Corporate security: Balancing the risks and benefits of online communication

February 1, 2010

A recent report in the Financial Times (free registration required) again shines a bright light on the potential risks online communication via social media can bring to an organization (or “organisation,” if we’re staying true to the pink paper’s British heritage).

The piece was written by the head of a information risk management and e-discovery firm, likely surrounded all day by information technology professionals and lawyers and CROs. Those of us in the world of marketing and creativity and content creation come from a wildly different perspective, but we’re all ultimately working toward pretty much the same thing: success for our clients.

With that in mind, the article’s premise:

Not only do social networking processes give employees the ability to locate the right people, information and expertise quickly, but they also greatly aid external networking, sales and marketing activities.

The instant nature of communication in a Web 2.0 world is a major part of the business appeal of these tools – but there is a fine line to tread.

Information can easily be divulged, co-opted or misconstrued, opening enterprises up to great risk, ranging from embarrassment and reputation damage to business failure and other serious financial consequences.

The author cites a study that reports “an alarming 89 percent of UK businesses permitting social networking access have no dedicated guidelines in place to control its use and, ultimately, the spread of information through these channels” (emphasis mine). Thankfully, the author continues by calling efforts to simply block access to Web 2.0 or social networking sites “pointless.”

Instead of blocking access or prohibiting use, the author calls for a more measured approach: Create a policy to guide your employees’ use of social media. He’s coming at this from a technical and legal perspective, so for the sake of the liberal arts majors in the room, I’ll add: Don’t tell them what they can’t do; coach them to do things well.

For example, look at the policy our client Coca-Cola recently unveiled (PDF). It’s not a summation of what the company has prohibited its employees from doing. It’s a document that helps those employees be smart about what they’re likely already doing, acknowledging the important role online communication plays within the organization. Coke’s policy includes this gem:

The same rules that apply to our messaging and communications in traditional media still apply in the online social media space; simply because the development and implementation of an online social media program can be fast, easy, and inexpensive doesn’t mean that different rules apply.

The Company encourages all of its associates to explore and engage in social media communities at a level at which they feel comfortable. Have fun, but be smart. The best advice is to approach online worlds in the same way we do the physical one – by using sound judgment and common sense, by adhering to the Company’s values, and by following the Code of Business Conduct and all other applicable policies. [emphasis mine]

Back to the FT article:

However, while having a corporate policy in place may seem common sense, it is important to remember that any such policy is only as effective as its enforcement. … As Web 2.0 tools open up new, and often unrestrained, communication channels, failure to prepare for how staff will use them can result in lost productivity in the workplace – and possibly a breach of regulations.

Which reinforces something I’ve been hollering for years: Managing effective use of social media is a people problem — a management issue — at least as much, if not more so, than it is a “technology problem.” Act accordingly.

Photo courtesy of zach_manchester on Flickr