Stay safe on social media

Social media is a cost-effective tool of mass communication for organisations. However, it poses significant fraud and reputational risks, and companies must put in place stringent safeguards before venturing out.

social media icons placed next to a laptop
Most organisations have a presence on social media today in order to capitalise on its potential as an inexpensive, large-scale communication tool — whether it is to further a cause, generate publicity, or generally be noticed by specific target groups. A social media presence offers a channel of direct, real-time communication with target consumers, of products and services. It provides an excellent opportunity for primary market research into the target consumer group by offering opportunities to gauge public sentiment about a company’s brand, and even facilitates sales. It allows organisations to engage with their stakeholders at a fraction of the cost that may be incurred when using traditional media, and at the same time offers a competitive edge over competitors who may be social media shy or may not be using it effectively.
However, social media’s fundamental tenet of promoting free thought and open communication poses significant fraud and reputational risks to organisations. Given the speed of dissemination of information (or misinformation) on social media, using these platforms without deploying adequate safeguards may result in unwanted consequences, which at times, discourage organisations from using them.
Risks and mitigation measures
Many organisations tend to be wary of being on social media because of the imperative of data protection. Since exposure and/or misuse of confidential or proprietary information are serious business risks, the issue of security of data and protection of proprietary information must be addressed before organisations begin to use social media platforms. Lack of awareness or failure to regularly review and update privacy and security settings could mean that organisations may inadvertently be revealing confidential data such as personal and financial information or business intelligence to competition, or may even be providing access to information without appropriate copyright permissions or licences. It is essential, therefore, to ensure that overall settings are reviewed regularly in addition to individual post settings carefully checked before any material is posted.
Verification of facts prior to posting information may also be overlooked in the rush to be the ‘first to post’, potentially resulting in the rapid spread of misinformation. It is important to create a strong gatekeeping process to verify and review all content that is posted online, anticipating all possible reactions to it and monitoring the reaction posts to understand public sentiment and protect the information from potential misuse. There are tools available to monitor and analyse brand mentions on social media that can help understand how the brand is perceived and take corrective action wherever necessary.
Fake social media profiles created by fraudsters have also come to light, purportedly offering job opportunities on behalf of organisations. These may also be used for identity theft, as unsuspecting job-seekers may share personal information in good faith on these channels. Unethical competitors may also run smear campaigns using fake accounts to post unfavourable product or service reviews. In such instances, if the organisation earns a bad name due to the actions of fraudsters, sometimes offense is the only viable defence. Organisations must be prepared to react quickly, offering clarifications or responses wherever necessary and proactively reaching out to stakeholders to warn them about the scam.
Customer complaints on social media have also been known to go viral, especially since removing offending posts on social media is difficult. Disgruntled customers can pose a significant risk of bad-mouthing the brand on social media, causing damage to the brand and preventing resolution. Setting up closed groups or specified channels to deal with grievances may help prevent negative comments reaching a wider audience base.
Good practices
There are some good practices that can be established pre-emptively to safeguard an organisation’s brand online and mitigate some of the risks involved. Measures such as regular employee awareness and training programmes that set out clear guidelines on what content is permissible for social media sharing, who is authorised to comment in an official capacity, disclaimers that must be used on personal profiles, etc., may prevent brand misuse, while promoting the brand name in a positive light. Dedicated training programmes that address known risks and help employees understand the potential implications of their actions on social media could also be useful.
Further, managing employee accessibility to social media sites through content filtering or by limiting network throughput may be helpful. Employees often use smartphones to access social media sites, opening up the risk of malware entering the network. Appropriate controls may need to be installed and continuously updated on mobile devices to better manage such risks.
In our experience, having a social media response plan is also an essential element of safe social media use. Organisations may not always be able to prevent a social media incident, but they can be better prepared to deal with it. A reaction plan with corresponding timelines to deal with well-known instances of social media fraud may help limit the spread of misinformation and control the damage. Such a plan could include aspects such as defining what steps may be taken in particular scenarios, who should be accountable for executing the action required and in what timeframe, how to assess and contain the damage, and what must be done if a negative incident has gone viral. The speed of response is often critical in such incidents, as negative information unfortunately tends to snowball quickly.
It must also be noted that the pace of technological advances may mean that some risks are unforeseeable at the time of formulating social media policies. Therefore, it is important to create a culture of diligence and build processes to regularly review and update guidelines and response plans for organizations to be able to embrace these platforms safely.
Other considerations
Misuse of the brand name, data confidentiality and protection, and alignment of content with brand values are concerns for all organisations, irrespective of which sector they operate in or what type of business they have. Hence, the decision to build an internal social media team or seek help from a specialist agency does not depend on the nature of the business. Rather, factors such as cost and expertise tend to be the major concerns affecting this decision.
Additionally, each organisation has its own set of priorities and purposes for being on social media, and the decision to set up a corporate social media handle (usually the case with B2C organisations) or individual handles for the CEO or top management (often opted for by smaller organisations) should be made considering the target audience and its size as well the needs of the business and its customers.
If these aspects are kept in mind and adequate safeguards adopted to prevent fraud and misuse, social media platforms may help organisations make social media a robust channel to grow business, attract quality talent and gain customer loyalty.
About the author:
Sumit Makhija is Partner – Forensic, Financial Advisory Services at DeloitteTouche Tohmatsu India LLP.

Add new comment