The Facebook data management and privacy accusation that implicated and ultimately led to the insolvency of the data analytical firm Cambridge Analytica in 2018 (The Guardian, 2018) highlighted yet another aspect of the cyber risk phenomenon that has become part of everyday life for most people: the need to protect privacy in an age which personal information is a tradeable commodity.
The magnitude of the rise of social media can be easily demonstrated if we consider two of the major companies involved. Twitter, the global messaging platform, had approximately 397 million active users as of July 2021 (Statista, 2021), whereas, Facebook, the social network company had approximately 2.8 billion active users as of July 2021 (Statista, 2021).
Of course, many organisations also recognise the benefits of social media and use it as a marketing tool, to provide essential information to stakeholders or to improve customer relationships through real-time engagement.
The advantages include greater efficiencies, enhanced brand reputation, real-time interaction and feedback, and reduced costs when compared to more traditional delivery methods.
Most technological advances introduce new risks which need to be managed, and social media is not excluded from this.
For example, in April 2018 an EasyJet pilot was sacked after he and his co-pilot were caught using the social media tool Snapchat (The Express, 2018). Innocent enough you may think, but in this instance they were in control of a passenger plane at 30,000 feet at the time. The pilot was using his own personal account, however, he was doing so during the course of his employment and potentially endangering the aircraft through such a distraction. Had EasyJet not acted quickly to resolve this issue, the consequences to the company may have been significant such as intervention by the Civil Aviation Authority and reputational damage leading to reduced passenger numbers and profits.
Public Sector organisations are not immune from the risks posed by use of social media. A report in the British Medical journal reported that over 1,200 NHS staff had been disciplined for social media use over a five-year period (The BMJ, 2018).
As we have seen, social media platforms themselves are not the risk in the events cited above – it is the way employees utilise these platforms that can potentially create harm to an organisation. Employees’ must be educated to the risks that the use of social media platforms may create so that their behaviours may be positively influenced.
Consider the following:
(a) Your business
Understand the type of organisation you are and your objectives. Are you a company that embraces social media for gain / brand / reputational enhancement? Do you rely on it to communicate and gauge the views of your stakeholders?
Failures in managing social media risk can potentially impact upon these objectives.
Consider the legal implications including, but not limited to, the Human Rights Act 1998, the Regulation of Investigatory Powers Act 2000, the Computer Misuse Act 1990, and the General Data Protection Act 2018.
(c) Risk Management
Organisations should exercise good governance and risk management practices through the process of risk assessment. This process will create focus upon the threats to your social media / communications strategies and reputation through unauthorised or inappropriate messaging by your employees. This will help you to identify where the most likely risks will occur, what the magnitude of impact may be, and how you should control these risks and mitigate any damage.
(d) Your employees, which type are they:
Official authorised – Employees with responsibility for managing, monitoring, and responding to Council social media sites.
Personal occasional – Those who use it occasionally as a personal communication tool.
Personal habitual – Those who use it habitually for personal purposes during their free time, which may include break times during the working day.
Personal refrainer – Those that do not have an account and refuse to interact with any social media
Employees at all levels of the organisational hierarchy can potentially create an adverse event which may impact upon the organisation. Consider which groups of employees would pose the highest threat.
Understand how this may come about and then develop your social media policy and control system:
Provide awareness training, guidance and information for all levels of the organisational hierarchy.
Implement the social media policy and issue associated guidance and ensure all employees understand them and the consequences of failure to adhere to them, including the potential for disciplinary action.
Continually monitor the use of social media platforms to ensure standards are being adhered to. Where behaviours fall below expectations and defined standards, learn lessons and seek improvements through corrective actions.
Management should conduct regular reviews of the social media policy, including adherence, to ensure that it continues to be fit for purpose. Social media platforms are evolving and so is the methods of interaction by users – your policy must evolve over time to reflect changes in platforms and behaviours.
Social media provides easy access platforms for organisations to access potentially large numbers of people quickly and efficiently in order to improve brand awareness, real-time stakeholder interactions and relationships, customer services, and communications. The benefits can be gained across all industries and sectors.
Many large organisations use social media successfully, recognising employees as brand ambassadors and encouraging them to use social media platforms.
Balancing the potential upsides against the potential downsides is essential in these circumstances. As an example, Coca Cola (The Coca-Cola Company 2016) have set 5 key principles to be adhered to by its employees. One principle states ‘You are responsible for your actions. We encourage you to get online and have fun, but use sound judgment and common sense’
Common sense and sound judgement may not always be fully relied upon. People do not always behave as they may be expected to. Behaviours are often influenced by contextual issues. Like Coca Cola, you may wish to encourage social media use, but a balance must be struck as you also have to ensure that social responsibility is respected and adhered to through compliance with your social media policy. All levels of the organisational hierarchy need to appreciate their responsibilities when using social media platforms and the potential consequences that they and the organisation are exposed to in the information age.