Risks to reputation generally occur when consumers publish their concern over defective products, poor service, or grievous customer service. This also means that most issues can be controlled—or avoided altogether—by implementing business processes that ensure consistent quality in the delivery of products, services, and customer service through social media channels with quality engagement before, during, and after the crisis.
A company can identify failures in service and customer service at the delivery point, before a consumer has had time to post their grievance. Most problems can be resolved on the spot by empowering employees to identify and resolve issues during a crisis—before the customer goes home and writes a blog post or tweets from a smart phone. Often, negative customer service can be turned into a positive customer experience through immediate resolution. The third moment for incident management occurs after the crisis when a company identifies a social media mention by an aggrieved consumer.
Each of these three moments implies different types of business processes and incident management responses. The second involves training, empowering, and monitoring employees to make sure they act in the best interest of consumers. The third involves online vigilance for mentions of company brands, with accompanying problem resolution mechanisms. Appropriate responses to security incidents include, but are not limited to:
Rapidly identifying and classifying of the severity of the crisis for any social networks that are involved in the incident
Continuous monitoring for any data or events related to the incident
Determining the actual risk to the data or information shared on the social network
Repairing, patching, or otherwise correcting the condition or error that created the security incident
Retracing how the incident was allowed to occur, or if outside of corporate controls, retracing timelines
Determining if the security incident rises to the level of a reportable breach under any particular regulation
Mitigating any harmful effects of the security incident
Fully documenting security incidents, along with their causes and your responses
Expanding your knowledge base of security incidents to prevent future occurrences, improving training and awareness programs, and changing procedures