acuia social media morris... · 2018-04-28 · training on social media steps to training employees...

ACUIA – Social Media

© 2012 Crowe Horwath LLP 2 Audit | Tax | Advisory | Risk | Performance

The Unique Alternative to the Big Four®

Agenda

Social Media Uncovered

Use of social media by organizations and their

employees

Risks and Rewards

Challenges and benefits associated with connection and

communication

Taking action

How to manage risks through policies, education, and

monitoring



Social Media Revolution 2012

Is social media a fad?

http://www.youtube.com/watch?v=0eUeL3n7fDs



Still think social media is a fad?

Source http://www.crowehorwath.com/socialmedia



“You can either get on the social bus or you can get dragged

behind it, your choice.”

CIO Magazine



Definitions

What is Social Media? The Message

Media designed to be disseminated through social networks

Created using highly accessible and scalable publishing techniques

Examples include, Posts, Tweets, Groups, Applications

What is a Social Network? The Connection

A social network service focuses on building and reflecting of social networks or social

relations among people who share interests and/or activities.

Instant communication to the masses, feeling of community



Organizations get in the Game

Leverage Social Networks to reach the millions of Americans

participating

Brand Awareness and Loyalty - Spread the word from supporters to friends

Recruit employees

Get critical feedback on products, ideas

Post promotions, contests, etc.

Many employees leverage social networks to build their network

LinkedIn used to target customers

Building strong connections with business contacts by engaging in day to day

life



5 Ways Financial Institutions Continue to use Social Media

Community Building

Example: Mobank

Product Research

Example: 1st Mariner Bank

• Customer Service

• Marketing and Promotion

• Transparency

Source: 5 Ways Banks Continue to Use Social Media, http://socialmediabanking.blogspot.com/2011/09/five-ways-banks-continue-to-use-social.html

Example: Bank of America

Twitter: @BofA_Help Example: Nicolet National Bank

Example: Citi



2012 – Norton Cybercrime Report



2011 - Symantec State of Security Survey

Symantec recently released their

2011 State of Security Survey

In this, 46% of survey respondents

reported that social media is a

“somewhat/extremely significant

industry trend affecting difficulty of

security”, second only to mobile

devices.

Additionally, among SMBs surveyed,

20% of respondents incurred at least

$100,000 in expenses from attacks

within the last year.

The top sources of these costs were: Lost productivity and revenue

Lost organizational, customer or employee data

Damage to company’s brand/reputation



Social Media Considerations and Risks

Reputational & Financial

Risks

Information Security &

Privacy Risks

Employment Risks



Reputational Risks: Your Company’s Image Online

Do you understand how your organization is represented online?

Employees, customers, and affiliates

Fact or fiction

Brand hijacking

ReTweet – messages multiply

Financial Impact

False “news” could be posted that could impact stock price, financial

transactions, etc.

Example: November 2010—A single tweet said a Qantas© plane had

crashed. Stock price immediately dropped 5%.



Reputational Risks: Your Company’s Image Online

Chrysler’s Twitter Account

Employee believed they were posting to their personal account.

“Whoa – what? RT @chryslerautos: I find it ironic that Detroit is known as the

#motorcity and yet no one here knows how to (expletive) drive.”

Quantas Twitter Campaign

During a marketing campaign asking people to use the #QuantasLuxury hashtag, all

of the planes were grounded.

BREAKING NEWS: Quantas introduce #QuantasLuxury class. Same as standard class, but

the plane leaves the ground.



Information Security Risks

Clickjacking

Users are generally

unaware that it has happened.

Link Shortening

Convenient for posting, especially with space limitations.

Where does it lead to?

Rogue Applications

Anyone can create an application.

The developer determines what information

they want access to.

Users don’t understand the risks of allowing

access to their information.



Blocking Social Media

Proofpoint July 2010 Survey

Roughly half of large enterprises

explicitly prohibit the use of social

networks.

Facebook – 53%

Twitter – 49%

“Where there's a will, there's a

way”

200 million people access

Facebook via a mobile device each

day

Excel spreadsheet = Facebook HardlyWork.in



Legal and Employment Risks

Firing employees based on Social Media posts

National Labor Relations Report

Hiring employees

What’s true, what’s false, and what’s been inflated?

Employee’s right to privacy

What are an employer’s rights to pursue action when the content is private?

FTC regulations

All posts made on your company’s websites or by your employees must be

transparent, accurate.



Inappropriate vs. Appropriate Social Media Postings



Appropriate, Inappropriate or Not Sure?



Taking action

How to manage risks through policies, education, and

monitoring



Perform a Risk Assessment

What are the risks out there?

Have you considered likelihood of occurrence?

What is the potential damage?

How strong are the controls you already have in place?



Social Media Risk Assessment – 4 Step Approach

Risk Scenario Inventory

Identify risk scenarios from within and outside of the company

Library of risk scenarios

Assess Impact of Risks

Likelihood and Impact

Inherent risk

Controls in place to reduce inherent risk

Residual risk

Prioritized/ranked list of risks

Manage/Mitigate Ranked Risks

Combination of people, process and technology(s)

Monitor and Enhance

On-going monitoring

Potential enhancement of mitigating controls to manage new risk scenarios



Crafting an Effective Social Media Policy

Prepare to create/modify your policies by engaging a multidisciplinary

team:

HR

Recruiting

Legal

Marketing

IT

Risk Management

Public Relations

Compliance

Senior Leadership



Evolution of Social Media Use/Progression in Organizations

Marketing, Communications/PR

Marketing often overseer of social media brand presence

Communications responsible for organizational branding

HR and Legal

HR or Legal often responsible for defining the use of social media by employees

Legal provides guidance on appropriate use of social media from a compliance

perspective

Security and IT

IT is now being charged with review of “data loss prevention”

Security is called in when a threat of breach or actual breach occurs

Risk Management

Relatively fresh involvement from risk management groups

Very few organizations have actually conducted a risk assessment of social media

Internal Audit

Being built into audit plans on an annual basis



Common Policies Needed to Mitigate Risk

Appropriate Use of Social Media Sites

On work equipment or during work hours on

personally owned equipment

For business use vs. for personal use

May need to consider different business

needs of different departments

At any time that impacts the company, its

information and its reputation

Description of what is appropriate based on

legal/HR input

Suggested Departments Involved:

HR – for employment law/HR implications

IT – for monitoring/bandwidth analysis

Department Heads – understand business

need



Common Policies Needed to Mitigate Risk, cont.

Information Security Policies and Procedures

Phishing and Malware prevention standards and

policies

Procedures to follow in the event of believed

compromise

Communication of the risks of over sharing

information on the company

Nondisclosure Agreement

Should cover releases of information in all forms

including Social Media

Should cover intellectual property, company

strategy, and customer info


HR – employee HR implications

IT – current/future IT standards/procedures

Legal – understanding law and content of NDA

http://riseabovethestatic.com




Human Resources Policies and Procedures

Candidate screening procedures that consider Social Media.

If, when and how management will

access and/or review employee

personal social media sites.

Termination policies that establish

grounds for termination, and

appropriately align with

employment contracts, labor

agreements, state laws.

• Suggested Departments Involved:

HR – current/future practices

Legal – current case law on social media

Department Heads – agreement with policies set forth




Marketing and Communication Policies and Procedures

Highly dependent on your corporate strategy for social media.

Consider policies and procedures on how new campaigns, ideas will be

generated, vetted, and approved.

When to engage the multidisciplinary team.

Consider policies on how you will monitor Social Media buzz, and respond

where appropriate.


Marketing – current/future strategy

and business needs/use

HR – implications of improper

communications

IT – incident response/monitoring



Communicating Social Media Policies

Communicate your Corporate Social Media

strategy

How you will use Social Media? Why you

will avoid Social Media?

Talk about the risks and rewards of Social

Media with your employees

Communicate when policies are updated,

when practices change significantly, and in

the event of an incident

This should occur at least annually



Training on Social Media

Steps to training employees and mitigating your risk

Step 1 – Communicate your strategy to your employees.

Help them understand why you’re using social media.

How it’s going to help you reach your business goals.

Step 2 – Understand your employees and the risk.

How are they using social media.

When are they using social media.

Perform a social media risk assessment.

Step 3 – Tailor training to employees.

Focus your training on the areas identified above.

Use real life examples to enforce your points.

Step 4 – Modify as necessary.

Today it’s Facebook and Twitter, tomorrow it will be something else.

Focus on content distribution, not the networks on which it’s distributed.

Retrain as necessary, just like information security, as it’s constantly changing.



Availability of Technology/Tools for Social Media Management

Category 1 – Listening

Listening to customers

Examples Radian6; Lithium; NM Incite; Attensity, Jive etc.

Category 2 – Social Media Management

Organize, manage the entire social media publishing lifecycle

May or may not have strong out-of-the box compliance

Examples Hootsuite, Actiance, Sprinklr, Expion etc.

Category 3 – Regulatory Compliance

Complying with internal policies and/or regulatory requirements

Examples Social iQ Networks, SocialLogix, Kronovia, Smarsh etc.



Conclusions – What We Learned Today

What are social networks and what is social media

Why you should care about social networks

Addressing potential risks from social networks

What is and is not appropriate to post on a social media site

Legal aspects

Taking action to mitigate social media risks

In Summary: Social Media

May have significant organizational risks and rewards

Although regulators are playing catch-up, organizations should take

proactive steps towards social media

Policies, procedures and appropriate staff training

Monitor your organization on social media



Final Thoughts – Questions



Crowe Horwath LLP is an independent member of Crowe Horwath International, a Swiss verein. Each member firm of Crowe Horwath International is a separate

and independent legal entity. Crowe Horwath LLP and its affiliates are not responsible or liable for any acts or omissions of Crowe Horwath International or any

other member of Crowe Horwath International and specifically disclaim any and all responsibility or liability for acts or omissions of Crowe Horwath International or

any other Crowe Horwath International member. Accountancy services in Kansas and North Carolina are rendered by Crowe Chizek LLP, which is not a member

of Crowe Horwath International. This material is for informational purposes only and should not be construed as financial or legal advice. Please seek guidance

specific to your organization from qualified advisers in your jurisdiction. © 2011 Crowe Horwath LLP

For more information, contact:

Lucas Morris

630.574.1850

[email protected]

Raj Chaudhary

312.899.7008

[email protected]

mailto:[email protected]



acuia social media morris... · 2018-04-28 · training on social media steps to training employees...

Documents