Beyond Engagement: The Art of Managing Social-Media Risk in Employee Advocacy
Decision-making in business - in professionally run organizations, at least - has always involved some form of risk assessment, allowing the potential return from a project to be evaluated alongside the worst-case outcome.
Given its ubiquitous nature, and whether business leaders like it or not, social media is now part of the risk-reward mix; leadership teams everywhere are now trying to take decisions that have none of the easy familiarity associated with "traditional" investment.
The difficulty for proponents of social-media initiatives in general - and employee advocacy in particular - is overcoming the fear and ignorance that is widespread among C-level executives in companies around the globe. There's plenty of evidence, both scientific and anecdotal, that "It's too risky" has become a knee-jerk reaction to anything that smacks of social-media empowerment for employees.
This has to change if organizations are to realize the genuine benefits of being social businesses - Moving Beyond Marketing, a 2014 research study published by MIT Sloan Management Review, reported that 63 percent of respondents agree that "social has had a positive effect on their company's business outcomes."
If this is so, why do so many business leaders still cling to the "too-risky" mantra?
Is the Risk Associated with Employee Advocacy Real or Imaginary?
In April 2014, I reviewed The Social CEO, an excellent study by Weber Shandwick that explored the reasons given by unsocial CEOs for failing to participate in social media. Some were laughable, but the underlying common theme was clear: "It's too risky."
So does employee advocacy - or any other social-media initiative - present a genuine threat to professionally managed businesses? And if so, what steps should leadership teams take to mitigate or eliminate those risks? Let's explore the social risk-and-compliance (SRC) landscape.
Risks posed by social-media activity typically fall into one of three categories:
- Reputational risks
- Regulatory risks
- Commercial risks
Social Risk & Compliance Solutions, Q2 2014, a report from Forrester Research, notes that SRC solutions should help balance the risks and rewards of social media, setting out the two sides to the argument. Critically, the report also acknowledges one of the fundamental issues with most social-media initiatives: "Organizations do not own the infrastructure or even the social accounts that their employees are using on a constant basis."
So how do you address the situation?
The Value of a Sound Social-Media Policy
Whether or not you're empowering your people to use social media as a business tool, you need a social-media policy. If you're endorsing employee advocacy, you need to provide a framework for managing social-media activity that people understand and accept. Even if you choose to ignore the potential of social as a business tool, it's essential to lay down ground rules for its use by individuals - because people will still be there ...
It's impossible to be prescriptive when deciding what to include in your policy; it has to suit your organization and its specific needs.
Chris Boudreaux, co-author of The Most Powerful Brand on Earth, maintains a social-media-policy database that currently contains more than 200 policy documents, many licensed for reuse. Contributors include banks, universities, commercial companies, government departments and just about everything in between - finding something that suits your organization shouldn't be difficult.
The value of a social-media policy isn't intrinsic, it lies in what you do with it. Simply presenting your employees with another document to absorb and obey won't work. People need to understand the "why" as well as the "how" and the "what." Finding time to explain the thinking behind your policy is time well spent - and a vital part of any employee-advocacy program.
Where Reputation Counts for Nothing
The risk of damaging an organization's corporate reputation doesn't increase because its employees are actively engaged on social media for business purposes - although some CEOs and their lawyers would have you think otherwise. Far from it; having a documented policy that explains how to respond in the event of an external attack or a corporate gaffe adds a layer of protection.
Corporate gaffes, by the way, generally attract far more attention than those perpetrated by individuals. Maybe CEOs hiding behind the "It's too risky" excuse should take a look closer to home before deciding that the average employee is incapable of wielding a Twitter account responsibly.
Reputation? Probably the least threatening of the three risk areas ...
Why Regulation Will Only Get More Onerous
Unlike reputational best-practice, regulatory compliance isn't up for debate. It's also the top-ranked factor in the Forrester report, cited by 76 percent of executives looking for an SRC solution as their primary reason for starting a search. In many sectors, regulation is a fact of life, and the "incorrect" use of social media can cost organizations dearly.
The interactive nature of social media doesn't make for easy archiving, something that's a major consideration in regulated industries. Comprehensive SRC solutions allow users to archive threads, ensuring the full conversation is stored for future discovery if and when required.
While full compliance may not be an issue for every organization, it's certainly a genuine risk area for those that fall under the regulatory umbrella.
Commercial Give-Aways Will Always Be With Us
Finding new ways to share commercially sensitive information with unauthorized recipients is an almost full-time occupation in some business sectors - or so it seems. Social-media water-cooler talk has massive potential in this area.
Blogger Paige Holden quotes Michael Brenner, senior director of global marketing at SAP: "We all have friends who share too much ... while social media has made some people think harder about what information they filter, others are actually thinking less about it."
As with reputational risk, a sound social-media policy is a great first line of defence. When the bucks stops, however, protecting proprietary information has less to do with social media than with good management practice. Helping people understand the impact of a breach does far more to help prevent future occurrences than simply shoring up the digital defences.
Recognizing the Real Risk
Put aside the risk of reputational, regulatory or commercial failings. The true risk to any organization that says "It's too risky" is the lost opportunity. The full story is that spelled out by the MIT Sloan study, and the burden is on leaders to make it happen.
The study also identified a clear correlation between "visible senior leadership support" and social-business maturity. The most important leadership contribution, it concludes, is "articulating the importance of social business to the company's strategy."
Maybe that's the biggest risk that faces most businesses in the digital era?
Do You Recognize Your Organization?
If you identify with any of the issues in this article, we'd love to hear from you. Maybe your experience differs from the norm? Tell us how your organization manages social-media risk - particularly as part of an employee-advocacy program.
Beyond Engagement is an exclusive Social Media Today column published every other Thursday.
Column logo by Marie Otsuka
Risk Features by Forrester Research
Follow Mike Bailey on Twitter