Skip to main content Skip to Footer


Comprehensive approach to managing social media risk

Companies can take full advantage of social media while avoiding its risks by adopting an integrated risk management approach.


Social media offers considerable advantages to financial institutions, but establishing and maintaining a social media presence can also expose companies to a broad array of risks. Unfortunately, many companies don’t seem to take those risks seriously and tend to be inadequately prepared for the challenges brought by social media.

Companies typically encounter a number of organizational weaknesses as they begin to analyze their vulnerabilities to social media risks. In order to reduce risk associated with social media, companies need to pay special attention to the systems that control the use of and access to data, as well as to organizational governance and processes for identifying, assessing and managing risk.

With effective measurement and control capabilities, risk management procedures and a risk-aware culture, companies should be positioned to exploit future opportunities to leverage social media as a customer channel. While some fear that a performance management and measurement capability might stifle innovation, a proper performance management approach framework can actually enable people and the entire organization to pursue new approaches with adequate protections in place.

Serious risks posed by social media


Problems stemming from social media use can directly affect companies’ ability to realise their strategic objectives. This may happen if the business fails to ensure that staff do not release sensitive information via social media channels. Companies also need to take sufficient steps to prevent infiltration by malicious third parties using social media.


There are clear legal risks for a company if it fails to ensure that it has the right processes to identify and mitigate risk from social media. If clients, employees, shareholders and others can demonstrate that they have suffered damage due to negligence on the company’s part, they may be able to claim redress.


Companies can suffer a wide range of negative effects from inappropriate flows of information across social media networks, whether intentional or malicious. These may arise from deliberate fraud, the loss of business-sensitive information through corporate espionage or the public release of damaging information both true and false.


Businesses operating in highly-regulated sectors such as financial services have a wide range of enforceable obligations to their stakeholders. Failure to maintain client confidentiality, even if this is unintentional, raises the risk of sanctions from regulators, as does the early release of market-sensitive information via employees’ use of social media.


Now that companies are allowed to use social media to publish financial information, there is a greater need than ever to educate staff against unauthorised releases of market-sensitive information, put in place robust processes to cover distribution and to identify and counter fraudulent releases of false information that could move market prices.


“The number of people using social media is spiralling” 
“Among the world's 500 biggest companies, more than 75% now have active Twitter accounts”
“About 90% of internet users aged between 18 and 29 use social networks”
“The average social media user spends 16 minutes per hour accessing social media sites.”

The risks explained by platform


Blurring the boundaries between business and personal lives – yes, those photos of you having too much fun – can be far more than just embarrassing. Employers’ reputations can be harmed too if your behaviour runs counter to high-profile corporate campaigns and messaging. And Facebook posts about interesting work or travel could mean a good corporate spy is able to piece together information to work out business relationships with outside companies and their R&D pipeline.


Salespeople who establish LinkedIn relationships with customers don’t intend to disclose confidential customer lists, but are doing so unless they are careful about revealing their contacts. Employees need to vet contacts with care and understand how much information they are sharing. Corporate spies have even worked out when divisions are in trouble because people are touting for work on LinkedIn.


The urge to share new nuggets of information instantly can be overwhelming but information shared too freely can be stitched together by interested outsiders. Spies working for a security consultancy were able to predict that a company would file for bankruptcy based on employee Tweets about budget cuts. And there’s also just plain fraud: stock markets crashed after a hacker fraudulently used the Associated Press’s Twitter account to post fake news of a White House bombing.


We all know about the obvious risk of communicating sensitive information over email, but emails today are sent with an ever-increasing number of weblinks and embedded malware. It has become distressingly easy for hackers and spies to install rogue software on computers when people inadvertently click on bad links, not just via Facebook but also in your own inbox.

How others are Managing Risk