Because of the buzz around it, you are aware that social networking has become the latest means of mass communication. MySpace was the first globally recognized and popular site used initially by young people to socialize with their friends online. This was quickly followed by the popularity of sites such as Facebook, LinkedIn, and Twitter. These sites are no longer limited to the young generation but used by people of all ages for both business and social networking.
However, do they have a place in your plan?
The initial thinking on this was “no,” but more recently that thinking has changed to a well-considered “maybe.” Like any other tool you would use to communicate, you must plan for how and under what circumstances you would choose to use this tool. Here are some things to consider:
- Communications to your Customers – If your company had an account on a social networking site, you could use it to foster conversations with your customers.
- Communication to your Employees – If your company manages a controlled group on a social networking site, you could use that to provide instructions and information to your employees.
Sounds pretty good. The bonus is that many of these sites have on cost to the user. You can set up an account and use it to communicate to large numbers of people at no cost to the company. On the downside: controlling what is said on these sites and by whom is a considerable challenge. For those of you who are in industries that require you to save any communications to your customers/employees archiving requirements may be difficult.
In order to make certain that people knew these sites existed and knew to check them when there was an event, you would need to establish these sites in advance of a contingency event. This requires you to establish control over who had the right to post information on a social networking site responsibility for monitoring and responding to any posts to your site or about your site by others. If you have a controlled group (such as is available through LinkedIn), you need to define who manages the group. Designated individuals have access to that group and control the adding and deleting of employees from an employee group as people join and leave the organization.
When choosing to use social networking systems, consider the following:
1) Will the information be one direction (only from you) or multi-direction?
2) Should it be linked from the company Web sites so employees and/or customers know to visit there for up-to-date information?
3) How will you moderate blogs with vetted information from corporate communications?
4) Should you post company-specific content such as staff hotline numbers and other types of notification?
The very nature of social networking requires an openness and accessibility that may be at odds with a corporation’s internal security controls. In recent months, specific networking vehicles have been exposed to a variety of threats and attacks from nuisance level to full-blown identity theft, hacking and “phishing.” Some outlets may have a BCP application, but not all of them lend themselves to the level of security that would be needed to protect the data and reputation of corporations.
The bottom line is to consider carefully whether these new means of mass communication fit into your corporate culture and whether sufficient controls can be implemented with them to enhance, not detract, from the communication needs of your organization. Reputations are hard to build and easily lost. Tread carefully.
While DRI International sees potential value in these tools due to the inherent security challenges in the near term, they are not yet a full replacement for traditional notification systems. DRI International does not endorse any specific tool or approach.
Alan Berman, CBCP, is a member of the ASIS BS25999 technical committee, a member of the Committee of Experts for ANSI-ANAB, a former member of the NY City Partnership for Security and Risk Management, executive director for Disaster Recovery Institute and the co-chair for the Alfred P. Sloan Foundation committee to create the new standard for the US Private Sector Preparedness Act (PL 110-53).
