From the April 2011 issue of Treasury & Risk magazine

Facing Up to Facebook

John Iwata, a senior vice president at IBM, says it's "a critical risk worth taking" and adds that for IBM, it is "critical to our future success." Stephen Prignano, a partner in the law firm of Edwards Angell Palmer & Dodge, says, "It can be a good thing for a company or an extraordinarily bad thing." They're both talking about the same thing: social media like Facebook and Twitter. The phenomenon has young people around the world glued to their PDAs, and of late has caused the world's dictators to tremble. And increasingly, at least some companies are starting to realize that whatever they might think about this leap in Internet communication, they have to start paying attention to it.

"Social media is one of those things where at this point, you have no choice but to become involved," says Morgan O'Rourke, director of publications at the Risk and Insurance Management Society (RIMS). "It's gotten to the point where if you don't do it, it's like, 'What's the matter with you?'"

The benefit, says O'Rourke, is that "your story or brand can instantly reach as many people as there are on the globe who have computers." The risk, he says, is that an unfavorable story or a company secret can reach all those people just as quickly, and --"you can't get rid of the bad story once it's out there."

Facebook has 500 million members and Twitter another 200 million--numbers that are growing all the time.

"Whether they know it or not, every Fortune 1000 company has some kind of online reputation that is being formed and re-formed every day by what people are Twittering and putting on Facebook," says Steven Johnson, an assistant professor of management information systems at Temple University's Fox School of Business. "Companies can monitor that, or they can participate in the discussion--or they can just put their heads in the sand."

A company that has a sophisticated program for monitoring its brand on social networks is Staples, he says. A team responds to negative references and also thanks people who say nice things about the company.

But there's more involved than just reputation buffing. "Social media also allows employees to share knowledge, managers and employees to communicate, and companies to learn from their customers and suppliers," Johnson says.

Technology companies like Apple and Microsoft have used social media as a way to get customers to brainstorm and solve software problems, he notes.

"There's really very little downside to having your employees use social media," Johnson says, "unless you have a company with very bad employee morale."

Or unless your customers are really upset. AT&T learned this the hard way in 2009, when customers annoyed with what they perceived as poor service on the company's exclusive contract for Apple's iPhone plotted an attack on AT&T's network. Customers were to call in at the same time and run a data-intensive app on their iPhones for an hour to try to overwhelm the network.

AT&T fought back by getting the Federal Communications Commission to warn that such an attack would pose an illegal threat to national security.

Adam Christensen, IBM's manager of social business and digital influence, says the giant computer company encouraged its employees to turn to social media as early as 2005 and has had "no regrets" about the policy.

IBM invited employees to draw up guidelines, which were then reviewed by HR, marketing, finance and communications and later reviewed by the legal department. These guidelines have become what RIMS' O'Rourke calls "the gold standard" for corporate social media policy.

The IBM guidelines describe social media as "a new model: not mass communications, but masses of communicators" and claim they offer IBM an opportunity to share its "greatest asset--the expertise of its employees" with "clients, shareholders and the communities in which it operates."

The guidelines, which have been revised several times, require employees to know and follow the company's business conduct rules, be "personally responsible" for the content they publish, be identified at all times, speak for themselves and not for the company, avoid discussing proprietary company information, avoid defaming competitors and respect the audience.

So far so good, says Christensen, who claims IBM has 60,000 users on its internal social network (inside the company firewall), as well as 200,000 employees on LinkedIn and 52,000 employees on Facebook.

Says IBM's Iwata, "We determined that the risks of not encouraging employees to engage in social media and the risks of not providing them with the tools and education they needed greatly outweighed the risks" of trained participation.

Doug Palmer, a principal at Deloitte Consulting, says most big companies have not gone nearly as far as IBM in encouraging social media use by employees.

"I don't think that a lot of executives and managers have sorted out yet how you weigh the importance of social media to the company against the legal risks," he says.

In part, it's that the new communication forms are developing so rapidly.

"Rules for social media that made sense a month ago might not make sense a month later," Palmer says, adding with a laugh, "at a lot of companies, they're still talking about e-mail issues!"

Then there is the generational issue. "The digital natives who are being hired now are different from the people, including managers, who are 20 years older," Palmer says. "These young people will expect an employer to have all these social networking tools, and if it doesn't, they will try and use them on their own."

Attorney Prignano agrees. "Even in corporate IT departments, there's often very little awareness of how company computers are being used by employees for social networking," he says. "Hard to believe, but true."

Prignano says drawing up social networking guidelines is important, but he cautions that once a company has guidelines, it needs to monitor whether they are followed or risk lawsuits for negligent supervision. The risks can include defamation, Securities and Exchange Commission violations, loss of company secrets and, of course, damaging evidence in lawsuits.

"All these communications are discoverable," he warns, "which also raises issues about data destruction and retention policies and programs."

And don't expect company lawyers to have all the answers. "This is all very new," says Prignano, "and there will be incredible gray areas until the courts have sorted it all out."

For more on social media and the risks involved, see Herding Social Media.

Page 1 of 2
Comments