A flippant tweet from an employee could spell a PR disaster for your organisation, even from their personal account,especially if customers and business associates are amongst their followers. Can appropriate social media use be left up to your employees’ discretion? Or, as is the case with more and more organisations, is it time to create a social media policy?
Social media at work
Over the last 20 years, social media has become an integral way of life, especially for the millennials and the generations Zs. Businesses quickly cottoned on to the fact that their customers were all on social media, and networks started allowing them to advertise to their user base. Today, it is likely that your organisation uses more than one social media platform to promote your products and services and engage with your customers. Your employees are also on social media, connecting with friends and family and networking with colleagues and contacts. Business and personal use is hard to separate as your staff use social media to find out about work related subjects, new job opportunities and interesting stories about other members of staff. However, the things that your employees say and do online can have a positive or negative effect on your company brand or reputation.
In many workplaces, staff are able to gain unlimited access to the Internet, either via their work computer or their own mobile phone, and it is likely that they are using social media during their breaks and often throughout their working day. Figures from a study conducted by HR consultancy, Croner suggest the average UK worker spends 13 hours a week on social media during working hours.
Some companies choose to ban the use of social media at work completely, the obvious reason is to prevent the time-consuming distraction from work. This is even before we mention the security risks of opening private accounts and accessing personal data on work devices. Posting on social media while at work also opens up the temptation to comment about the work place, perhaps even vent about something that is going on. This can lead to negative and unprofessional material being posted online which could harm your organisation.
Marketing
It is usually the marketing department that takes care of an organisation’s official social media accounts, using this medium to drive awareness and ultimately sales. However, as the algorithms on social media channels get increasingly sophisticated, it is becoming a challenge for companies to get any organic reach or engagement. Even if they have the budget to pay for targeted advertising, many consumers simply don’t believe them.
Let’s consider a few facts.
-
One of the most effective ways a company can build awareness is through word of mouth.
-
Trust in authority is declining across every type of institution, and customers are more likely to turn to people they know or who they can relate to get recommendations.
-
Collectively, your employees will have up to 10x the social following that your organisation does.
-
Social media platforms promote personal posts ahead of business posts (because they want businesses to pay for ads).
recruit some of the employees as brand ambassadors for the company. Chosen employees would then be provided with pre-approved content to share with their networks on their personal social media accounts. It is certainly not for everyone, and serves as an example of the vast differences in permitted social media use.
Have clear rules and guidelines
So, whether you wish to harness your large employee base to advocate on your behalf, or prefer to protect your obscurity online, the rules need to be clear.
It is highly recommended that organisations take steps to future proof their online reputation by creating social media policies for their employees and contractors. Providing “best practice” social media training for all employees is also a good idea.
You will need to ensure that your social media policy is right for your company.
(When someone has identified themselves as an employee in their social bio, but plans to express their own opinions on politics, etc. you may wish to ask that employees add a disclosure that states: “All opinions expressed are my own.”)
It is recommended that an organisation creates relevant policies that reflect their specific risks. As risks are ever changing, policies need reviewing on a regular basis. IASME Governance is a risk based security standard that includes the Cyber Essentials technical controls and covers the GDPR requirements. In addition, the IASME Governance certification covers security training and management of staff, policies and procedures, security monitoring and backing up, incident response and business continuity.
Find out more about the IASME Governance scheme here.