Social network engagement is mainstream. Rare is the company who does not have a presence on a social network, with engagement including customer education and support, product launch, personnel recruitment, and competitive intelligence. Yet we continue to see occasions where improper employee use of technology can result in loss of intellectual property, inappropriate use of a social network for internal communications, and click-throughs that lead to malware click attacks. All of these draw the ire of a usually sympathetic community. As we enter into a new year, here's a reminder of four easy ways that social network engagement can derail a company:
- Confidential information is shared via social network: Do not share any information you have on your official or private social network connections that could help a competitor. For example, there was an instance when a major equipment manufacturer saw one of their employees post on a social network, "Anyone have ideas on how to position widget A vis-a-vis our competitor's widget B?" The chief marketing officer (CMO) of the competitor answered the question with all of widget B's differentiation points and then pointedly suggested that competitor engage in training sales personnel. Employees in their eagerness to be open and transparent can oftentimes feel compelled to overshare their internal work, and thus provide their competitor a peek into the company's future. Another example is if employees share internal-use-only presentations on social networks, thus breaking the shield of trade secret protections on sensitive company data.
- Employees say the darnedest things: When you least expect it, your employees jump into the social streams in defense of their employer, not realizing that they may be causing more damage than they're trying to prevent. Say, for example, a customer rails on the quality of product or service via a social network. The customer service representative or executive engages the customer, and suddenly the dueling exchange is on, flames flying in 140 character packages. The network is aflame, and the company is vilified. In cases like this, it is best to move the discussion to one-on-one, out of the public eye of the social networks—email/telephone/video conference/direct chat.
- Social networks are used to augment IT: This particular form of derailment can take many forms—"You mean I can't collaborate with my colleagues about patient data within a Facebook private group?" "We needed an instant messaging capability to collaborate, so we used Twitter." "There was no risk; we used a code we made up to speak around the specifics." "I sent the .xls/.doc via private message over the social network." "I didn't know their network was considered insecure." All these instances can lead to a compromise of sensitive or private data.
- Malware click-through: This can happen if an employee visits their favorite social network and clicks away at the URLs that show up in his/her stream, but one of the URLs takes him/her to a pay-load-ready website or to an infected download image, document, or pdf.
The cure is as simple as distributing a social network guide to the employees and contractors and then training them on proper social engagement. Naive is the company that doesn't know the level of social network engagement available to their employees, both internal and external. Training the employees in understanding the company's expectations with respect to what should and should not be shared, how company information may be presented, who should engage the irate customer and how, and why only IT-approved environments should host company interaction is vital. It is important that this guide joins the information security and employee conduct policies as foundational elements. The handbook should be dynamically updated, as technology grows and new social networks can crop up very quickly. With proper employee education and training, you can ensure that your company stays on the right track when engaging in social media.