Managing social media

In Information Security ByTeam Acumin / 29th March 2012

You’d have thought social media was a simple thing: the two-way conversation where everyone’s connected, everyone’s linked, everyone’s liking, and everyone’s following. It’s a global world of connectivity, nonstop chitchat, an open existence where we learn, share and grow. At a basic level, yes, that’s social media defined perfectly, but as with any explanation of this kind, it merely touches the surface. Social media is much more than sum of its parts.

At first, many organisations were reluctant to be taken in by it all. They thought it was a fad, so to speak, extremely popular but transient. It’s time would pass. Everyone that took a sly little pop at it soon realised they had jumped the gun in their estimations. Everyone is now on Facebook, Twitter, LinkedIn, Tumblr and Pinterest to name the obvious few.

Initially, most organisations didn’t know what to do. They were connected, but didn’t fully understand how to “talk”, to disseminate and to engage. But, with the passage of time, they refined their approach, savvied up on the particulars and, with the help of experts, cracked it. They’ve even took the time out to develop authoritative social media policies (See the BBC’s English Region’s Social Media Strategy as one example).

However, this doesn’t imply that we’ve reached a level playing field. As we mentioned above, social media is a complex creature and a burgeoning one too. At RANT last night in London, Jitender Arora, chief information security officer (CISO) at GE Capital UK,  discussed whether such policies are suitable. His assertion is that “pragmatic” social media governance is more effective.

He makes a shrewd point. Businesses and indeed CISOs can’t cover every eventuality in a static document that sets the terms and conditions in stone. You simply can’t look over every eventuality across a number of different platforms, which although all connected in that they are social, are distinct in their makeup. Moreover, asks Mr Arora: “Are social media policies really effective in changing user behaviour?”

The obvious challenge is how one ensures that a business keeps its brand integrity intact when it publishes and engages on a macro level – a ubiquitous presence online, by virtue alone, opens them up to blunders. And these are the ones that can’t be quickly remedied for hope no one noticed. Your audience, online, is connected. They saw.

One of the more serious challenges is naturally concerned with data protection. Cyber criminals, as we know, possess many means to hack into websites and security systems, big and small. The consequences of having a social network hacked are not to be underplayed as a paper two years ago postulated. Produced by the Information Systems Audit and Control Association, the study stated that the biggest threats to organisations through this conduit are viruses, brand hijacking and loss of corporate content.

Which, funnily enough, brings us back to the central question: which is best, a pragmatic or following policy? Honestly, a bit of both perhaps. The UK has an “unwritten” constitution and it works; has done for many centuries. It responds and it grows. In the US they have a static constitution, which is superbly eloquent. It has been amended 27 times. Things change.

The next RANT forum takes place Near Earls court in London on Wednesday 25th April 2012. For more information, visit our website.