Managing Enterprisewide Social Media Risks

May 18, 2011Net.Finance 2011

Palmer House Hilton Hotel

Jesse TorresPan American Bank, Los Angeles, CA

www.PanAmericanBank.us

2

Social Media is Everywhere!

Facebook: Over 500 million worldwide active users.

Twitter: Over 155 million tweets per day.

LinkedIn: Over 100 million professionals subscribed.

Blogs: Hundreds of millions in English.

3

And everyone is Connected!

4

Social Media is No Longer Just Fun and Games

5

Social Media Can Be No Fun At All

6

Social Media Happens!

During the work dayDuring the sermonDuring highly

informative conference presentations

We cannot control what is uncontrollable.

We must adapt to the new reality.

7

Social Media Brings Risk

8

Social Media Risks Are People Risks

9

People Risks are the WORST Kind of Risks

10

What Can We Do?

11

What Else Can We Do?

12

Be Prepared!

13

Identifying the Risks

Social media-related risks are not technology risks.

It is the “social” in social media that creates the risks.

For organizations, social media risks can be classified into three types (Human Resource Risk Model):Pre-Employment RisksEmployment RisksTermination Risks

14

Pre-Employment RisksThese risks involve the use

of social media during the application phase. Generally this involves the review of social media sites as part of screening process.

Restricted only to information publicly available?

Consideration only of “permissible” information?

Organization may fail to hire a future star performer due to some “unusual” or “quirky” information found.

15

Employment RisksThese risks involve the employee’s use

of social media during company and personal time.

Employee access to social media during the workday. Loss of productivity Liability related to employee comments

(includes regulatory risks) Disclosure of confidential information

(customer and company information) Malware infections

Employee access to social media during personal time. Liability related to employee comments

(includes regulatory risks) Disclosure of confidential information

16

Termination RisksThese risks involve the termination

of employees for inappropriate use of social media and related activities.

Compliance with National Labor Relations Act and related state laws.

Compliance with Federal Stored Communications Act and related state laws.

Compliance with policy statements and organizations norms.

Compliance with other related laws, rules and regulations.

17

Enterprisewide Risk Mitigation

Plan/StrategyPolicyTrainingRisk AssessmentAudit

18

Step One – Determine StrategyHow does/will the organization use social media?

Brand Awareness/MarketingBusiness Development/SalesCustomer RetentionCommunity OutreachCustomer ServiceEtc.

At a minimum, organizations should be “listening” to what is being said about the organization (Google Alerts, SocialMention, etc.).

19

Step Two – Create a PolicyProvides baseline knowledge to all employees regarding

social media and its acceptable range of uses.Informs employees in a formal written manner of the

“ground rules” regarding the use of social media.Provides a list of “Do Nots!” – things that under any

circumstance employees should do not do (e.g., use of profanity, disclosure of employee or customer personal information, etc.).

Formal written guidance ensures that everyone involved in social media activities acts in a consistent manner that works to enhance the company’s brand.

Strong social media policies allow companies to unleash its cadre of social media-savvy employees, creating greater exposure and opportunities.

20

10 Guidelines for Crafting a Policy1) Provide the policy to EVERYONE.2) Make the policy a living, breathing document.3) Monitor others’ social media failures and successes as well as

evolution.4) Make the policy broad in application.5) Disclaim when possible.6) Remind employees that they are Brand Ambassadors. 7) Be honest and transparent but also confidential.8) Give employees leeway to respond in their own voice.9) If necessary, consider invoking a social media review process.10) Experiment and Have Fun.

Download “Creating An Ironclad Social Media Policy” at

http://bit.ly/smpolicyguide

21

Step Three – Train the StaffWhy create a strategy and

policy if you are not going to train employees on how to implement it properly.

Employees want to do the right thing. Show them the way!

Trained staff can be unleashed on the social media universe to evangelize on behalf of the organization. Staff that is not trained will continue to stick things up their noses.

22

Step Four – Conduct a Risk AssessmentRegulators and auditors treat social media

as a service. Any new service must have a risk assessment completed.

The organization’s internal auditors are best suited to conduct the risk assessment.

23

Step Five – Audit the ResultsInclude social media components as part of

the regular audit calendar. Social media page content reviewed as part of

regulatory compliance review (advertising regs, broker/dealer regs, infosec regs, etc.).

Social media background checks as part of human resources audit.

Etc.

The completed risk assessment (Step Four) will provide the auditors with the information needed to plan the audits.

24

Shameless PlugHuman Resources Guide to Social Media

Risks

25

Questions

26

Contact InfoJesse TorresPresident & CEOPan American Bank(323) 264-3310MrJesseTorres@gmail.com

Download this presentation at: http://bit.ly/socialmedia2011-05-18