Social Media -- What's the Real Impact to the Organization?By Sonny Discini
August 2, 2010
All of us have seen Facebook or Twitter by now. We've also seen countless stories on how images of drunken debauchery have made it to the inbox of the CEO. All of us know it's a bad idea to mix personal experiences with our profession, but has anyone truly considered the real impact of social media on the organization?
The problem: Social networks we're creating online do not match the ones we already have in real life. This goes for the business as well.
Before we can understand the impact, we must understand the fundamental problem with social networks.
Our lives have many peer groups. Some are professional, some are family, and then we have a variety of groups of friends. This has been how human behavior has been for thousands of years.
Then along comes social networking, and not only does it explode in popularity with individuals but also for businesses. However, how social media is structured is nothing like our real lives and our businesses.
Social media takes all of your relationships that otherwise would be separate, and throws them into a single group called "friends." You have no way to separate out all of these people in your profile as you would in real life. This is the fundamental flaw in social networking that has far-reaching impact. This is also why your boss can see pictures of you or your friends dancing on the top of a bar half-naked. Or your mother can read the comments your friend left about finding you passed out in the bushes.
What Does This Mean to the Business?
Clearly, there is a reputation issue here both for you and for your employer. However, let's take a closer look at how this single "friends" group structure impacts the business.
Privacy is a term thrown around over and over, and the definition as we know it has been changed -- forever. The expectation of privacy online must be re-examined, especially when a business decides to use social networking to conduct business. All of the contacts you have are going to be lumped into the same "friends" list; thus, you may have situations where information between you and one business relationship bleeds out to other contacts with whom you certainly do not want to share. Worse, if the information is covered by regulatory compliance, you will have legal issues on top of reputation and financial issues.
Social media is not going away, and whether you like it or not, the web is going through a major shift. Where the web was once about static content, people now take information about themselves and move around with it. This includes social networking and even how we do business. It's now about how you foster relationships with consumers that are now in the center of control.
New Ways of Thinking Reset New Security Risks; Focus on Behavior, Not the Technology
Many people make the mistake of focusing on the actual technology rather than behavior when analyzing the new security implications of social media. The business should not care that Facebook is a web enabled and interoperable site that may or may not be vulnerable to attack. In other words, technologies will come and go along with the security risks that come with them, but fundamental behavior patterns will remain relatively unchanged. The business would be much wiser to understand the motivations of why the technologies are used in addition to the technologies themselves. When the business does this, policies can be formed and enforced, and the risk of doing business can be better understood.
When we design policies for social network use, we must first understand that people and businesses have separate and different groups of people in their lives. Once the business understands this simple concept, a framework of how information is posted and how social networking is used for the business can be developed. How the business presents itself to others will be crucial. This is because people increasingly turn to peer groups when making decisions, including the experiences they've had with your business.
Managing Your Business Online Has High Overhead
To keep your information and relationships separate and managed, you're going to need a number of Facebook identities because of the fundamental single group design flaw. In real life, this isn't nearly as much work. It's important to consider this in your policy on who has rights to what accounts and then further, who can post what and where. It's going to be complex. There will be security and policy issues, but as I've stated already, social media is not going away, so it's time to understand it and learn how to manage the risks and rewards of this shift. And it's time to get started on a security policy that deals with this. Will it be perfect? No. But at least you will be on your way to managing the new way people and businesses interact.
The takeaways here are that we as a business must make our social media use as transparent as possible, while maintaining privacy and trust of all those with whom we interact. Anything we post on social media is persistent -- that is, it remains even after the conversation/post is complete. Understanding how information flows in and out of your organization is paramount when designing a security policy around social media.