When social media arrived on the business landscape the notion of governance and risk management was essentially non-existent. Social media has evolved from a basic customer touchpoint, into a critical business channel for communication, branding, support and sales. With this shift in importance, the risks to an enterprise have escalated. In fact, corporate CEOs consider damage to brand reputation due to the risks inherent in social media as their number one risk concern.

The corporate risks associated with “being social” range in severity from minor events (such as losing one customer due to poor communication on Facebook) to major events (such as counterfeit sites phishing your customers or an account hack that delivers harmful information). Just ask Dove or any of these other brands that have recently found themselves at the center of a firestorm! Even the networks themselves are at serious risk as in the recent Instagram hack. Due to heightened security and risk issues, social media governance has transitioned from an ad-hoc administrative task, to a critical discipline that is firmly part of the corporate risk management strategy.

Organizations in all sectors and industries must meet applicable compliance standards, such as the Fair Lending Laws, the Consumer Protection Act, and the CAN-SPAM Act. However, when it comes to social media governance, firms in the mortgage industry face an added compliance burden to adhere to the strict compliance and monitoring requirements outlined by the Federal Financial Institutions Examination Council. These guidelines went into effect December 2013 with state requirements (some strict and some more lenient) following.

In theory, the FFIEC guidance was straightforward in helping protect the consumer and to reduce mortgage companies’ risks to fraudulent brand activity on the web. In practice, however, staying compliant, and keeping a solid compliance process, is quite a challenge! These are the challenges I work with every day:

If you’re looking to conduct a social media audit, know that you are ahead of many businesses when it comes to social media governance. As you probably already know, protecting your business from brand damage and PR crises can be made easier once you have evaluated all social media assets.

The adage “you cannot manage what you cannot measure” has many applications in today’s business world, including enterprise social media management. In fact, with social media, it’s even more challenging — you can’t manage or measure what you don’t know! And what you don’t know can hurt you.

The root of this problem is that most organizations — including small firms, but especially large enterprises — have a much larger social media footprint than they realize. Yes, everyone from the CEO to the intern may know about the flagship social media accounts on Facebook and Twitter. But what they typically don’t know is that while there are multiple business pages being managed on each of these platforms, there are also dozens — or sometimes hundreds — of other accounts that are dormant, unattended, or automatically created by the social network (such as Place pages). These accounts are all truly yours (they are not counterfeit accounts) and can become a significant risk to your corporate brand reputation.

To attract and secure customers in today’s competitive business landscape, it is essential for every company to deliver a consistent brand image. for success and survival. As mentioned in Forbes, “consistency is the key to successful branding and consistency goes beyond the product itself. The brand promise must be clear with every interaction each stakeholder experiences.” This consistency must extend to every social media presence that represents a company’s brands.

If a company has a social customer care, sales, or ambassador program, it should also extend to the people who manage those accounts as they are strongly relating to (and representing) the company’s brands.

Taking a social media inventory is a comprehensive process that includes discovering all corporate social media points-of-presence (POPs), so they can be assessed, organized, managed and secured appropriately. Below, we highlight the 3 key reasons why creating and monitoring social media inventory is critical, and should be integrated into the overall corporate risk strategy and plan.

• Most businesses have far more social media POPs — and therefore face much more risk — than they realize.

When starting a social media inventory, many business are surprised — or shocked — to discover that their brand names are emblazoned across dozens, hundreds or perhaps even thousands of web pages, platforms, forums, discussions boards and so on. This is often because accounts are set up spontaneously over time vs. in a strategic and structured process. It can also happen when many social media POPs are created by third parties without authorization or permission.  

The idea of stale social media accounts — i.e. accounts that have been created or registered, but remain unconfigured or unused — is not inherently bad or risky. In fact, many businesses establish a presence on various social media platforms for defensive reasons to prevent others (e.g. cyber criminals, counterfeiters, competitors, etc.) from using certain domains or social media handles. While these defensive measures are a smart strategy and a best practice, it’s important to monitor these stale accounts.

For every business that has a clear and updated awareness of its active and non-active Points-of-Presence (POPs), there are many more that do not know the size or scope of their social media footprint. Some companies could have hundreds (or thousands) of stale social media accounts that are not serving any defensive purpose. Instead of managing their digital brand footprint, they may be contributing to some or all of the following major risks:

The term “threat vector” is traditionally used in the cybersecurity and InfoSec space, and refers to vulnerabilities that expose organizational networks and endpoints (e.g. computers, laptops, employee-used smartphones, etc.), to malware, viruses, and other hazards.

However, the threat vector concept is just as important and applicable when it comes to web and social media governance. Cyber criminals, counterfeiters, rogue current employees, and disgruntled ex-employees are increasingly turning their attention to these digital points of presence — and compromising them with alarming ease. That’s the bad news.

Corporate social media concerns have progressed past the question of ROI as a marketing discipline and have landed squarely in the Risk Officers lap as a security concern. In fact, social media security is a serious risk for every corporation. Since 2011, cyber criminals have found a home on social media where they perpetuate fraud. During the past  six months, CIO Insight states that cyber criminals have increased 70% (and it does not appear to be slowing down). CIO Insights also states that worldwide security breach costs will grow from $3 Billion in 2015 to $6 Trillion in 2021. That's a lot of crime, and a lot of damage to your company!

To protect brands and reputation, companies must now ensure that their social media accounts are not gateways that expose them to costly threats. this means that you need to keep vigilant watch for cyber risks, including:

As discussed by Brandle’s founder CEO Chip Roberson in a recent Forbes article, social media governance is a coordinated set of procedures, protocols, policies, workflows and tools. An organization should know what to rely on in order to ensure that valuable digital assets (social media accounts and websites) are secured, risks are mitigated, and compliance is maintained. 

However, in order to activate a robust social media governance plan, a critical question that large brand companies and multi-site organizations must address is whether to centralize this function, or to allocate authority and responsibility to various local entities (e.g. international offices, regional centers, retail stores, franchisees, etc).