1

Sarah Carter, Vice President, Actiance, Inc.

Adam Turteltaub, CCEP, CHC, Vice President of

Membership Development, Society of Corporate

Compliance & Ethics

Learn the evolving risks of social networking, how companies are

managing those risks and explore ideas for leveraging this technology to support your compliance efforts by participating in an interactive

workgroup

• Learn how to stop saying no to social media in the workplace

• Discover how compliance issues go far beyond data leakage

• Find out how you can moderate posts, filter content and archive everything

1

Agenda

I’ll explain why I’m here

Social media has changed the way we communicate

Who wants to use it?

Why do they want to use it?

Cautions with Social Media

Who’s actually using it?

What are the risks of using social media

Best Practice for Using Social Media

Workshop

So what can you control with Technology?

2

Why am I standing here today?

I run social media for Actiance

I have a global remit, with varied experience

– From driving taxi’s, to taking companies through IPO, to training teams on Social Media, to

implementing campaigns, to an officer of the company.

I work with clients in Utilities, Energy on policies, best practice Social

Media adoption

I was a late adopter, but now

My name is Sarah and I’m social.

Twitter: @SarahActiance

LinkedIn: http://www.linkedin.com/in/sarahlouisecarter

Facebook: Actiance

3

The Internet has Change

• Financial IM• Unified Communications• Web Conferencing• VoIP• Remote Admin Tools

• Financial IM• Unified Communications• Web Conferencing• VoIP• Remote Admin Tools

• Public IM• P2P• Anonymizers• VoIP• Social Networks• Games• Virtual Worlds• IPTV

• Public IM• P2P• Anonymizers• VoIP• Social Networks• Games• Virtual Worlds• IPTV

Source: FaceTime Annual Greynets Surveys 2007 – 2010 & Projected

Source: Actiance Annual Collaborative Internet Surveys 2008 – 2011 & Projected

The Enterprise and Web 2.0 Are Converging

2008 2009 2010 2011 2010 2009 2008

3

End Users Adopting Web 2.0 Faster Than IT Can Control

Actual customer traffic history (~155 organizations)

Representing all Internet activity from over 150K end users (Actiance Internet Survey 2010)

Source: Actiance Annual Internet Survey 2010

Social Media Statistics

5 hours/month – Average time US worker spends on social media sites at the office

73% - US companies using social media tools for marketing purposes

46% - Internet users worldwide interacting with social media on a daily basis

88% - Growth in social media usage among Internet users aged 55-64 (Apr 2009 – May 2010)

15% - Social media users more inclined to buy from brands advertising on social media

18% - New content found online in social media

30 minutes – Amount of time the average US Internet user watches online video each day

Impact of Mobile

Social media accelerating mobile growth

More flexible working arrangements

Sophistication of mobile phones

Availability of more services

Means you can get to customers wherever, whenever

4

Why Does your Marketing Team want to Use Social Media?

The size of the market 600m +90m + 140m

It’s where people go for product choices

Our response is tribal

Generate buzz and increase visibility

Strengthen customer relations

Build an additional revenue source

Extend your brand

LinkedIn by the Numbers & What?

Site was launched on May 5, 2003

Over 90 million users

2 billion people searches in 2010

All Fortune 500 executives are members

More than one million companies

have LinkedIn Company Pages

LinkedIn Profile/Co page

Basic info

Employment history

Education

Summary

Facebook by the Numbers

Born on February 4, 2004

Over 600 million active users

700 billion minutes per month

spent on Facebook

30 billion pieces of content

shared each month

2.5 million websites have integrated with Facebook

Facebook Pages

Personal

Fan

Group

Community

Basic info

Credentials

Interests, hobbies, etc.

Objective

5

Twitter by the Numbers

Site was launched in July 2006

Over 190 million users

100 million tweets written per day

Over 1,100 tweets written per second

140-character limit for tweets

Twitter Profile

Basic info

Location

Brief description

Find Connections

Engage, Communicate,

Answer

So who’s using Social Media? And Why? 600,477

� Sales & Marketing (51,926)� Promotions

� Advertising� Branding

� HR (21,556)� Background checks

� Recruiting

� Scientists & Researchers� Information exchange

� Collaboration

� IT� Investigation of security breaches

Social Media Types of Usage

Corporate

– LinkedIn Company Pages

– Corporate Twitter Account

– Facebook Fan Page

– YouTube Channel

Individual Professional

– My LinkedIn Profile

� Groups I belong to

� Questions I answer

� Status updates I place

– My Facebook profile

� Family, friends, colleagues

– My Twitter Account (@SarahActiance)

� Personal commentary

� Professional promotion

What’s personal and what’s professional?Email address? ID as someone who works for the organization?

what are the rules?

6

Presenting Significant Risks When Unmanaged

Data Leakage

Personal

Information

Intellectual Property

Credit Card,

SSN

Patient Records

Incoming Threats

Malware, Spyware

Viruses, Trojans

Inappropriate

Content

Compliance & eDiscovery

SEC, SOX

PCI, FOI,

FRCP- eDiscovery

FERC, NERC

User Behavior

Employee

Productivity

Bandwidth

Explosion

Every employee is

the face of the

business

Social Networking: Balancing Benefit & Risk

Risks & Challenges

� Employee productivity– Control who can access what, when, and for how long

� Content security– Introduction of malware

� Brand and reputation protection– Allow “approved corporate posters” to self-moderate

– Moderate posts from unapproved corporate posters– Random posters on Facebook page?

� IP/Information Leak Prevention/NDA compliance– Sensitive, confidential terms and dictionary matching– Stop contract staff accidentally leaking your secrets

– Quarantine posts for moderation by a reviewer

� Compliance with regulation (e.g., FERC, NERC)

– Archive content– Stop credit card number patterns– Control specific content

What Can Go Wrong?

Gulf of Mexico BP Oil Spill

– Not using Social Media commuinity for help

– Honesty and Transparency

– No social media strategy

– Making a bad situation worse

Fake ExxonMobile employee tweeting

Fedex & Ketchum

Nestle & Greenpeace

7

A Best Practice Approach to Social Media

Best Practices for Energy & Utilities Organizations

Research social media usage

Draft a social media policy

Identify who needs access

Determine extent of access

Archive

Moderate, if necessary

Stay compliant!

Research social media usage

Find out if employees are already using social media

to do work-related tasks

– How many public-facing pages do they have?

– How many Facebook, LinkedIn, and Twitter accounts do they have?

– Are they actively using these social media tools?

8

Draft a social media policy WITH THE STAKEHOLDERS

Be clear on what the policy covers

– Which sites

– Permissible uses

– Ramifications for breach

– Effective date

– Archiving policy

Disseminate the policy company-wide

– Make sure everyone understands it

Inform users of updates to the policy

Identify who needs access

What are the company objectives for social media?

Who really needs access to reach the objectives?

– Marketing

– HR

– IT

– Legal

– Sales People

Ensure your Users are Educated

Risks

Appropriate Actions

Sanctions

Compliance Requirements

Re Educate

9

Determine extent of access

Read-only?

Write-only?

Which sites?

Which sections/features of specific sites?

Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved.

Archiving

Archive everything relevant (what about irrelevance?)

Include posts to all social media sites, including messages that

were blocked by the company administrator

Log user activities for each site session

Retain data for however long the applicable regulations says for

you to keep it

Moderation

If necessary, moderate or pre approve the content before

external publication to ensure compliance (pre-review)

If it’s post-review, take down inappropriate content

Apply lexicons to make the review process more efficient

Use alerts to notify admins of questionable content

Use “warnings” to caution individuals about what they’re posting

10

Review and Revise

February 3, 2004

600 million people

Things change!

Workshop

Appropriate Controls: The Basics

Who’s using social media in the company?

Which groups or individuals need to be monitored?

What controls need to be applied?

How do I implement and manage the controls?

11

What can you control through Technology?

Identity management Ensure that all the different logins of an individual link back to corporate identity

Activity control Posting of content allowed for marketing but read-only for everyone else

Granular application control Employees can access Facebook, but not Facebook Chat or Facebook Games

Anti-malware Protect network against hidden phishing or Trojan attacks

Data leak prevention Protect organization from employees disclosing sensitive information

Moderation Messages posted only upon approval by designated officer

Logging and archiving Log all content posted to social networks

Export of data Export stored data to any email archive or WORM storage

Issue Control Requirements

30

Thanks!