CISO, Security Vibes member, Andreas Wuchner, related how non-involvement in some of the more popular social network sites could put your company at risk from reputational damage.

If your organisation takes the posture that social networks should be banned due to technical and privacy issues, then your organisation could be opening themselves up to several risks that could affect your corporate reputation.

The first risk is that someone could set up an account using your organisation’s credentials which can easily be taken from your corporate website. For example, if Global OrganisationA decided to ban all access and not get involved in the world of Social Networks, then someone perhaps a competitor or a disgruntled employee could easily go on to Facebook or other social network and create an account purportedly belonging to OrganisationA. Should OrganisationA be a well known brand such as Coke or Unilever or the BBC, then given time these bogus groups would soon gain a large following especially if the bogus account was constantly actively recruiting ‘friends’ and posting updates gleaned from the corporate website.

After a while, the competitor or disgruntled employee could then begin to spread false information that could potentially harm the organisation’s reputation such as goodwill or purchase of products such as perhaps a potentially harmful ingredient leaking into many Coke cans and urging people to return their purchases until the situation can be resolved.

The second risk is similar to the first. Comments Andreas Wuchner,

“Many users have created groups relating to companies that they are not part of and are using the company brand within that group.”

In other words, a competitor or disgruntled employee with an account on a social network could set up a group with the same name as the organisation and uses the organisation’s branding such as logos. Once the group has been created, the person would then begin recruiting people with an interest in that group. For example the group could be Mercedes Benz which would attract users who are interested in Mercedes Benz products. These users could come from all walks of life such as lawyers, doctors, reporters and journalists.

Again after a while, the owner of the group may begin posting bogus information such as problems with airbags and again potentially affect the reputation of your organisation.

Finally the third risk is from employees who are active on social networks and may without realising it, accidentally post information that could be harmful to their corporation. For example, they may try and resolve an issue involving one of the organisation’s products which could lead to a disastrous result or worse cause a bad accident. They may be excited about a new promotion their organisation is conducting and accidentally mislead people.

In both these situations, Mr Wuchner is concerned about who would be liable, especially if the aggrieved calls the organisation stating that they had advice from one of the organisation’s employees.

In all three situations, organisational reputation or brands may be tarnished and it is essential that C Level executives think about having some type of presence within social media and appropriate social media training for employees.

References
Security Vibes interview with Andreas Wuchner
Andreas Wuchner’s ITRisk Space Blog