Your Company and Social Media

Part 1 – Protection

Introduction 

If you have ever been the victim of an adverse post or campaign on social media, you will know how devastating this can be to your business. If you have not yet experienced this, you are fortunate. But, how do you know you have not? And what are you doing to protect your business and ensure your brand reputation is not tarnished? 

Protecting Your Brand 

In this article we cover the following: 

  • Background
  • Risks
  • Benefits
  • The Team
  • Implementation 
  • Monitoring 
  • Action 
  • Protection Quick Tips 

Background 

‘Sprout Social’ reports that companies only reply to one in ten social media posts that merit a response.  The failure to reply to a post can only exacerbate damage to a brand. Remaining silent is a flawed option. If you do not engage matters can very quickly escalate. 

Infinity Consulting (IC) recently acted for one business where posts on Twitter led to a fake account being setup accusing the directors of being fraudsters. This caused immense damage to an otherwise well-respected brand. The surprise came when the company approached Twitter who refused to shut down the fake account notwithstanding its libellous content. 

The first action to a negative post from a customer is to apologise and to advise you will urgently look to resolve the matter. This should be followed immediately by direct message (DM) to the customer. This shows others you take customer service seriously. After all, 81% of purchasing decisions are influenced by friends’ social media posts and Google suggests 67% of purchasers are influenced by review sites . 

Risks 

With social media comes great risk. Brand protection is not just limited to irate customers whose tumble dryers catch fire or a doctor being violently evicted from a flight. Perhaps just as bigger risk is that of cybercrime. Kaspersky suggest phishing attacks via social media costs £865m annually with 90% of business surveyed admitting some kind of security breach . ZeroFOX believe more than £300m of financial scams are instigated via Instagram . 

With social media the consumers have immense power. The word ‘viral’ has taken on a new meaning since the likes of YouTube become part of everyday life.      

Scammers have become very adept at imitating brands, often copying whole websites, to obtain financial details. 

The types of risks facing brands include: 

  • Negative comments (conversations demeaning a brand) 
  • Malicious postings (content designed to embarrass the brand) 
  • Scammers (stealing bank and credit card information) 
  • Hacked accounts (posting malicious content from the brand’s account) 
  • Fake accounts (to steal financial information or damage a brand) 
  • Cyber theft (hacking accounts to obtain valuable data) 
  • Malicious employee posts (disgruntled employees posting embarrassing content) 
  • Innocent employee posts (employees innocently posting contents that breaches compliance rules) 

Benefits 

Protecting a brand is not easy; you can never be 100% protected no matter what you do. But simple steps can be highly effective.  

The benefits of protection are: 

  • Mitigation of the actual operational costs of repairing the damage (on average £27.5k for SME’s and £397k for corporates  
  • Reduction in fines under GDPR (up to €20 million or 4% annual global turnover, whichever is higher ). 
  • Reducing reputational damage 
  • Improved rankings on review sites 
  • Avoiding costly compliance violations for regulated brands (for example financial institutions) 
  • Increase traffic (and sales) to a brand or website 
  • Being seen to protect consumers 

The Team 

Many businesses make the mistake of just leaving brand protection to the “marketing guys”. This is not good practice. Brand protection should be an institutional matter. Establish a brand protection team which should include, where possible, the following roles: 

  • Marketing 
  • Public Relations 
  • Customer Service 
  • ICT 
  • Compliance, Governance and Risk 
  • Corporate Security and Fraud 
  • Legal 

The roles above should communicate in real-time and meet at least monthly.  

Naturally, Marketing are the gate keepers for all of the stakeholders. Public Relations should establish crisis plans and lead any public relations issues. Customer Service should monitor reviews, posts and website content and engage in a positive way with consumers. ICT, Corporate Security and Fraud should lead on fraudulent attacks on the brand and customers as well as cyberattacks, malware, data loss and so on. Compliance, Governance and Risk need to lead on posts that cause compliance or regulatory concerns. Finally, engage with your legal team on any risks.    

  

The RAG colour coding above depicts the level of daily activity required from each member of the team. Clearly the frontline stakeholders in the fight for brand protection are Marketing and Customer Service. 

The amount of work required from each stakeholder and the size of the team will naturally depend on the size of the business and the number of brands requiring protection. That said, do not imagine that if you have no online presence you can ignore monitoring for brand protection. 

Implementation 

Give your team the time and the tools required to enable them to fulfil their roles. There are numerous online platforms that can run and monitor your online presence. These include the monitoring of: 

  • Return on investment of your online presence 
  • Analytics on campaigns for your brand 
  • Social conversations about your brand 
  • Security threats to your brand 

When you have assembled your team of stakeholders, produce a ‘problem statement’ that identifies the task in hand. From there, base all of the actions, processes and goals on the content of the problem statement to ensure the right outcomes are achieved from the start. 

Create a list of risks and using a RAG status to prioritise them in terms of severity and frequency (see the example risk matrix below): 

 

Try and list as many possibilities as you can and ensure all stakeholders have input. Once you have your table of risks allocate each one to the relevant stakeholder. Keep updating the table as trends change and review at each monthly meeting. 

Establish a set of polices for social media and the brands online presence. This should set out the guidelines for the business on social media usage including ‘do’s and don’ts’, regulatory and compliance requirements, content and so on.  

Alongside the policies, produce a process flow of what actions need to be taken on each risk should an incident occur. For ease of use, utilise flow charts for process flows. 

Once you have established your team, online tools, risk matrix, your policies and process flows, train your team to ensure they are fully conversant with the Brand Protection Programme (BPP). 

Monitoring 

Once you have launched your BPP make sure it retains momentum. Ensure: 

  • You hold monthly meetings 
  • Evaluate analytics 
  • Review incidences, action taken and results 
  • Look for areas to improve 
  • Disseminate your findings across business 

Speed of response to an incident is paramount. Posts, in whatever form, can go viral in a matter of hours. Your actions must be swift and decisive. If you need to have material removed from a social media platform ensure you contact the right department and, if possible, utilise the legal team to add weight. Follow up removal requests as most social media platforms are dilatory on this subject and will often quote freedom of speech etc. Make sure your removal requests heads off these types of argument if the posts are offensive, untrue or fraudulent. 

Adopt a Kaizen approach to your BPP with your team to ensure you get better and better at brand protection. 

Action 

Take action! 

Remember, there are 2.1m negative posts per day in the US alone . Social media is fast becoming the preferred model of scammers. By 2021 cybercrime is said to cost $6tn annually. FireEye found 36% of respondents said their perception of a brand reduced after a security breach . 

Protection Quick Tips 

  1. Use single sign-on on your corporate network 
  2. Enable two factor authentication 
  3. Get accounts verified by the social media platform 
  4. Shut down masquerading accounts 
  5. Monitor keywords and hashtags 
  6. Utilise an online logo detection tool 
  7. Monitor @mentions 
  8. Monitor your detractors and competitors 
  9. Respond to your consumers negative and positive comments 

 

 

 

 

 

 

 

 

 

 

 

WARNING: Is GDPR the next PPI?

A very real question in our opinion. Look at the GDPR and you will see that not only are the fines devastating but the compensation claimable is borderline insane.

Don’t get me wrong, we are all sick of spam email, stolen identities, misappropriated funds and so on. But spare a thought for the victim of the crime. In this example, a small company. It gets hacked and its data is stolen. For being the victim, it gets fined after having to voluntarily report itself. Then to add a final blow, those whose data is stolen are entitled to compensation even if there is no utilisation of the data or loss.

How businesses will survive after such an onslaught is beyond us. Not only the fines and the compensation but you also have to deal with the costs and reputational damage.

There is not one cloud hoster or software provider that will guarantee 100% security and the ethical hackers we know would laugh if they did.

The result of all of this is that the timing could not be better for the claims management companies. PPI comes to an end in 2019. By then there will be an explosion of new vultures circling. We are going to be hearing “have you had your data stolen, you could be entitled to compensation blah blah blah…” a lot.

As to whether hackers will commit their crimes and then sell the fact of the hack to individual claims management companies (to be first on the list to market claims) is not as far fetched as it sounds…watch this space.

WARNING: Is GDPR the next PPI?

A very real question in our opinion. Look at the GDPR and you will see that not only are the fines devastating but the compensation claimable is borderline insane.

Don’t get me wrong, we are all sick of spam email, stolen identities, misappropriated funds and so on. But spare a thought for the victim of the crime. In this example, a small company. It gets hacked and its data is stolen. For being the victim, it gets fined after having to voluntarily report itself. Then to add a final blow, those whose data is stolen are entitled to compensation even if there is no utilisation of the data or loss.

How businesses will survive after such an onslaught is beyond us. Not only the fines and the compensation but you also have to deal with the costs and reputational damage.

There is not one cloud hoster or software provider that will guarantee 100% security and the ethical hackers we know would laugh if they did.

The result of all of this is that the timing could not be better for the claims management companies. PPI comes to an end in 2019. By then there will be an explosion of new vultures circling. We are going to be hearing “have you had your data stolen, you could be entitled to compensation blah blah blah…” a lot.

As to whether hackers will commit their crimes and then sell the fact of the hack to individual claims management companies (to be first on the list to market claims) is not as far fetched as it sounds…watch this space.