Jan 29, 2014

Introduction
Why Social Media?
Marketing: How To Effectively Use Social Media
Social Media Guidelines
Social Media: Avoiding Litigation Risks
Security: Not Everybody On Social Media Is A Friend
Be Social. Just Be Careful.


Social media -- the power of people talking to each other about your company, brand, and services -- takes word-of-mouth marketing to a new level.

It’s like electricity. It’s a tremendous source of power if handled correctly. But it can deliver unexpected – even fatal – jolts if it is not used carefully.

The risks can often be surprising. Capsicum recently consulted on a case in which a group of 13 -year-old females befriended a fellow Facebook user, who then went on to digitally paste the faces of the girl and her friends onto images throughout various child pornography sites.

In another Capsicum case, a high school senior created a fraudulent Facebook page for the school’s principal, posting embarrassing and inappropriate information. Could a disgruntled employee create a fake page about you or your company? Would you know what steps to take if they did?

Yet the opportunity is too important to ignore. Coca-Cola maintains a Facebook page with over 79 million “Likes”. Dell generated $6.5 million in sales from their Twitter presence.

How can your company make the most of social media, safely? Here are some things Capsicum Group thinks you should consider.

Why Social Media?

Worldwide, if you’re an internet user you’re probably a social network user.   In the U.S., 75% of the population uses social media, averaging 2 hours and 17 minutes a day.

If you’re not a user of social media, you may think it’s unimportant. If so, the latest numbers may convince you. YouTube alone reaches more U.S. adults 18-34 than any cable network. And independent market research company BIA/Kelsey forecasts U.S. social advertising revenues will grow from $4.7 billion in 2012 to $11 billion in 2017.

Marketing: How To Effectively Use Social Media

Can your company get similar results? Every business is unique, but there are some best practices. A challenge is that if you Google “Social Media Tips”, you’ll get more than 11,600,000 results. There is a lot of good free advice, but it’s difficult to remember it all. You may find a simple set of heuristics more useful. Jeremy Waite, Head of Social Strategy at Adobe EMEA in London suggests that Social Media does 6 things particularly well:

•    Entertain
•    Inspire
•    Challenge
•    Inform
•    Solve Problems
•    Educate

People value and share content that have these characteristics.

Social Media Guidelines

If you’re active in social media, your company needs effective guidelines.
The good news is that you don’t have to start from scratch.

There is a long and fairly comprehensive set of links to social media guidelines available at the Social Media Governance website.

Look for guidelines from companies that are in the same or similar industries as yours. Borrow what you can, but don’t copy blindly; gather your team and ask tough questions. What does their policy fail to cover? Which policies are needlessly restrictive? What language or ideas can be improved?

Most importantly, ensure that your company is careful to follow the law.

Social Media: Avoiding Litigation Risks

1) Legal requirements, including HIPAA, apply online as much as offline.

Nearly all legal regulations that exist offline apply equally online. Make sure that everyone knows which laws apply to your firm, and don’t assume you already know them all. For example, if you do business with a healthcare provider, you may be just as accountable for HIPAA compliance as your client is. Did you know that recent guidelines require tracking of everyone who viewed PHI?

2) Don’t infringe copyright.

Much online content liberally “borrows” from copyrighted material. Remind employees that these images are completely out-of-bounds for corporate use. Make sure you have the rights to use what you post, and protect your OWN property by properly marking your materials.

3) Have your management team review the National Labor Relations Review Board (NLRB) memo about social media.

Protecting your company’s rights is probably at the top of your mind. But remember that your employees have rights too. Starting in 2012, the National Labor Relations Board began to issue decisions in cases involving discipline for social media postings. Board decisions are significant because they establish precedent in novel cases such as these.

For example, the Board found that the firing of a BMW salesman for photos and comments posted to his Facebook page did not violate federal labor law. In another case, the Board found it was unlawful for a non-profit organization to fire five employees who participated in Facebook postings about a coworker who intended to complain to management about their work performance. The Board found the Facebook conversation was concerted activity and therefore protected by the National Labor Relations Act.

When you create guidelines about what employees can say and do in social media, keep the NLRB memo in front of you. Download the PDF here.

4) Protect confidential company information.

Confidential information must be protected. Obvious examples are internal reports, internal business-related communications, or data protected by attorney-client privilege. Less obvious are projects that employees are working on, or company news not already cleared by your PR department.

A few years ago, Citigroup fired technology analyst Mark Mahaney after the press reported he and a junior analyst improperly disclosed confidential information about Facebook’s IPO and unpublished revenue estimates for Google’s YouTube.

Even your own favorable information can be problematic. When Netflix CEO Reed Hastings disclosed on his Facebook page favorable news about the number of hours that Netflix streamed in a month, he came under scrutiny. The SEC decided not to bring action against Netflix or Mr. Hastings, recognizing that there has been market uncertainty about the application of Regulation FD to social media.

Take care to set up safeguards, and remember that if you’re publicly held or about to go public, the rules about disclosure are more stringent.

5) Update policy regularly.

Set a time (minimally, at least twice a year) for key stakeholders to review your policy to ensure that you are not at risk.  When did you last have a legal/regulatory review?

Security: Not Everybody On Social Media Is A Friend

Because social networking involves people we know and trust, even employees who are conscientious about computer security tend to let down their guard. This can open the company to a variety of network attacks.

1) Phishing

Links can be sent to false websites that mimic the login page of a social network, in order to get people to enter their login data. This enables the attacker to send spam messages from that account; a significant risk if that employee also administers your Facebook and LinkedIn pages. If that employee uses identical passwords for internal networks, this can become a larger problem quickly.

Solutions: Train and remind employees to be wary of phishing via social networks. Require employees to change passwords regularly.

2) Password Stealers

A more sophisticated attack injects malicious code into the user’s web browser. This enables the attacker to obtain the user’s login credentials entirely from within the browser itself – even a valid SSL connection does not protect the user.

Solutions: Make sure all anti-virus programs are up kept rigorously up-to-date. Train employees to be suspicious of links; when in doubt about a link you have been sent, ask the sender to confirm that they sent it.

3) Click-Jacking

This is a practice that hides hyperlinks beneath legitimate clickable content, such as “Like” buttons on websites. When the user clicks, he or she might send their ID to a site, download malware, etc.

Solution: Disable scripting and iframes in all users’ web browsers.

Be Social. Just Be Careful.

You can and should use social media to help achieve your business goals.  Just remember that, as always, good processes and intelligent precautions are a must.

If you don’t want someone to see it, don’t post it!  A general rule of thumb is if you wouldn’t go on national television with the information, it doesn’t belong on social media sites.

Capsicum Group, LLC is a consulting company dedicated to helping organizations achieve success with complex legal, regulatory and technology projects. We provide comprehensive support in the areas of: computer forensics, investigations, paper & e-discovery, media recovery, security, regulatory compliance services & technology crime mitigation.

Contact Capsicum today!