Five steps to managing social media risk

SocialMedia-slate-roundAs we discussed in our posts on monitoring social media and why to include social media in crisis management in this series, managing social media as an enterprise risk has become necessary in today’s business climate. Social is no longer a nice-to -have for the marketing department—nor simply a peripheral technology you can write off because you feel it’s just about kids telling each other what they had for lunch.

Social media is pervasive—some might say endemic—and its role as an enterprise threat can’t be denied. And since managing risk and exposure is the backbone of your role as a business continuity professional, the job of containing that social threat will likely fall to you.

Here’s a five-point plan to get you started.

1.    Integrate social media into your risk management plan

The speed and ease with which information—perhaps damaging—can now be disseminated on social media is alarming. Those factors present risks to your reputation, your brand, and even your health as an organization.

But they’re not just outside threats… no BYOD policy in the world can prevent social media from coming in to the organization on personal devices—or information from going out.

That’s why it’s important to make room for social media in any risk management plan. You’re not an ostrich—putting your head in the sand won’t make the problem go away.

2.    Develop—or confirm—a social media policy

Blocking access to social media sites in 2015 is a fool’s game. Many organizations still try to do so out of security or productivity concerns—alienating employees in the process, and ironically driving them to increased use on personal devices. (Not to mention preventing departments with a more legitimate need for social media access from doing their jobs.)

A more appropriate approach? Develop a policy that outlines how employees and contractors should use social media—and particularly when it comes to company information. Then communicate that policy far and wide across the organization to set expectations for acceptable use.

3.    Establish ownership, oversight and accountability

You’re a BC/DR professional, which means that neither you nor your team may own social in the organization. It might instead be one or more of the following:

  • Board of directors
  • One or more C-suite executives
  • Compliance
  • Corporate Communications
  • Legal/General Counsel
  • Human Resources

Whoever it is, everyone in the organization needs to know—and they need to know that when it comes to social media and its inherent risks, the buck stops with the owner.

4.    Don’t forget to monitor

We looked at social media monitoring at length in the first post in this series, but the takeaway bears repeating: monitoring social media helps you track what the public and your employees are saying about you, and helps you keep an eye on emerging risks. The importance of monitoring can’t be understated.

5.    Define an escalation process

When something goes wrong—and it probably will—you don’t want to leave it to the heat of the moment to figure out how to deal with an emerging crisis. By setting rules of engagement ahead of time, things will run more smoothly when the worst comes to pass. Consider who will be responsible for overseeing the process, how emerging risks will generally be mitigated, what to do (and when to do it) in the event of a full-blown crisis, how to handle the aftermath, and how to pick up and start again when it’s time for lessons learned.

How will you manage social media risk?

Much value can be derived from properly using social media as part of a business continuity program. For more on the subject, download a free whitepaper, Social Media for the BC/DR Professional. Learn more about mass notification with How to Use Automated Notification to Support IT Incident Management.