You have been granted access to this page through First Click Free. Subsequent use of TabbFORUM will require logging in. If you don't have an account, registration is free.

Videos

  • Rail_thumb_theo

    Accelerating Intelligence

    There is a tradeoff between latency and the intelligence you can build into algorithms, acknowledges Software AG’s Theo Hildyard. But streaming analytics can enable firms to incorporate intelligence ...
     
  • Rail_thumb_tabb_-_larry_tabb_hi-res_wo-cropped

    ‘People Need to Understand How the Markets Operate’: Larry Tabb

    The little guy has a better market today than he’s ever had in the past, says TABB Group founder and CEO Larry Tabb, who joins Benzinga’s PreMarket Prep show to discuss market structure, including ...
     
  • Rail_thumb_valerie

    Inside TABB’s Equities LiquidityMatrix

    TABB’s Equities LiquidityMatrix provides a monthly snapshot of market activity, both on- and off-exchange. The report highlights market share for all exchanges as well as data provided by the dark pools, ...
     
 

More Video | Podcasts

Advertisement

21 November 2012

Social Networking: #Friend or #Foe?

Social media sites such as Twitter, LinkedIn and Facebook are a fact of life, and capital markets businesses need to adapt to the new reality. Here are 5 steps to creating an effective social networking policy.

Love it or hate it, social networking has firmly embedded itself into the fabric of our world. The likes of Facebook, Twitter and LinkedIn can be powerful business tools, especially for marketing, communication and recruitment purposes.

[Related: "Unleashing the Power of Mobile and Social Information"]

But there is also the less appealing nature of the beast: Provide employees with access to the Internet and most will check their online profiles at least once during the day; the resulting downtime can quickly accumulate. But, to a business, a far greater threat than the lack of productivity is the security of what is shared online through these networks.

So what are the benefits and risks to businesses when engaging with the social media phenomenon?

Benefits

  • Social networking can be used for marketing, expanding commercial reach and advertising, with the only tangible cost being the time needed to maintain the account;
  • Used appropriately, social networking sites can be used to communicate easily with existing business contacts and connect with new ones;
  • A regularly updated online presence can have a positive effect on reputation, reinforcing the brand image and demonstrating awareness of current trends;
  • There are no geographical restrictions providing potential to reach new areas with little or no expense;
  • Can be used to motivate, by building and maintaining relationships between leadership and employees; and
  • Build company culture and communicate policy changes and announcements.

Risks

  • Social networking sites themselves are not generally a concern; it is the behavior of the users that presents a risk;
  • When considering the possibility of leakage of confidential information or intellectual property, exposure through word of mouth can be hard enough to control, but words can be forgotten. An individual making a comment on the Internet to an audience of thousands greatly increases this threat, and posts can be found through a search engine indefinitely;
  • Viruses and worms are often incorporated into fake profiles, e-mails or postings from social network ‘Friends.’ Careless use could lead to inadvertent downloading of malware, spyware, adware or ransomware, or even the hijacking of the account; and
  • There is a threat of exposure to offensive web content via links contained in e-mails, posts and tweets.

After reviewing these risks and benefits, there are several options available to businesses when considering the use of social networks.

  • Allow unrestricted access to social networking sites:providing employees with unrestricted access could boost morale; however, there is the potential for this access to be exploited;
  • Allow restricted access to specific sites and/or at specific times:Allowing employees access to certain sites, perhaps those designed for business networking, or allowing access to personal sites only outside of business hours or during lunch;
  • Allow access to social networking sites only to those authorized to use a business profile: for example, marketing teams that update the site with business-related information;
  • Block access to all non-business related sites for all employees:only allow access to sanctioned business-related programs; and
  • Block Internet access to all:This is an unlikely option since many companies now use internet based programs for day to day operations.

Creating a Social Networking Policy

For those businesses that decide to use or allow access to social networking sites, it is crucial to implement and maintain a social networking policy. The policy will provide employees with guidance so that they are accountable for their actions. While specific components of the policy will vary dependant on the nature of the organization and how it uses social networking, there are several elements that should form the basis for any social media plan.

1. Guidelines and Restrictions

It is important to establish a level of control that provides protection while allowing the informality that is the foundation of social networking. Business data should be classified so that employees are fully aware of what sensitive information is and what can and can’t be mentioned on profiles or in posts. Also, determine who is authorized to access corporate content and modify accounts on behalf of the company.

Remember that mobile devices such as smartphones and tablet PCs are also at risk from hackers, so be sure to specify if employees are permitted to access social networking from these devices.

2. Education and Training

Educating employees on the acceptable use of social media is essential to reducing the risks. Each employee represents the company, and a thoughtless tweet about a product launch or personnel change has the potential to damage reputations.

Consider limiting the posting of corporate data unless authorized and clearly state the consequences of failure to follow policy: disciplinary or dismissal procedures can be implemented for employees who violate policies. Although this may seem heavy handed, prevention is always better than cure.

3. Monitoring

Once a policy has been approved, it is important to monitor the activity relating to the business. Check the networks for the company or product names and find out what is being said. If customers are losing faith in the company, take the opportunity for promotion by addressing concerns. Failure to monitor on a regular basis could lead to loss of sales and damage to reputation. Monitoring can also be an opportunity to see what people are interested in, helping to shape future campaigns.

4. Maintenance and Updates

It is worth remembering that unless your web security software is capable of fulfilling the requirements stated in the policy, the policy itself will be useless. Regular reviews of software capabilities, changes to programs and security settings should be undertaken.

5. Incident Response Plan

If a business faces a crisis -- for example, loss of systems or product faults -- an incident response plan should include measures for addressing issues via social media. Recalling products and providing updates on service availability can provide customers with assurance that the issue is being dealt with. If handled swiftly and correctly this action could limit the impact on reputation.

What Next?

Social networking has evolved so rapidly that many companies struggle to keep up with the changes and subsequent implications. The growth shows no signs of slowing, so it is important to remain vigilant to the threats. Education is essential across all levels of the business to ensure that the advantages of using social media are not negated by the risks.

CS Risk Management is exhibiting at Infosecurity Europe 2013, April 23 – 25. For further information, please visit www.infosec.co.uk.

Add a Comment

You must log in to comment.