifying online social networking activities that contribute to this risk.

Understand the risks
Identify likelihood
Have stakeholders rate the likelihood of each risk
Identify consequences
Understand the risk and its impact
Define levels of economic loss
What is the consequence of each risk?
Have stakeholders rate the consequences of each risk

Risk evaluation workshop
Use a workshop to agree on an estimated risk level
Aggregate consequence assessment. Confirm in workshop.
Map each risk to the matrix below
Document the estimated risk level

Evaluate the risks
Evaluate risks and risk level
Identify the acceptable estimated risk level
Assign each identified risk to the below matrix
Identify non-policy activities or changes to work practices to:
avoid the risk
reduce the likelihood of its occurrence
to reduce its consequences
to transfer the risk to a third party.
What remains is the residual risk that must be reduced through an online social networking policy

Evaluate the risks

Evaluate the risks
Match risks to policy and procedure template
Five core procedure responses, matched to your risk appetite:
Acceptable online social networking activities
Staff awareness program
Staff training program
Online reputation monitoring
Responding to online social networking activities
Provides a draft online social networking policy that can be developed further
Validation Check
Refinement will be needed
Circulate, discuss, and confirmed

Treat and monitor
Develop program of activities from procedures
Steady and sure approach is usually best
Three crucial factors:
Be realistic (and then halve it!)
Prioritise the identified risk mitigation controls with separate actions
Identify a program of work over the planning horizon period

Treat and monitor

Treat and monitor
Establish monitoring program
Review actions each delivery period
Plan the actions for delivery in the next
Focus on the development of an active strategy
Regularly monitor & review in a group
Monitor effectiveness
Review policy & procedures annually

Appendix: OSN Risk Examples

Scenarios
Productivity Losses
Employees use social networking websites during work time to the detriment of business performance.
Legal risks
As no policy explicitly states that email use is monitored by the employer, the employee brings an action for wrongful dismissal when dismissed for posting inappropriate content to an email forum.
As no policy explicitly states that web use is actively monitored, it is difficult for a business to further investigate an employee who is suspected of posting details of an upcoming marketing program and product price list onto Wikipedia.

Scenarios
A junior financial planner with an accounting firm provides taxation advice in a public forum using the firm’s email address and with a signature including the firm’s name. The advice is posted publicly, is relied upon by some readers who suffer a loss and subsequently bring an action against the accounting firm.
Reputation Risk
A customer writes a blog post or video that is negative towards your product, service or staff.
An employee writes a blog post or posts a video that is negative towards the company’s product, service or staff.

Scenarios
An employee writes a blog post or status update that places company secrets in the public domain using the business’s equipment.
An employee posts lewd photographs online in a public forum.
A friend of an employee posts lewd material on the employee’s public website or social networking page.
Photographs of office functions depicting inappropriate behaviour are posted online by staff.
Photographs of office functions depicting inappropriate behaviour are posted online by staff employed by the venue.

Scenarios
An employee writes a blog post or posts a video that is derogatory to his or her colleagues or the firm’s customers.
An ex-employee writes a blog post or posts a video that is derogatory to his or her colleagues or the firm’s customers.
A supplier writes a blog post that is derogatory about the company’s ability to pay its suppliers.
Viruses & spyware
A staff member’s computer infects all networked computers with a virus that was launched from a website that advertised on MySpace.

Scenarios
The accountant’s username and password for the business’s online banking is stolen by a Trojan key-logging program that was downloaded to the accountant’s laptop from an advertisement on a niche social networking website while her teenaged son was using the computer at home.
Privacy breaches/identity theft
Using an edited copy of a signed letter and a business-card posted on Flickr, a fraudster creates a fake letter of employment as supporting documentation for a bank loan in an employee’s name that is subsequently defaulted upon and causes personal bankruptcy for the employee.

Scenarios
The employee subsequently brings an action against the business for not taking reasonable precautions to prevent this from happening. Although the resulting court case is unsuccessful, it is a serious distraction and expense for the business.
An employee posts a photograph of a colleague and her children on her blog at the annual Christmas function. The colleague’s estranged husband is able to identify the children’s school from the uniform they are wearing, and subsequently collects the children from the school. The children are never seen again.

Scenarios
Social engineering
Using names, email address, and positions gleaned from Facebook, position titles and references from LinkedIn, and faked letterhead or invoices from a site such as Flickr or Photobucket, a conman is able to extract payment for non-existent products or services.
Using photos from Flickr of a business card and letterhead, and information gleaned from Facebook, a fraudster poses as a contract cleaner who then uses an unattended and logged-in computer to steal clients’ taxation information on a 4gb USB memory stick.

Scenarios
Inadvertent release of information
The company’s proprietary approach to the bidding process for government work is submitted to Wikipedia by the business development assistant and is not able to be withdrawn in time.

http://www.slideshare.net	127
http://blog.websourcing.fr	29
http://emiral.weebly.com	21
http://michealaxelsen.com	12
http://tcintolo.blogspot.com	9
http://kc.edu20.org	6
http://www.brijj.com	2
http://feeds.feedburner.com	2
http://www.stirisinoutationline.ro	2
http://www.netvibes.com	2
http://yok.to	1
http://www.redlist-ultimate.be	1
http://www.techgig.com	1
http://www.studivz.net	1
http://translate.googleusercontent.com	1
http://www.lmodules.com	1
http://webcache.googleusercontent.com	1
http://courtneyeshort.blogspot.com	1

Business Impact of Online Social Networking

by Micheal Axelsen on Nov 02, 2008

Accessibility

Categories

Tags

Upload Details

Usage Rights

18 Embeds 220

Statistics

Business Impact of Online Social Networking — Presentation Transcript