Use Social Media To Stay Safe

With the increasingly widespread use of social networking tools more and more organisations are having to decide what to do about the perceived security risks that these tools represent. FUD, Fear, uncertainty and doubt, characterise many corporations’ approaches to social media with responses to it ranging from draconian, and often hilariously ill informed, legislation about the use of the tools, to outright banning of them. But are these corporate responses appropriate? Is social media as dangerous as people think? Are the risks unmanageable and staff untrustworthy? What are they really afraid of?

The first thing to say is that not dealing with this issue is not an option. The use of the web and of social tools are just going to become part of our lives, and therefore the business world, whether we like it or not and sticking heads in sand is not a viable option. In fact staff are already using these tools widely - even if you think you have banned them you haven’t unless you fleece your staff at the door and take their smart phones off them - and the onus is on management to learn how to work with this new reality rather than deny it.

So let’s look at the perceived risks one by one. 

Exposure to ridicule

There have been many cases where the internal workings of businesses have been discussed by indiscrete staff on the web with an an attendant embarrassment and loss of face for the organisation. But often the staff haven’t been given any indication as to what is appropriate to say where. I personally know of one example where the member of staff felt he was defending his organisation against public criticism but the ensuing online conversation shared internal conversations that weren’t meant to be public. In this case though the ins and outs of what had happened were discussed on the internal forum and everyone got to learn what was, and wasn’t, right about what happened thus making the organisation better able to cope the next time something like this happens. 

Exposure to criticism

Things are going to go wrong. Not everyone is going to have a good experience of your products or services and they are inevitably going to say so online. Sometimes those being critical may even be your own staff. As in most  other aspects of PR what matters more than what has gone wrong is what you do about it. Being seen to “do the right thing” in public can be very powerful. More often than not the online “audience” will have their own sense of right and wrong about a situation and often leap in to defend companies from unjust criticism. If they don’t then maybe you have a more fundamental problem which it is as well to find out about sooner rather than later.

Theft of intellectual property

This tends to be the focus of many IT responses to security and the efforts to prevent leaks can incur a high cost in terms of security systems or constraint of legitimate business activities which rely on what are perceived to be risky technologies. But how great is this risk and should measured against it be applied in such a blunt way? Let’s be honest, when it comes to stealing company secrets it’s not the youngster using Facebook that is the biggest risk or the company director defecting to a competitor with all of your strategic plans. Yes it is irresponsible to suggest that there are no technological risks to social media but too often the rules applied to mitigate these risks are inappropriate.

Ironically the most effective way companies that can mitigate any risks raised by the use of social tools involves smart use of the tools themselves. Many years ago, when the Freedom Of Information Act first became law, there was a flurry of debate on our internal forum at the BBC. The forum was already used by thousands of staff to discuss every topic under the sun and users  became concerned that the new legislation might, at worst, mean that we could’t have the forum at all, or at best that we would have to steer clear of certain topics. We debated the various possible outcomes on the forum itself and were frankly milling about in the dark. But in fact  we weren’t doing it in the dark, as would have been the case if we were discussing it in meetings or around water coolers. No this time we were discussing the topic in full view of the organisation. 

The consequence of this was that the person that the BBC had employed to manage its response to FOI was able to be aware of our conversations and in fact to join them. The resulting conversation allowed him to explain the act in depth and how it affected the BBC and were able to explain the concerns we had in the, at the time very new, context of a staff forum. The result of these visible, and well informed, conversations was that thousands of staff ended up with a much firmer grasp of the legislation than by possibly any other means. Contrast this with the conventional scenario where someone might  write a memo on the topic which may, or may not be passed down the chain by individual managers and staff wouldn’t find out about the rule until they broke it!

And this is the thing we learned. Having interesting and lively conversations about what is risky, what is not, and what to do about it, in a place where the maximum number of staff can see those conversations, can be the best way to stay safe.