I recently attended an interesting educational session held by the Vancouver Chapter of ISACA. At that talk, one of the presenters likened social media to cocktail parties on steroids. As with cocktail parties, social media sites offer the good and the bad. On the plus side, there is information sharing, resource evaluation and service rating and on the bad side there is the too much information phenomenon, narcissistic posturing, and sometimes creepy stalking. For better or worse, social media is here to stay and organizations, including financial institutions, recognize that they need to learn how to maximize the benefits and manage the risks in the brave new world of Enterprise 2.0 or face being left behind the pack as an Enterprise 1.0.
Some of the business benefits of using social media include: recruitment of new employees through sites such as People.com, Zoominfo or Linked In; employee retention, especially of the so-called Millenials who are said to thrive on using social media technology; crowdsourcing initiatives such as Starbucks Coffee that uses social media to ask customers what they think about everything from service to advertising; creation of connections internally to leverage in-house knowledge and talent; creation of a collaborative, continuous and connected learning environment.Many excellent examples of how social media can be used to good effect within the Enterprise 2.0 can be found on www.Socialmedia.org.
But what of the risks? Fans of social media will tell you there are risks in not adopting social media – of remaining an Enterprise 1.0 in a Web 2.0 world. Frustrated employees can end up creating skunk works social media projects; loss of brand control in a Web 2.0 world leading to reputational damage; loss of market share to competitors who are using social media to gain market share; and low employee morale and high employee turnover. These opportunity costs all add up to a compelling case for most organizations to jump on the Enterprise 2.0 band wagon.
Even the biggest fans of social media do not advise adopting it in an uncontrolled manner, however. The key to successfully mitigating the risks associated with adoption of social media is governance. For the Enterprise 2.0, governance includes:a clear social media business strategy; a clear social media policy or set of guidelines for employees outlining appropriate use; developing the right infrastructure (e.g., several different social media platforms in one organization on which employees must maintain profiles and keep up-to-date will only add more work and create frustration, not help retain and enable good people) ; active sentiment monitoring of the organization’s brand in the “blogosphere” and on social media sites; a proactive organizational protocol for responding to negative sentiments or social media “incidents”; adequate privay and security policies and controls.
What I am not hearing about from many firms yet is recognition of the need to ensure that business communications exchanged using social media are captured and controlled in a manner that is consistent with the management of other business communications, such as email, and that policies, procedures and plans are in place to ensure that the way in which these communcations are handled meets legal, regulatory and e-discovery requirements. Financial institutons, along with other orgnizations, should be incorporating social media archival retention/preservation plans into their existing archival plans. Those who don’t risk the kinds of stiff penalties that have, in the past, accompanied failures to properly manage and preserve emails. Just last week, FINRA, the US Financial Industry Regulatory Authority issued an advisory notice (http://www.finra.org/Industry/Regulation/ Notices/2010/P120760) requiring that Brokerages must record employees’ business-related postings on Web sites such as Facebook, Twitter and LinkedIn to ensure brokers don’t skirt internal controls. The advisory note also said that Firms that archive client communications including e-mails need to adopt similar policies for social networking sites and may use software to automatically log brokers’ Web messages. Some technology providers are developing systems that are intended to enable firms to retain records of communications made through social networking sites. CiFER will continue to monitor develops and provide updates through future postings.
Dr. Victoria Lemieux, Director, CiFER