Corporate Social Media Guidelines - Protecting Your Organization From Hidden Risks
Upcoming SlideShare
Loading in...5
×
 

Corporate Social Media Guidelines - Protecting Your Organization From Hidden Risks

on

  • 6,964 views

One wrong move can land you or your company into an unknown abyss. The lack of guidance from Social Media and non-existent controls can cost companies hundreds of thousands or even millions. The ...

One wrong move can land you or your company into an unknown abyss. The lack of guidance from Social Media and non-existent controls can cost companies hundreds of thousands or even millions. The hidden risks of not understanding the many channels of Social Media are immeasurable. With a better understanding and some guidance on Social Media Patterns yourself and your company are going to be able to mitigate the arising risks.

Statistics

Views

Total Views
6,964
Views on SlideShare
6,789
Embed Views
175

Actions

Likes
14
Downloads
453
Comments
1

13 Embeds 175

http://twitpuerto.com 58
http://www.slideshare.net 35
http://cimapr.net 33
http://dltm.wikispaces.com 31
http://hiddentreasure2.blogspot.com 7
http://www.linkedin.com 2
https://www.linkedin.com 2
http://noveltica.com 2
http://static.slidesharecdn.com 1
http://cimapr.com 1
http://www.mediarockets.com 1
http://www.slashdocs.com 1
http://webcache.googleusercontent.com 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • Apart from that the RV parks have tie-ups with various campgrounds and RV associations that adds a lot of attractive features to the entire experience of RV camping.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • `

Corporate Social Media Guidelines - Protecting Your Organization From Hidden Risks Corporate Social Media Guidelines - Protecting Your Organization From Hidden Risks Presentation Transcript

  • Corporate Social Media Guidelines
    Protecting your organization
    from Hidden Risks.
  • KPMG: Ten to-do's for audit committees in 2010
    How Important is Social Media
    Understand the company's policy on the use of Twitter and other Social Media networks to reach Investors and customers.
    http://www.accountingweb.com/topic/kpmg-ten-dos-audit-committees-2010
  • Revealed: Which social networks pose the biggest risk?
    Biggest Risk in a Social Network?
    Over 500 Firms Polled
    “...sizeable pool of information for hackers.”
     
    “Sites like LinkedIn provide hackers with what is effectively a corporate directory, listing your staff's names and positions. This makes it child's play to reverse-engineer the email addresses of potential victims.”
    According to the Sophos Security Threat Report 2010
    http://www.sophos.com/blogs/gc/g/2010/02/01/revealed-social-networks-pose-biggest-risk/
  • Bigger risks with younger employees than older ones.
    SN Risk: Managing the Inevitable
    “According to the survey, about 50 % of those responding use Web-based social networking to make new friends”
    “The problem lies in the tendency for experienced social networkers to continue to initiate new friendships, friendships with people they’ve never actually met.”
    “So the 1st element is making a person feel accepted, part of a group of at least two.  This isn’t difficult for experienced social engineers.” 
    Does your organization block use of social networking sites?
    Yes
    No
    Don’t Know
    Does your organization address social networking in its acceptable use policy?
    Yes
    No
    Don’t Know
    http://blogs.techrepublic.com.com/security/?p=730
  • Defending against the inevitable
    SN Risk: Managing the Inevitable
    “Block use of public social networking sites from the office is a strong recommendation.  This will help protect your data or social engineered information, about your company or network, from finding its way directly from the employee’s desk or your network, to either a social networking site or a friend met at such a site.
    “Implement DLP*.  Know where and how your data is moving.  If an online ‘friend’ of one of your employees happens to gain access because of sharing activities, you will be able to block data loss or at least know it’s happening.”
    Block use of Social Networking Sites from Office.
    Implement Data Leakage Prevention
    Know where your data is moving
    Create, edit, or update your social media policies.
    http://blogs.techrepublic.com.com/security/?p=730
    * DLP (data leakage prevention
  • Social Media Policy the 1st line of defense
    What Every Company Should Know About Social Media Policy
    1 in 3 companies has a social media policy in place.
    Part of the problem is that a social media policy is a misnomer. Your company should have social mediapolicies.
    socialmediaexplorer.com
    http://www.socialmediaexplorer.com/2010/02/03/what-every-company-should-know-about-social-media-policy/
  • Social Media Policies
    What Every Company Should Know About Social Media Policy
    It’s not just making rules for who can blog and say they work for you.
    It’s more than just telling employees what they can and cannot do on company computers.
    Three Main Groups of Policies
    • Employee Code of Conduct Policies
    • Employee Policies
    • Corporate Policies
    • Employee Code of Conduct for :
    • Online Communications
    • Company Representation in Online Communications
    • Employee:
    • Blogging Disclosure Policy
    • Facebook Usage Policy
    • Personal Blog Policy
    • Personal Social Network Policy
    • Personal Twitter Policy
    • LinkedIn Policy
    http://www.socialmediaexplorer.com/2010/02/03/what-every-company-should-know-about-social-media-policy/
    socialmediaexplorer.com
  • Social Media Policies
    What Every Company Should Know About Social Media Policy
    • Corporate:
    • Blogging Policy
    • Blog Use Policy
    • Blog Post Approval Process
    • Blog Commenting Policy
    • Facebook Brand Page Usage Policy
    • Facebook Public Comment/Messaging Policy
    • Twitter Account Policy
    • YouTube Policy
    • YouTube Public Comment Policy
    • Company Password Policy
    While it may seem frivolous to spell out policies for every social network, that’s not quite the point.
    Different networks have different implications for different companies.
    http://www.socialmediaexplorer.com/2010/02/03/what-every-company-should-know-about-social-media-policy/
    socialmediaexplorer.com
  • Social Media Policies
    Few Companies Have Policy for Employee Use of Social Networks
    Does Your Company have a written policy?
    Does it include all or part of the listing?
    What challenges did you find writing it or are concerned you will find?
    emarketer.com
    http://www.emarketer.com/Article.aspx?R=1007493
  • Dell Sucks becomes Dell Hell
    • Issue:
    • Jeff Jarvis, Journalist, wrote on his blog about his frustration of poor customer service by Dell. With the Title “Dell Sucks”.
    • Thousands of people where having the same issues.
    • Biggest Issue:
    • Dell was Not:
    • Reading Blogs
    • Listening
    • Dell’s policy on blogs was do not touch them.
    JEFF JARVIS
    @JeffJarvis
    buzzmachine.com
  • Learn from Dell : Embrace
    • Start by:
    • Start at Google:
    • Search for your company, team, yourself.
    • Same search on Blogs:
    • Technorati, Icerocket, & BlogPulse, Youtube, Twitter, & Facebook.
    • Respond to People
    • Do it yourself!
    • Try to solve problems online
    • Put Yourself in their own shoes
    • Set up your own blog.
    • Don’t Forget to thank your customer.
    puertoblogs.com
  • Dell Doing it Everywhere
    • Embracing Social Media
    • Didn’t shy away from obstacles
    • Cultivating a cross-platform community
    • Multiple Twitter handles
    • Network of Blogs
    • Very active on Facebook
    • 1 of the few companies to publicly state a ROI from
    • 1 Million In Revenue
    community.dell.com
    dell.com/twitter
  • Dell Doing it Everywhere
  • Corporate Social Media Guidelines
    Jeff Jarvis’ Quote | Via Email
    I'd just say that rather than starting from
    the risks, start from the opportunities:
    • how can  you build new relationships with your constituents using these tools.
    • The greater risk is ignoring the conversation that is going on with or without you. 
    JEFF JARVIS
    Journalist & Author
    @JeffJarvis
    Buzzmachine.com
  • Corporate Social Media Guidelines
    Morgan Johnston’s Quote | Via Twitter
    Morgan Johnston
    Manager Corporate Communications
    @MHJohnston
    knitwitr.tumblr.com
    Always ask for Permission when
    quoting someone
  • Opportunities / Threats
    Threats / Risks
    Opportunities
    Customer’s or Disgruntled employees can create groups to defame a company & disperse sensitive Information.
    Passing over a possible good candidate based on profile information, pictures, & other postings.
    The competition can also monitor You.
    Open Up Fan Page or Group to reach out.
    Recruiting tool for young professionals looking to join your company and worldwide connections with other professionals.
    Magazine’s like CIO.com are posting information
    Monitor the competition’s presence.
  • Opportunities / Threats
    Opportunities
    HR Department uses it to keep in touch with present and past employees.
    Posting relevant articles, press releases, public company information, and get feedback.
    Connecting and finding opportunities by creating and joining groups of interest.
    Threats / Risks
    Customer’s or Disgruntled employees can create groups to defame a company & disperse sensitive Information.
    Passing over a possible good candidate based on profile information, pictures, & other postings.
    The competition can also monitor You.
  • Opportunities / Threats
    Opportunities
    Links to articles related to professional seminars, conferences, & traditional media.
    Connecting with potential clients, influencers and leads.
    Instant customer service issues & monitoring of public relations issues.
    Threats / Risks
    Some links to articles may be spam and malware for computer.
    Could be pressured by the competition or other 3rd parties to engage in company vs. company discussions.
    Without presence you risk losing customer’s by not being able to solve the issue.
  • Guilty of one of these security oversights?
    7 Deadly Sins of Social Networking Security
    Over Sharing Company Activities
    Mixing personal with professional
    Engaging in Tweet (or other social network) Rage
    Believing he/she who dies with the most connections wins
    Password Sloth
    Trigger Finger
    Endangering yourself and others
    CSOonline.com
    http://www.csoonline.com/article/496314/Seven_Deadly_Sins_of_Social_Networking_Security
  • 1. Over Sharing Company Activities
    7 Deadly Sins of Social Networking Security
    Divulging intellectual property regarding
    what your company is doing on social
    networks;
    Information that everyone will
    want to read about
    You might tip off competitors:
    • Maybe you work for a drug company that is on the verge of developing the cure for cancer.
    • Maybe the company is developing a new car that runs on curbside trash
    CSOonline.com
    http://www.csoonline.com/article/496314/Seven_Deadly_Sins_of_Social_Networking_Security
  • 2. Mixing personal with professional
    7 Deadly Sins of Social Networking Security
    Know objectives of why you are on
    social networks.
    Remember to post carefully your words are now public across the internet.
    What you share with your family and friends may not be considered appropriate with business contacts an example would be pictures.
    Some folks separate facebook for friends and business contacts with linkedin.com.
    Some folks who work in media have to get people’s interest and need to be on as many social networks as possible in order to promote business.
    CSOonline.com
    http://www.csoonline.com/article/496314/Seven_Deadly_Sins_of_Social_Networking_Security
  • 3. Engaging in Tweet (or Facebook/LinkedIn/Myspace) rage:
    7 Deadly Sins of Social Networking Security
    Rants look childish and immature.  
    May be looking at your rant for years.
    Would be the equivalent as sending an angry email.
    Too Fat to Fly Southwest?
    Kevin Smith
    Hollywood Writer & Director
    Movies: Jersey Girl (2004),
    Fan Boy (2009), and others.
    http://www.csoonline.com/article/496314/Seven_Deadly_Sins_of_Social_Networking_Security
  • 4. Believing he/she who dies with the most connections wins:
    7 Deadly Sins of Social Networking Security
    Some folks such as people on Linkedin who are all about the number of people they are connected too, not who or how they know you.
    Their friends could connect with you very easily.
    Verify person’s account, don’t add them unless you know them.
    Ask why they want to connect & research who they are.
    If you can’t identify 1 person on their list, might not want to connect or send them to LinkedIn Jail.
    CSOonline.com
    http://www.csoonline.com/article/496314/Seven_Deadly_Sins_of_Social_Networking_Security
  • 5. Password Sloth
    7 Deadly Sins of Social Networking Security
    Don’t use same password for all social networks, banking, or work accounts.
    Someone is likely to figure the information out and get your information.
    "Using the same password on several sites is like trusting the weakest link in a chain to carry the same weight. Every site has vulnerabilities, plan for them to be exploited."
    CSOonline.com
    http://www.csoonline.com/article/496314/Seven_Deadly_Sins_of_Social_Networking_Security
  • 6. Trigger Finger
    7 Deadly Sins of Social Networking Security
    Clicking all links and applications.
    Bad guys could send you links to give your pc/laptop malware.
    7. Endangering yourself and others
    Posting birthday information, too much detail on family and friends , they could become the target of an identity thief or even a kidnapper.
    CSOonline.com
    http://www.csoonline.com/article/496314/Seven_Deadly_Sins_of_Social_Networking_Security
  • 9 or 10 Ways to Stumble in SM
    Gaming the System
    Putting on a Puppet Show
    Flogging
    Playing Coy
    Forgetting your Users
    Acting like you own the place
    Looking down your nose
    Letting it slide
    Pitching without looking:
  • Gaming the System
    • There’s nothing stopping you from trying to rewrite a Wikipedia entry to your advantage...
    • Virgil Griffith's Wikipedia Scanner could make your life a PR misery.
    • Brainchild of Cal Tech computation and neural-systems graduate student.
    • Searchable database ties millions of anonymous Wikipedia edits to organizations where edits apparently originated, by cross-referencing the edits with data on who owns the associated block of internet IP addresses.
    • The online world is full of talented people fanatically devoted to exposing online frauds and defending the integrity of the commons; cross them at your peril.
  • Putting on a Puppet Show
    If only those social media sites had comments raving about you or your brand.
    So why not log in under a false identity (what the online world calls a sock-puppet) and leave those comments yourself
    According to the U.S. Federal Trade Commission, Whole Foods CEO John Mackey tried it, trashing the competition and boosting his company on Yahoo's message boards.
    The result: a Securities and Exchange Commission investigation... and a very public humiliation.
  • Flogging
    If the sock puppet has a cousin, it's the fake blog, or "flog".
    • All I Want for Xmas is a PSP blog, purportedly written by a guy begging his parents for the Sony gaming console.
    • but in reality the creation of a marketing firm.
    • The blog was designed to become a meme, spreading virally across the Internet, and in a way it did.
    • but not the way anyone at Sony would have wanted.
    • Instead, it was ousted on the forums as Something Awful, and the meme's message was that Sony was duping the public.
  • Playing Coy
    Outright dishonesty isn't the only thing that can trip you up.
    Wal-Marting Across America blog:
    • By a middle-aged couple driving their RV across the U.S.
    • Camping overnight in Wal-Mart parking lots and telling stories about the wonderful people they met.
    • Remarkable number of whom had glowing things to say about Wal-Mart.
    None of this was untrue; the couple was genuine, the RV
    was an RV, and nobody's disputing the stories people
    were telling.
    But what the blog didn't mention – anywhere
    whole thing was paid for by Wal-Mart itself
    from airfares to the RV itself.
    The blog was outed, the story hit the mainstream media, and both Wal-Mart and their PR firm, Edelman, were left looking very much like they'd tried to pull something sleazy.
  • Forgetting Your Users
    • Not Getting the Results Expected.
    • Many organizational blogs written in market-ese and utterly failing to engage visitors.
    • The flip side of the nothing-but-spin blog is the nothing-but-nothing blog.
    • CEO letting us Know how neat his trip was.
    • Opportunity to offer:
    • Insights
    • Passion
    • Some thought leadership
    • Please don't pass it up.
  • Acting Like You Own The Place
    You may own:
    Servers
    Software
    Branding
    But you don't own the community.
    Forgetting that, for instance by making big changes without consulting the community or, worse, letting them know why, is a recipe for disaster.
    Heavy-handed actions can be just as bad.
    When the Washington Post encountered a flood of abusive comments on one of its blogs, they could have decided to have a moderator approve each comment before publishing it, until the flood subsided. Instead, they temporarily suspended commenting altogether – and endured a week of accusations of censorship and bad faith.
  • Looking Down Your Nose
    Your selection of quality goods is so impressive; your blogger engagement strategy... not so much.
    In January 2008, a blogger asked Target to explain one of their ads, which she felt was sexually exploitive.
    Target's PR department replied by email:
    "Unfortunately we are unable to respond to your inquiry because Target does not participate with nontraditional media outlets.”
    That garnered them a bunch of ill-will in the blogging
    world... and some bad press in one of those more
    traditional media outlets that Target prizes so highly.
  • Letting it Slide
    Setting up a blog or other social web presence is the easy part.
    The real work comes in doing the gardening:
    Seeding new content
    Nurturing the shoots of new community
    When necessary, weeding out abuses.
    Canadian politician Paul Martin launched a
    blog that went months without new posts
    The Blog became an embarrassment.
    You don't have to search too far to find blogs and forums that have become playgrounds for comment spam.
  • Pitching Without Looking
    Engaging with bloggers?
    Good idea
    Firing off impersonal pitches with no idea who you're talking to?
    Bad idea
    Blogs are highly personal endeavors
    Only a few earn income for their creators
    The rest are labors of love. Treat them that way.
    Suggestion - Read a blog for at least a week, then
    join its commenting community, and then try pitching
    the author – in a personal way that relates directly to
    the blog's focus.
  • 10th Way to Stumble
    And that's to let the first nine scare you away from social media.
    Make the participation positive and productive
    Avoid pretty much any of the previous pitfalls
    Start from the right place:
    • Proceed with authenticity and transparency
    • Respect your audience and the community you're engaging understand that this can be hard work
    • Dedicate resources accordingly
    • Even if you do stumble, you'll have friends ready to catch you.
  • Top 10 Guidelines for Social Media Participation
    • These guidelines apply to (company employees or contractors who create or contribute to
    • blogs
    • wikis
    • Social networks
    • Virtual worlds,
    • or any other kind of Social Media.
  • Top 10 Guidelines for Social Media Participation
    • Whether your employees or other stakeholders log into
    • Twitter
    • Yelp
    • Wikipedia
    • LinkedIn
    • Facebook pages
    • or comment on online media stories
    • Should include all employees
  • Top 10 Guidelines for Social Media Participation
    These rules should sound strict and contain a bit of legal-sounding jargon but please keep in mind that our overall goal is simple:
    • to participate online in a respectful, relevant way that protects our reputation and of course follows the letter and spirit of the law.
  • Be Transparent
    Be Transparent and state that you work or represent the company.
    • Your honesty will be noted in the Social Media environment.
    • If writing about a competitor use
    • Real Name
    • Identify that you represent or work for an entity
    • Be clear about your role
  • Never Lie or Mislead
    Never represent yourself or company in a false or misleading way.
    • All statements must be:
    • True
    • All Claims must be Substantiated
  • Meaningful & Respectful
    Post meaningful, respectful comments
    • no spam
    • no remarks that are off-topic or offensive.
  • Use Common Sense
    Use Common Sense and Common Courtesy
    • it’s best to ask permission to publish or report on conversations that are meant to be private or internal.
    • Make sure your efforts to be transparent don't violate company's
    • Privacy
    • Confidentiality
    • Legal guidelines for external commercial speech.
  • Stick To Your Area
    Stick to your area of expertise
    Do feel free to provide unique individual perspectives on non-confidential activities at your Company.
  • When Disagreeing with Other’s
    When disagreeing with others' opinions:
    • keep it appropriate and polite.
    If you find yourself in a situation online that looks as if it’s becoming antagonistic:
    • do not get overly defensive
    • do not disengage from the conversation abruptly.
    Feel free to ask the PR Director for advice and/or to disengage from the dialogue in a polite manner that reflects well on your Company.
  • Writing about Your Competitor
    • If you want to write about the competition:
    • make sure you behave diplomatically
    • have the facts straight
    • have the appropriate permissions.
  • Never Comment on Legal Matters
    Please never comment on anything related to:
    • legal matters
    • litigation
    • or any parties your company may be in litigation with.
  • Never Participate In a Crisis
    • Never participate in Social Media when the topic being discussed may be considered a crisis situation.
    • Even anonymous comments may be traced back to your or company’s IP address.
    • Refer all Social Media activity around crisis topics to PR and/or Legal Affairs Director.
  • Be Smart about Protecting Yourself
    Be smart about:
    • protecting yourself
    • your privacy
    • Company’s confidential information
    • What you publish is widely accessible and will be around for a long time, so consider the content carefully.
    • Google has a long memory.
    NOTE: Mainstream media inquiries must be referred to the Director of Public Relations.
  • Summary of Major Risks
    Many organizations think the biggest risk of social media is
    that people will use it to say negative things about them.
    • The biggest risk is actually the opposite:
    • Organization creates a social media presence & nobody participates.
    • Others garner participation
    • but the conversations quickly veers off-topic or into belligerent shouting matches.
    • Others start off well, but can't sustain their momentum
    • Some aren't ready to scale up, some encounter embarrassing technical failures, and some just quit and fade away.
  • Avoid the Fate of SM Risks!
    So how do you avoid their fate?
    • thinking about your audience before you think about your technology
    • staffing up to encourage participation and put out fires.
    • both knowing and pushing the limits of your organizational.
    • These can all help.
    But nothing works quite as well as knowing social media in your bones, and that means diving in yourself.
  • First Steps
    Build accounts, quickly start using various platforms to listen for your name, your competitor’s names, words that relate to your space. (Listening always comes first.)
    Add a picture. Your Audience wants to see you.
    Talk to people about THEIR interests, too. I know this doesn’t sell more, but it shows us you’re human.
    Point out interesting things in your space, not just about you.
    Share links to neat things in your community.
    Don’t get stuck in the apology loop. Be helpful instead.
    Be wary of always pimping your stuff. Your fans will love it. Others will tune out.
    Promote your employees’ outside-of-work stories.
  • Ideas On How To Handle SM
    Instead of answering the question, “What are you doing?”, answer the question, “What has your attention?”
    Have more than one person involved at the company.
    People can quit. People take vacations. It’s nice to have a variety.
    When promoting a blog post, ask a question or explain what’s coming next, instead of just dumping a link.
    Ask questions.
    SM is GREAT for getting opinions.
    Follow interesting people.
    If you find someone who uses SM in an interesting way, see who they interact with, and interact with them.
    When you DO talk about your stuff, make it useful.
    Give advice, blog posts, pictures, etc.
    Share the human side of your company.
    If you’re bothering to update, blog, or tweet it means you believe social media has value for human connections. Point us to pictures and other human things.
  • Some sanity for you
    You don’t have to read every update, blog, & tweet.
    You don’t have to reply to every message directed to you (try to reply to some, but don’t feel guilty).
    Use direct messages for 1-to-1 conversations if you feel there’s no value to Twitter, blog, or a public update to hear the conversation.
    Use services like Twitter Search to make sure you see if someone’s talking about you. Try to participate where it makes sense.
    Third party clients like Tweetdeck and Twhirl make it a lot easier to manage Twitter.
    If you update or tweet all day while your coworkers are busy, you’re going to hear about it.
  • If you’re representing clients and billing hours, and tweeting all the time, you might hear about it.
    Learn quickly to use the URL shortening tools like TinyURL and all the variants. It helps tidy up your tweets.
    If someone says you’re using twitter wrong, forget it. It’s an opt out society. They can unfollow if they don’t like how you use it.
    Commenting on others’ tweets, and retweeting what others have posted is a great way to build community.
    Some sanity for you (continued)
  • The Negatives People Will Throw At You
    Social Media takes up time.
    SM takes you away from other productive work.
    Without a strategy, it’s just typing.
    There are other ways to do this.
    SM doesn’t replace customer service.
    Most SM platforms are buggy and not enterprise-ready.
    SM is just for technonerds.
    SM’s is effective for a few million people. (only)
    SM doesn’t replace direct email marketing.
    SM opens the company up to more criticism and griping.
  • Some Positives to Throw Back
    SM helps one organize great, instant meetups (tweetups).
    SM works swell as an opinion poll.
    SM can help direct people’s attention to good things.
    SM at events helps people build an instant “backchannel.”
    SM breaks news faster than other sources, often (especially if the news impacts online denizens).
    SM gives businesses a glimpse at what status messaging can do for an organization.
    SM brings great minds together, and gives you daily opportunities to learn (if you look for it, and/or if you follow the right folks).
    SM gives your critics a forum, but that means you can study them.
    SM helps with business development, if your prospects are online.
    SM can augment customer service. (but see above)
  • Contact us!
    Contact US!
    CIMA IT Solutions Corp.
    info@cimapr.net
    TWITTER : @infosecpr| @twitpuerto
    RaúlColón, CISA, CGEIT
    @ConsultantRC
    rcolon@cimapr.net