Set social media risk management policies by preparing for the worst

Social media can be used as a tool or a weapon, and it’s important to be aware of the powers and the dangers inherent to it. I will probably let my young son tweet before I let him use my chainsaw, but the warning lecture will be no less graphic.

    Requires Free Membership to View

Adrian Bowles

We may have just seen the first -- but far from the last -- high-profile case of professional suicide by Twitter. Rep. Anthony Weiner (D-N.Y.), made several technical and tactical errors with social media that contributed to his resignation after lewd photos were displayed to the world via Twitter.

In a similar case receiving less coverage in the United States, Canadian political candidate George Lepp tried to explain a questionable photograph by claiming it was taken inadvertently when his BlackBerry was in camera mode in his front pocket, and sent out by an unknown person. This impossible account led to a very public and embarrassing search for plausible alternative explanations.

Both are cases of easily avoidable injury, so perhaps it’s time to consider a few social media risk management guidelines to stem the tide of such needless incidents.

Social media provides a set of tools. Results will largely depend on understanding how the technology works, and how others may exploit it. It is easy to go too far in constraining the use of social media, which deprives users of many of the benefits. For example, in my town the board of education recently enacted a social media risk management policy for teachers and administrators. It sparked a backlash, as the policy explicitly forbade a variety of generally innocuous activities in an attempt to prevent some serious problems. However, those were already covered by existing policies and common sense. In other words, it ruled out the possibility of positive interaction between teachers and students to avoid potentially damaging ones.

A balance between draconian measures and anarchy surrounding social media risk management is required. With that in mind, here are four assumptions to provide a starting point for social media risk policies for individuals and enterprises.

Assume that you will make mistakes. Forgetting to put a “d” at the beginning of a DM (direct message in Twitter -- one that can be seen by only an individual recipient) is basic, but everyone I know has a personal story of (t)error on this one. In my own experience, it has been known to happen when I use TweetDeck on my iPhone from a train without bothering to put on my glasses. Committing this common error started the public unraveling of Anthony Weiner.

Policy implication: Nothing that could conceivably damage the safety, security or reputation of you or your enterprise should be transmitted by DM. This means that messages must be classified according to the potential risk of unrestricted distribution. Any item that has a high risk should be transmitted using encryption, or at the very least to only individuals known to follow these policies themselves.

Assume that others will make mistakes. Countless cases of individuals sending emails inadvertently using “Reply All” should have taught us that nobody can be counted on to be error-free. The analogs with social media include responding to someone on their (public) Facebook wall instead of sending a private message, or having the recipient of a DM respond with a public message. It happens. Plan for it.

Policy implication: Make it difficult for others to expose your secrets through carelessness. Do not use social media for antisocial messages.

Assume that someone is out to get you. Paranoid? Perhaps, but who in business or politics has nobody who would delight in their downfall? Weiner may have sent pictures to individuals who appeared willing to receive them, but his enemies soon convinced recipients to share the pictures for political purposes.

Policy implication: Recipients of sensitive material must be vetted and classified. In Facebook, start by limiting access to friends rather than friends of friends (or limit Facebook use to purely personal topics). For Twitter, use the same criteria you would use for a nonsecure telephone line.

Assume that your phone or laptop will fall into the wrong hands. While the Lepp situation is unresolved, it is clear that personal mobile devices do fall into the wrong hands. I recently received a text from a colleague I know well, and the content was inappropriate. The next day I learned that her phone had been “borrowed” by a prankster.

Policy implication: For most of us, the value of our reputation and data far outweighs the replacement value of a device. Always use password protection, selectively use encryption, and have a remote wipe contingency plan for all digital devices that could be used to send out messages “from” you. Passwords for social media accounts should be as strong and as secret as those for financial accounts.

Adrian Bowles has more than 25 years of experience as an analyst, practitioner and academic in IT, with a focus on IT strategy and management. He is the founder of SIG411 LLC, an advisory services firm in Westport, Conn., and director of the Sustainability Leadership Council.

This was first published in June 2011

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.