This week, I took a course centering around Social Media and the risks SM poses to an organization’s security posture. It’s been very interesting to see how SM has changed the way we communicate, from building new connections, sharing content and reporting the news.
Events around the world have utilized Social Media, and even been shaped by it. Some have said that the future may not be televised, but it will be blogged, tweeted, and shared on Facebook. Celebrities, Congressmen and companies have become both famous and infamous using SM. There are lots of reasons to make good use of social media, and tons of examples of how NOT to use it.
The course I took, Social Media Security Professional Certification (SMSP) , examines social networking channels and the risks they may pose to the security posture of an organization. It covers use of social media, skills and tools necessary to anticipate attacks and guard sensitive information, and how to quickly respond in the event of a social-media related security incident. While it was geared towards corporate / organization use, there were useful lessons for anyone who uses social media.
Have a policy.
Whether you have one or not, your users and customers are using social media….and you don’t want your employees speaking for you in ways that reflect poorly on your company. The lack of having a social media policy can also increase the risk for workplace bullying and harrassment. Develop clear rules and guidelines on how to use social media within your company, and also how it reflects on your company even outside of work. Make sure that employees are aware of the policies, and conduct refresher training regularly.
Listen first, then talk.
The half-life of an Internet ‘story’ can be very short, but if you make a mistake, it can live for a long time in the Web’s collective memory. It may be tempting to get your two cents in, but engaging in a Twitter war isn’t likely to make you look good, even you are 100% in the right. Very few will remember what you did right….but EVERYBODY will remember what you did wrong. Take the time to evaluate the situation, develop a reasoned response, THEN get your best message out there.
Respond, Don’t React.
When dealing with a social media issue (a bad review, customer service problem, etc), get in front of it quickly, so that it doesn’t escalate. JP Morgan learned the hard way. After asking for Twitter input for a Q&A with chairman Jimmy Lee, the overwhelming wave of negative Tweets caused them to quickly cancel the session. While it may be tempting to quickly fire back a clever tweet to catch part of the buzz around a trending topic, there are plenty of examples that don’t look nearly as clever after the fact. Take the time to evaluate your response BEFORE it can’t be recalled.
There’s no doubt that social media is a big part of our IT landscape, and we have to learn how to use it well. While it takes years to build a reputation, social media makes it possible to communicate instantly….and not always with positive results. Getting the right message out there is more important than just getting in front.