Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
1
Sarah Carter, Vice President, Actiance, Inc.
Adam Turteltaub, CCEP, CHC, Vice President of
Membership Development, Society of Corporate
Compliance & Ethics
Learn the evolving risks of social networking, how companies are
managing those risks and explore ideas for leveraging this technology to support your compliance efforts by participating in an interactive
workgroup
• Learn how to stop saying no to social media in the workplace
• Discover how compliance issues go far beyond data leakage
• Find out how you can moderate posts, filter content and archive everything
1
Agenda
I’ll explain why I’m here
Social media has changed the way we communicate
Who wants to use it?
Why do they want to use it?
Cautions with Social Media
Who’s actually using it?
What are the risks of using social media
Best Practice for Using Social Media
Workshop
So what can you control with Technology?
2
Why am I standing here today?
I run social media for Actiance
I have a global remit, with varied experience
– From driving taxi’s, to taking companies through IPO, to training teams on Social Media, to
implementing campaigns, to an officer of the company.
I work with clients in Utilities, Energy on policies, best practice Social
Media adoption
I was a late adopter, but now
My name is Sarah and I’m social.
Twitter: @SarahActiance
LinkedIn: http://www.linkedin.com/in/sarahlouisecarter
Facebook: Actiance
3
The Internet has Change
• Financial IM• Unified Communications• Web Conferencing• VoIP• Remote Admin Tools
• Financial IM• Unified Communications• Web Conferencing• VoIP• Remote Admin Tools
• Public IM• P2P• Anonymizers• VoIP• Social Networks• Games• Virtual Worlds• IPTV
• Public IM• P2P• Anonymizers• VoIP• Social Networks• Games• Virtual Worlds• IPTV
Source: FaceTime Annual Greynets Surveys 2007 – 2010 & Projected
Source: Actiance Annual Collaborative Internet Surveys 2008 – 2011 & Projected
The Enterprise and Web 2.0 Are Converging
2008 2009 2010 2011 2010 2009 2008
3
End Users Adopting Web 2.0 Faster Than IT Can Control
Actual customer traffic history (~155 organizations)
Representing all Internet activity from over 150K end users (Actiance Internet Survey 2010)
Source: Actiance Annual Internet Survey 2010
Social Media Statistics
5 hours/month – Average time US worker spends on social media sites at the office
73% - US companies using social media tools for marketing purposes
46% - Internet users worldwide interacting with social media on a daily basis
88% - Growth in social media usage among Internet users aged 55-64 (Apr 2009 – May 2010)
15% - Social media users more inclined to buy from brands advertising on social media
18% - New content found online in social media
30 minutes – Amount of time the average US Internet user watches online video each day
Impact of Mobile
Social media accelerating mobile growth
More flexible working arrangements
Sophistication of mobile phones
Availability of more services
Means you can get to customers wherever, whenever
4
Why Does your Marketing Team want to Use Social Media?
The size of the market 600m +90m + 140m
It’s where people go for product choices
Our response is tribal
Generate buzz and increase visibility
Strengthen customer relations
Build an additional revenue source
Extend your brand
LinkedIn by the Numbers & What?
Site was launched on May 5, 2003
Over 90 million users
2 billion people searches in 2010
All Fortune 500 executives are members
More than one million companies
have LinkedIn Company Pages
LinkedIn Profile/Co page
Basic info
Employment history
Education
Summary
Facebook by the Numbers
Born on February 4, 2004
Over 600 million active users
700 billion minutes per month
spent on Facebook
30 billion pieces of content
shared each month
2.5 million websites have integrated with Facebook
Facebook Pages
Personal
Fan
Group
Community
Basic info
Credentials
Interests, hobbies, etc.
Objective
5
Twitter by the Numbers
Site was launched in July 2006
Over 190 million users
100 million tweets written per day
Over 1,100 tweets written per second
140-character limit for tweets
Twitter Profile
Basic info
Location
Brief description
Find Connections
Engage, Communicate,
Answer
So who’s using Social Media? And Why? 600,477
� Sales & Marketing (51,926)� Promotions
� Advertising� Branding
� HR (21,556)� Background checks
� Recruiting
� Scientists & Researchers� Information exchange
� Collaboration
� IT� Investigation of security breaches
Social Media Types of Usage
Corporate
– LinkedIn Company Pages
– Corporate Twitter Account
– Facebook Fan Page
– YouTube Channel
Individual Professional
– My LinkedIn Profile
� Groups I belong to
� Questions I answer
� Status updates I place
– My Facebook profile
� Family, friends, colleagues
– My Twitter Account (@SarahActiance)
� Personal commentary
� Professional promotion
What’s personal and what’s professional?Email address? ID as someone who works for the organization?
what are the rules?
6
Presenting Significant Risks When Unmanaged
Data Leakage
Personal
Information
Intellectual Property
Credit Card,
SSN
Patient Records
Incoming Threats
Malware, Spyware
Viruses, Trojans
Inappropriate
Content
Compliance & eDiscovery
SEC, SOX
PCI, FOI,
FRCP- eDiscovery
FERC, NERC
User Behavior
Employee
Productivity
Bandwidth
Explosion
Every employee is
the face of the
business
Social Networking: Balancing Benefit & Risk
Risks & Challenges
� Employee productivity– Control who can access what, when, and for how long
� Content security– Introduction of malware
� Brand and reputation protection– Allow “approved corporate posters” to self-moderate
– Moderate posts from unapproved corporate posters– Random posters on Facebook page?
� IP/Information Leak Prevention/NDA compliance– Sensitive, confidential terms and dictionary matching– Stop contract staff accidentally leaking your secrets
– Quarantine posts for moderation by a reviewer
� Compliance with regulation (e.g., FERC, NERC)
– Archive content– Stop credit card number patterns– Control specific content
What Can Go Wrong?
Gulf of Mexico BP Oil Spill
– Not using Social Media commuinity for help
– Honesty and Transparency
– No social media strategy
– Making a bad situation worse
Fake ExxonMobile employee tweeting
Fedex & Ketchum
Nestle & Greenpeace
7
A Best Practice Approach to Social Media
Best Practices for Energy & Utilities Organizations
Research social media usage
Draft a social media policy
Identify who needs access
Determine extent of access
Archive
Moderate, if necessary
Stay compliant!
Research social media usage
Find out if employees are already using social media
to do work-related tasks
– How many public-facing pages do they have?
– How many Facebook, LinkedIn, and Twitter accounts do they have?
– Are they actively using these social media tools?
8
Draft a social media policy WITH THE STAKEHOLDERS
Be clear on what the policy covers
– Which sites
– Permissible uses
– Ramifications for breach
– Effective date
– Archiving policy
Disseminate the policy company-wide
– Make sure everyone understands it
Inform users of updates to the policy
Identify who needs access
What are the company objectives for social media?
Who really needs access to reach the objectives?
– Marketing
– HR
– IT
– Legal
– Sales People
Ensure your Users are Educated
Risks
Appropriate Actions
Sanctions
Compliance Requirements
Re Educate
9
Determine extent of access
Read-only?
Write-only?
Which sites?
Which sections/features of specific sites?
Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved.
Archiving
Archive everything relevant (what about irrelevance?)
Include posts to all social media sites, including messages that
were blocked by the company administrator
Log user activities for each site session
Retain data for however long the applicable regulations says for
you to keep it
Moderation
If necessary, moderate or pre approve the content before
external publication to ensure compliance (pre-review)
If it’s post-review, take down inappropriate content
Apply lexicons to make the review process more efficient
Use alerts to notify admins of questionable content
Use “warnings” to caution individuals about what they’re posting
10
Review and Revise
February 3, 2004
600 million people
Things change!
Workshop
Appropriate Controls: The Basics
Who’s using social media in the company?
Which groups or individuals need to be monitored?
What controls need to be applied?
How do I implement and manage the controls?
11
What can you control through Technology?
Identity management Ensure that all the different logins of an individual link back to corporate identity
Activity control Posting of content allowed for marketing but read-only for everyone else
Granular application control Employees can access Facebook, but not Facebook Chat or Facebook Games
Anti-malware Protect network against hidden phishing or Trojan attacks
Data leak prevention Protect organization from employees disclosing sensitive information
Moderation Messages posted only upon approval by designated officer
Logging and archiving Log all content posted to social networks
Export of data Export stored data to any email archive or WORM storage
Issue Control Requirements
30
Thanks!