One of the more often-heard keywords regarding social media use by companies is ownership: “Who owns the conversation?” “Are you owning the conversation about your brand?”
There are actually two distinct implications to content ownership: reputation management and risk management.
The fact is that the provider (Facebook, Twitter, etc.) owns the content. Rather than being nefarious, this ownership spelled out in the various terms of service actually serves to indemnify the provider should they experience a technical failure, go out of business, or be bought out by another company. In any of these events, they are held without liability to preserve or retrieve any content users have submitted.
Additionally, in leveraging advertising relationships, it’s safe to assume that social media providers will use any and all content they see fit to their financial advantage. Again, not really nefarious: you and your company enjoy the spoils of a free service, so why should the provider put in all that time and effort for no financial reward?
The more immediate concern businesses face when engaging in social media is the risk of liability for what is posted on these services. The benefit of instantly-published content available to the world is also the bane: social content often goes unmoderated, leaving it open to potential problems.
Rather than discouraging employees from participating either on a personal or corporate level, one way to indemnify your company is to draft a social media security policy. Just like your IT department should and probably does have an acceptable use policy for individuals and an information security policy for the company, a social media security policy protects your company from potential harm.
If you are truly concerned about losing your content should a social media provider cease to exist, it is best to use your corporate site as the hub for all content and activity, and use Facebook, Twitter, and the like to augment these efforts. Thoughtful, incisive blog posts on your company’s site are completely under your control, and can be linked to via social media without repercussion.
There isn’t much to be done about a former employee writing negative (or even untrue) blog posts or tweets. However companies can protect their intellectual property by implementing a social media security policy, placing a legal liability on current or former employees–or even competitors–from divulging trademarked, proprietary, or confidential information via these channels.
Beyond malicious intent, the instantaneous nature of social media opens the door for libel and slander, even if unintentional. This is another key reason why a social media security policy should be enacted. Posted content never really “goes away,” so it is crucial for companies to monitor all social content produced under their name, and have a crisis management plan in place in the event things get out of hand.
On a more basic level, all corporate social media activity should be relegated to corporate accounts. It may be Joe Smith the Expert blogging for XYZ Corporation, but when Joe leaves the company then it’s up to Jane Johnson who replaced him to take over under the XYZ Corporation umbrella.
To both these ends, employees should be trained in proper social media use on behalf of the company, and they should be familiar with your social media security policy. Employees should understand that by engaging in social media in the company’s name, they are doing so as a representative of the company and not themselves.
Great, But How Do We Do It?
Network World recently featured a great article called Four Tips for Writing a Great Social Media Security Policy. You can start by reading the article for yourself, but I’ll distill the main points:
- Don’t start from scratch
- Use social media policies to raise security awareness
- Use social media access to raise security’s positive profile within the organization
- Be prepared for the next phase
There is another great article over at CSO Online called How to Write an Information Security Policy. Information security and social media security are intimately entwined. Social media contains information about you and your company. Now that social media is so well within the norm for everyday internet use, a social media security policy should be an integrated piece of overall information security.
To paraphrase, social media doesn’t belong to us, we belong to social media. There’s nothing to fear from social media when you proactively monitor and moderate your content.
Related articles by Zemanta
- US government tackles social media security head-on (fastforwardblog.com)