Introduction
Why This Book?
The Internet is the fastest-growing medium in the history of civilization. It has far surpassed television and radio in terms of adoption and reach over time. The decade just prior to the millennium heralded in the dawning of a new age in human communication and, in a large sense, reshaped our view of the world. This new world has also opened a Pandora’s box of privacy and corporate security issues. The potential for damage from the disclosure of sensitive data, internal communications, or employee codes of conduct are real threats to all business in today’s world.
As Internet use becomes ubiquitous and familiar to everyone, increasing numbers of people and employees are publishing their own unfiltered opinions and experiences through easy-to-use and massively distributed social media technologies. These technologies make it simple for virtually anyone with access to a connected computer or device, and for countless amateurs and aficionados everywhere, to publish unedited text and media. They can create all types of media using freely available software tools and can post such content anonymously. The wired and wireless masses, connected through social media platforms, now have the ability to make or break a brand in as little as 140 characters.
This book serves as a practical guidebook for corporations wishing to protect their interests, assets, and brands from social media risks and to defend their digital assets and reputation from attackers using social media platforms, while simultaneously engaging with internal and external communities through the secure use of social media tools and platforms. There are many books on how to utilize social media, mostly from a corporate marketing or customer service perspective as well as for personal branding. We want to educate people on how to properly “secure” their use of social media and the information and corporate resources being freely shared or given away.
Social media has made it into just about every aspect of our lives. Twitter alone grew 1,382 percent year-over-year since February 2009. Facebook has over 750 million members, including 100 million mobile users, and continues to grow. Skype has topped 600 million users. The local community you once lived in can now be reached globally, and you can hold a conversation with someone in India just as easily as you would with your next-door neighbor. What we are willing to share about ourselves, our jobs, our families, and our activities has expanded our network, but it has also made privacy violations, identity theft, misuse of information, leaks, copyright infringements, and trademark violations easier and led to the general devaluing of corporate assets and professional reputations.
By defining boundaries around corporate interests, safe and productive conversations may flourish, even when these reflect negative customer experiences. Risks can be minimized and business processes put in place to deal with the eventualities of open communications. As the world learns about the use of social media, corporations, employees, individuals, and the social media platforms themselves will evolve to become more sophisticated. This book will help companies undertake their voyage of discovery safely.
Who Should Read This Book?
Our primary focus is the corporation and challenges to corporate assets. The book focuses on corporate staff—directors of Information Technology, Human Resources (HR), Marketing, Sales and other executives, and on the employees themselves. The HR director may need guidance in writing corporate policy. The IT director may need guidance on which tools to use to secure the changing social media environment. The Marketing director needs to set up campaigns but, at the same time, to do so securely and in a way that protects brand reputation. Executives may have personal social media outlets that show the company in a bad light.
Employees can gain a lot of insight into what is appropriate in how they utilize and leverage social media in the workplace and for business as well as how social media can hurt them if they use it inappropriately, negatively affecting their company. Employees have to understand how not to damage their company’s corporate reputation when using social media and how to avoid legal trouble, for example, by not infringing on the corporate brand.
The secondary reader of this book is the small business owner and employees. The same lessons that apply to a corporation can be utilized in the small and medium-sized business (SMB) market. In an SMB, employees are less easily controlled than in a corporation; therefore, there is more leeway for inappropriate social media usage. SMBs can use this book as a roadmap for developing a very cost-effective, secure social media strategy—without needing to hire external consultants to implement a costly strategy.
How to Use This Book
Corporations and professionals face challenges in monitoring online conversations for mentions of their products, brands, services, and key employees, for understanding customer sentiment, for identifying trademark infringements and copyright violations, and for understanding trends in their industry and the competitive landscape. Companies face additional challenges in determining the influence of certain people, as well as the impact of what those people are saying. Moving down the chain, further challenges associated with social media include:
Creating appropriate strategies to deal with numerous inherent risks
Allocating the right amount of resources for planning, maintenance, and corrective action
Developing enterprise-wide social media policies
Hiring, training, and developing Community Managers from within the company and from the community
Determining metrics and performance measurements related to various objectives for social media, including risk mitigation objectives
Implementing security controls over data movement and tracking, and monitoring potential data loss over social media channels
Most chapters begin with a case study—a practical, real-world example of companies facing social media challenges. We provide practical solutions in each chapter; steps that you can follow to implement your own strategy; and checklists, tools, and resources that can you can use to manage your social media security strategy. Our website—www.securesocialmedia.com—is the place to go for policy templates and important updates on the ever-changing social media landscape.
What’s the H.U.M.O.R. Matrix?
The impact of social media can be felt throughout the organization and often challenges conventionally accepted operating procedures. To prepare your organization to participate securely on social media platforms, you need a framework to assess and address the areas in need of improvement. In this book, we present a flexible methodology for deploying, managing, and securing your social media strategy. The H.U.M.O.R. Matrix provides the foundation for assessing, addressing, controlling, and monitoring social media in terms of your organization’s Human resources, Utilization of resources, Monetary spending, Operations management, and Reputation management. This framework will help you understand the social media challenges and it provides a structured approach to reducing your risk.
How Is This Book Organized?
We have developed a security framework so you can follow an assessment process to develop a real plan that addresses the risks of social media and methods for controlling and monitoring usage. The book is divided into five parts that mirror the process for implementing a social media security framework.
Part I: Assessing Social Media Security In Part I, you determine what is going on in your environment regarding social media usage. In this part, we outline the strategy for how you will assess your current environment. Chapter 1 defines a process for assessing your global social media presence. First, you have to understand how you conduct business, what your industry is doing, and what your competitors are doing. Chapter 2 defines the H.U.MO.R. Matrix process in detail. Each section of the matrix is explained and provides you with steps to fit your organization’s current challenges into a specific framework. In Chapter 3, we finalize the assessment of your environment based on what your customers, competitors, and employees are saying about your company. Your understanding of all mentions about your company lays the groundwork for understanding the threats you face and the controls necessary to manage your social media landscape.
Part II: Assessing Social Media Threats In Part II, you determine how threats are impacting your organization. In Chapter 4, we outline the process for identifying social media threats. You have to assess threats from employees, customers, and competitors and understand the changing threat landscape. Chapter 5 walks you through the process of how threats are utilized, launched, and correlated by nefarious individuals. Threats can be targeted at individuals or against companies, and you should understand the different threat vectors that can lead to attacks.
Part III: Operations, Policies, & Processes In Part III, you learn how to apply controls on how social media is used in your organization. Chapter 6 describes the social media security policy that has to be put into place to address the threats to your social media usage. We define the best strategies for using social media securely so you can determine how to develop an effective security policy and procedures for social media. The following chapters—7, 8, 9, 10, and 11—develop the necessary operational policies and procedures for each section of the H.U.M.O.R. Matrix. They provide you with the implementation guidelines necessary to address threats, both current and future, to your social media strategy.
Part IV: Monitoring & Reporting In Part IV, you learn how to implement tools and techniques to monitor and report on your company’s social media activities—both internal and external. Each chapter corresponds to a portion of the H.U.M.O.R. Matrix and defines the specific actions you need to take to maintain your security infrastructure over time. As social media platforms change, your processes will be able to accommodate any new technologies and services.
Part V: Social Media 3.0 In Chapter 17, we analyze what you have learned and how you can implement the processes outlined in this book to develop a security strategy to assess how your organization utilizes social media. And finally, in Chapter 18, we start to plan for what we foresee as the future of social media and the resulting social media security challenges ahead.
The Appendix is a compilation of all the tools and social media resources we cover in the book.
NOTE
We also provide supporting information and links to relevant tools we have discussed on the book’s website at www.securingsocialmedia.com. Check this site frequently for new updates and new tools, which we’ll review as they become available to help increase your social media security.
Once you’ve finished reading this book, you will walk away with a practical next-steps approach to changing your company’s use of social media to a more secure and comprehensive process. Using the tools we discuss, the policy documents we provide, and the step-by-step H.U.M.O.R. Matrix framework, you will not be overwhelmed by the risks posed by social media ever again.