Sunday, December 26th, 2010
Enterprise social networking requires a certain degree of openness to work and to succeed, but this introduces new risks around privacy and security, intellectual property, and misrepresentation by employees. An important first step in instituting proper corporate governance is to honestly assess where the key risks might be. At the end of the day, it is more important to be aware of and manage risk rather than try to avoid risk altogether because that is costly, frustrating, and impossible. The optimal level of risk is not zero; it’s just something we need to acknowledge, mitigate, and manage.
- Privacy and Security. The biggest security risks around enterprise social networking are generally not related to technology. They involve identity and privacy. There is a wealth of personal information about individuals available on social networking sites. To establish their identity and build rapport with their friend connections, people are for the most part very forthcoming with personal data such as date of birth, education, employment history, and the like. But especially without the right privacy settings in place, members of online social networking sites could become easy targets for identity theft. Seemingly harmless pieces of information such as your hometown or pet’s name are often the same kinds of security questions used by other sites, such as banking sites, to verify your identity.
- Intellectual Property and Confidentiality. The second big risk area for businesses around social networking is safeguarding intellectual property and confidentiality against competitive or malicious threats. Sites like Facebook and LinkedIn remove a lot of barriers for interacting with customers and others in the community at large for productive activities such as marketing, sales, product innovation, and recruiting but also expose your business to the risk of data being shared with the wrong people.
- Data Ownership. An important issue to keep in mind is ownership of data and content related to your brand generated on Twitter or Facebook Pages. At least in the Facebook terms of service, this is owned by Facebook. Facebook has always maintained open access to this data for brands and Page owners, but from a legal perspective it’s important to recognize this technicality. For this reason, it is recommended that any content or information that requires clear ownership and confidentiality that you do choose to publish to social networking sites appear via a platform application you commission for this purpose rather than through the out-of-the-box mechanisms provided by the site.
- Employee Productivity. One risk of encouraging Facebook is that your employees waste all their time on non-business related activities such as socializing with friends, uploading pictures, and playing Farmville or Mafia Wars. Businesses can mitigate this risk by restricting access to certain parts of Facebook from the company network or by developing and communicating clear social media guidelines for employees, as we will discuss below.
- Brand misrepresentation. Last, but not least, the openness of social media may increase the opportunities for your employees to speak out of turn and potentially misrepresent your brand to customers, partners, and the public at large, either purposefully or inadvertently. For the former, you could imagine, for example, a disgruntled former employee who was fired might attempt to retaliate by saying negative things about your company on public forums in Facebook. For the latter, a common example involves employees who carelessly or unknowingly post inappropriate public photos on their Facebook profile, which then reflects badly on your company. As we discuss in the next section, it’s very important to develop a social media policy and make sure employees and others receive the proper training before they are allowed to participate.