Managing Social Media Risk

Now, more than ever, firms worldwide seek to maintain continuous connection with clients, prospects, employees, and other stakeholders through social media. Social media channels are often utilized to:

• Build brand awareness.

• Build and maintain brand reputation.

• Identify and communicate with customers.

• Increase brand loyalty.

• Develop, market, and promote products and services.

• Recruit new employees.

• Share information internally and externally.

• Provide customer service.

With such a broad range of uses, a firm’s risk exposure can range from embarrassing, but unnoticed “hiccups” (e.g., typographical errors or small misstatements that are quickly and easily removed or corrected) to major issues that result in reputation damage, exposure to litigation, and, ultimately, significant revenue loss. Some of the risks associated with social media are often seen as synonymous with IT-related risks such as inefficient use of resources, lack of ROI, and lost opportunity. However, the risk of social media can be far greater than IT-related risks due primarily to the velocity at which information spreads via social media channels (aka, virality) and may result in irreparable brand damage created by negative comments, inappropriate responses, or lack of adherence or enforcement of policies. The exposure generally emanates from such activities as:

• False statements or promises made by team members.

• Transmission or exposure of confidential or proprietary information.

• Statements that damage the company’s brand or reputation.

• Link clicks or downloads that result in exposure to malware or 

• User misuse or hacking exposure from shared or insecure logins 
   or passwords (lack of enforcement of internal policies and 

• The release of information or communication that violates 
   regulatory guidelines.

To mitigate some of the risks, implement a Social Media Policy. Ensure your team members, specifically those in charge of your social media channels, follow a written social media policy that outlines the guidelines and principles of communicating online. This will help you avoid instances like one British company experienced when rogue employees live tweeted a massive downsizing from the company’s business page.

Statistics have shown that where employees are unaware of the risks of using social media at work, there is considerable risk beyond just lost hours of productivity; for example, according to a recent Protiviti survey:

• Over 50% of users let a friend or acquaintance use their login 
   credentials for social network sites and

• 47% of social media users have been victims of malware.

This is not to scare you away from using social media, but it is to make you aware that there are risks associated. You can manage those risks by reviewing how and why your firm uses social media. You can do this via a Social Media Audit.

Although some firms are on the cutting edge with processes to understand, monitor, and manage social media risks, the vast majority are playing catch up. As such, they have relatively immature processes and it is reasonable to suggest that the risks associated with social media may not be well-articulated or captured within risk registers.

The same Protiviti survey concluded that the inclusion of social media within the audit plan has been relatively slow. In fact, auditors indicated that:

• 20% included it in the current year audit plan

• 35% will include it in next year’s plan

• 45% have no plans to include it in the audit plan

The survey also found that social media was the highest ranked in the ‘need to improve’ category and the lowest ranked in terms of ‘competency’ within Internal Audit (IA) departments. This is an interesting fact, as it suggests that IA departments may not have the resources or skills to understand the risks or how to engage with the business in order to effectively identify and test those controls that are being used to mitigate the risks.

If you need help conducting a Social Media Audit, contact us at 713.520.5532 or