Compliance and Risk Management in the Age of Social Media

Numerous studies conducted over the last year or so have all come to recognize technology risks as one of the greatest threats facing companies and which must be quickly addressed by their risk management programs. Among the various types of risk factors present in this area, perhaps the foremost threat to an organization’s data is that posed by social media. Already cases have begun to pile up clearly illustrating the dangers inherent in these fairly new systems, dangers which have only seemed to multiply as these technologies have undergone their own exponential growth. The first thing that company leaders will need to understand when facing these threats is that these are not risks which can be easily avoided and shirked off because the greatest dangers here do not stem from anything the company may do themselves but rather from the unwitting actions of their employees.

In one recent highly publicized case involving a social media snafu, the CFO of Francesca’s Holdings let slip through a Twitter post, what on the surface may have appeared to be a seemingly innocent comment on his excitement following a meeting, but which really divulged confidential earnings information which appears to have brought about a spike in sales in the company’s stock shortly before earnings statements were made public. As a result of this accidental slip it seems that Francesca’s may now be facing an investigation and charges from the Securities and Exchange Commission. This is just one example of the myriad ways in which employees’ personal social media usage can bring about any number of breaches in their company’s corporate governance programs and do irreparable damage in turn.

Unfortunately, taking on these issues is no small task and will require a good deal of work on the part of an organization’s risk management and governance programs. To begin effectively addressing these issues before the threats they represent come to bear on a company, there are three straightforward points that companies will need follow. For starts, as in any thorough risk management strategy, the problem must first be identified and analyzed, and company leaders must be alerted to and made to recognize that these issues exist, that it is something that can cause their organizations untold losses if not taken care of quickly and successfully, and that no matter how daunting the task of coping with these threats may be, it is not an impossible task.

Second, those in charge of the organization’s compliance and risk strategies will need to begin working on developing a solution to the problem. However, the only real step that is assured of having the necessary effect of preventing breaches, such as that demonstrated by Francesca’s Holdings case, is through the thorough training and education of the company’s employees. As it is the employees who represent the greatest threat to their organization through social media then the best strategy for preventing this threat is to make these individuals aware the dangers at hand and the responsibilities they will have to take in preventing any breaches from occurring on this front. Finally, those in charge of these efforts will need to make the method for training and keeping their employees up to date on these issues as simple as possible. While the handling of social media risks may not be an easy responsibility, it is certainly a necessary one, particularly given the growth of these networks and the threats they represent, and the more quickly and effectively these needs are addressed the sooner the company takes itself out of harm’s way.

Written by