Managing Social Media Risk, Part 1: Defining Governance Structure

Blog   /   Social
Image by dmerti
Image by dmerti

This is the first installment of a three-part series on how to organize the enterprise for social media risk management by Dave Meizlik, the Vice President of Marketing at Nexgate. To learn how your enterprise can integrate social media risk management across every department, download the white paper from HootSuite Enterprise and Nexgate, Mapping Roles and Responsibilities for Social Media Risk.

Download Now

More than seven of every ten U.S. adult Internet users are on social media. With such massive proliferation comes the opportunity for brands of all kinds to engage with customers and partners on a huge scale and in real time. And this is exactly what they’ve done: 77% of the Fortune 500 is now using Twitter, 70% is using Facebook, and 69% is on YouTube. Now more than ever, brands are using social media to engage with customers, advertise their products, recruit great talent, and conduct research on their customers and competitors.

But with these benefits also comes risk – if mismanaged, social media can damage a company’s reputation, leak confidential information, or lead to regulatory and compliance violations or identity theft in a matter of seconds. The manifestation of social media risk can range from as minor as an unsatisfied customer tweeting his or her frustrations, to as extreme as the $200 billion hit on the U.S. stock markets after a fraudulent tweet, supposedly from the Associated Press, claimed an explosion had occurred at the White House. And no one is immune to these dangers: big names like Microsoft/Skype, Justin Bieber, and Snapchat have all been targets of hacks just within the past few months.

To prevent these kinds of gaffes from happening at any level, organizations must take steps to control the downsides of social media and minimize risk by creating a clear governance structure.

Who’s Responsible for Social Media Risk?

Defining which roles should be involved in social media is no easy task. The unique nature of social media means that responsibility for managing and mitigating risk can be difficult to pin down. For example, the CIO, if the company has one, is recognizably the person responsible for managing IT risks like hardware downtime and stopping hackers. Similarly, when it comes to managing financial risks, like keeping track of regulatory, fraud, and interest rate changes, it’s pretty clear that the CFO should be responsible for ensuring that those types of risks don’t significantly affect the company. But who is responsible for social media risk?

In fact, responsibility for managing social risk often spreads across numerous departments, including marketing, IT, communications, legal, audit, risk, and human resources. Relying on one department or job title simply doesn’t cut it. Objectives for social media programs can vary by company and even within the company itself, as can the creation, management, and policy controls across accounts and communications. All of this makes for even greater complexity – and room for things to go wrong.

Creating a solid foundation for your social media risk management program means first establishing a governance structure across departments. This structure is usually fronted by the head of social media, who leads a working group made up of representatives from marketing management, IT, social media marketing, legal and audit, and human resources. The governance architecture should not only explain who is responsible for what, but also address such things as the scope of your social media efforts, branding guidelines, approval processes, continuity planning, and training and education.

The best way for companies to align organizational responsibility and governance is to break down each necessary department into smaller pieces, such as by title and responsibility. Here’s how social media responsibilities are distributed in the typical enterprise:

Marketing and Communications Management

  • Representative Titles: CMO, VP of Marketing, VP of Corporate Communications

  • Social Media Responsibilities:

    • Generally serves as executive sponsor or executive owner of social media initiatives within an overall marketing and brand management effort

    • Responsible for the success and failure of social media efforts, including social activity and brand presence, ROI, and any associated crises

Information Technology

  • Representative Titles: CIO, CISO

  • Social Media Responsibilities:

    • Usually the executive co-sponsor of social media initiatives and efforts within the overall information technology or security architecture

    • Social media compliance

    • Privacy

    • Protection of intellectual property and company information

    • Channel security breaches

Social Media Technology

  • Representative Titles: CTO, Enterprise Architect, Digital Security Manager, and Digital Infrastructure Manager

  • Social Media Responsibilities:

    • Selection, deployment and standardization of social media management applications

    • Social media account management, social media policy enforcement, and social media training

Social Media Marketing

  • Representative Titles: Director/Manager of Social Media, Director/Manager of Digital Marketing, Director/Manager of Corporate Communications, and any agencies with social media responsibility

  • Social Media Responsibilities:

    • Day-to-day management of social efforts, including channel management, content creation, and approval

    • Channel and application security

    • Initial crisis identification and response

Social Community Management and Customer Service

  • Representative Titles: Social Community Manager and Social Customer Service Manager

  • Social Media Responsibilities:

    • Day-to-day customer interaction

    • Community management

    • Monitoring of the community and brand in the social landscape

    • Management of acceptable use policies

Legal and Audit

  • Representative Titles: CLO, CCO, CRO, Compliance Manager, and Audit Manager

  • Social Media Responsibilities:

    • Regulatory and legal compliance

    • Oversight of social media policies and governance

    • Auditing of brand accounts

    • Fraud identification and management

    • Brand compliance across social networks

    • Identification and addressing of brand hijacking

    • Brand/reputation management and protection

Human Resources

  • Representative Titles: CPO and Director/Manager of Human Resources

  • Social Media Responsibilities:

    • Employee oversight

    • Training on social media governance, policies, and tools

    • Management of internal non-compliance with social media policies

By effectively mapping these roles and responsibilities, your social media program can more effectively define policy, enforce compliance, and address security risks. However, creating a governance plan is only the first step. Stay tuned for next week, when we’ll dive into the steps your team can take to work together effectively and address common scenarios and problems that arise in social media risk management.

To learn more about creating a successful, integrative social media strategy, download HootSuite and Nexgate’s white paper, Mapping Roles and Responsibilities for Social Media Risk. More information about the HootSuite and Nexgate partnership can be found in our on-demand webinar, Secure Your Social Enterprise With HootSuite and Nexgate.

Dave Meizlik - 400Dave Meizlik is the Vice President of Marketing at Nexgate, a HootSuite partner that provides cloud-based brand protection and compliance for enterprise social media accounts. Nexgate’s patent-pending technology is used by some of the world’s largest financial services, pharmaceutical, Internet security, manufacturing, media, and retail organizations to find and audit brand affiliated accounts, control connected applications, detect and remediate compliance risks, archive communications, and detect fraud and account hacking.