Tag Archives: Social Media

Immediate Vault Immediate Access

Online Exclusive: How to Protect Yourself on Social Media

Posted on by

Add Friend on Social Media

In the October issue of Risk Management, social media and eDiscovery expert Adam Cohen chatted with me about the biggest corporate risks in sites like Facebook and Twitter, and outlined some best practices for developing and enforcing a social media policy. But behind every account sits one major risk that’s hard to control: a person.

Not all of Cohen’s advice could make the magazine, so here are some of his extra tips for how to mitigate the risks of personal social media – both to protect your company and to protect yourself.

What should employees know about their personal social media accounts?

All employees need to recognize one thing: they shouldn’t have any expectation of privacy in information that they post on social media. Even if they think they’re limiting information to a select group of friends, this stuff can all be disclosed in litigation and there are many cases where courts have required so-called non-public social media information to be disclosed. It’s fairly routine at this point.

Many employers – certainly all the major companies – have specific social media policies that give very particular and clear direction to employees on what they can and can’t do when it comes to company information on social media. That extends beyond just corporate social media and includes anything they’re doing on social media that could impact the company. And many employers are going to take the position that they have the right to monitor employees’ social media.

How can employees protect themselves?

buy lipitor online orthomich.com/img/blog/jpg/lipitor.html no prescription pharmacy

One of the key things employees need to do to protect themselves is only disclose information they would be comfortable disclosing to the entire world and they should not to go anywhere near business information. Being safe on this front may include publishing a disclaimer that an individual is not representing the views of the company. What else can they do? Follow the employer’s social media policy to the letter and, any time they have a question about whether one of their social media posts may be affected by the policy, they should ask. Most policies will provide a resource for questions, whether it’s a general counsel or a compliance officer or immediate supervisor.

Those are probably the main things: not having an expectation of privacy on social media and treating everything you post like it’s private, and following the policy to the letter and getting clarity and permission on anything that you think could be a violation of the policy.

As we’ve used social media more, do you think employees are using social media any more wisely?

I think it’s still too early to say that there are any improvements there. Litigation that involves social media as a factor in one form or another is just exploding. There is no information that would suggest in any way that employees have increasing awareness of this and are taking that into account when they go on social media.

What is the first thing you look for when trying to evaluate a social media account for potential liability or wrongdoing by an employee?

The first thing I would look for is the nexus between the social media and business information. Personal social media may be a concern from the perspective of the employee being seen as representing the company, even if it’s just sullying the reputation of the company – and that’s especially true the higher-ranking the employee is – but the first thing to look for is whether the employee discussing matters within the scope of their employment. And that’s difficult to monitor – the social media world is a big world, especially for a company with a lot of employees.

So then general personal misuse is relatively benign to you?

The other stuff is not benign at all. An employee who behaves in an inappropriate way on social media or is violating intellectual property rights, copyright or trademark of some other company – or, say, badmouthing a competitor – well, that’s not benign. If they’re engaged in criminal activity on social media or they’re defaming someone, that’s certainly not benign because they work for a company and that can impact the image of the company or lead to serious repercussions. That only gets more serious if you’re a prominent or higher-ranking executive.

buy arimidex online orthomich.com/img/blog/jpg/arimidex.html no prescription pharmacy

Is it benign? No, but you can’t control that.

Although, I should note, the National Labor Relations Board has said that employees have to be permitted to discuss their working conditions with other employees and that the employer can’t really control that, and if the social media policy purports to prohibit that discussion, the policy is not valid.

What is the most useful evidence in building a case against an employee?

Well, it depends on the kind of case, but social media has now been used as evidence in hundreds of cases. The most devastating use of it so far has probably been in the personal injury arena.

buy advair rotahaler online orthomich.com/img/blog/jpg/advair-rotahaler.html no prescription pharmacy

Plaintiffs have made claims of disability and emotional distress and the defendant has been able to obtain discovery or has retrieved public social media that completely contradicts those claims – for example, a video of the complainant surfing. There are a lot of cases like that and that’s just an example of really devastating use of social media.

Who do you friend at work?

Well, you don’t friend subordinates – that’s a no-no. You can get yourself into all kinds of trouble there with people making claims about what kind of a relationship you have with them. You don’t friend people at work whom you don’t know – just as you don’t in your personal life. You shouldn’t assume that, just because this person works with you, they’re the kind of person with whom you want to be associated. You also don’t want to friend somebody who you don’t want to have access to your social media. If you have privacy concerns, you want to maintain the upper limits of your reasonable expectation of privacy, so don’t friend people you’re afraid might use that access against you in an invasion of privacy.

Protecting the Enterprise Against Unconventional Competitive Social Risks

Posted on by

Today’s “social age” has brought many changes to the corporate world and increased the competitive threats enterprises have to deal with on an ongoing basis. Traditionally, competition has been upfront and direct with open head-to-head strategies to win customers and market share. But as the world approaches a complete “digital state” the competitive tactics against corporations have never been more threatening or aggressive.

As disruptive, non-traditional business competitors emerge, many of these organizations are adopting tactics that would typically be “off limits” to traditional corporations, including partnering with activist groups to attack and disrupt the market leader to damage the reputation and erode the financial state of the organization.

Many enterprises are no longer simply looking to compete, but actually to protect their operations against the disruptive, aggressive forces these non-traditional competitors are partnering with. To combat these unconventional tactics, traditional corporations are turning to real-time advanced social intelligence to receive deep, multidimensional insight on the tactics and actions.

Disruptive Forces

With the proliferation of social media channels and mobile technology, competition for corporations is no longer limited to large, traditional competitors. Technology has allowed a generation of young entrepreneurs to compete with the proverbial Goliath, and quite effectively in many cases. However, in order to gain a competitive foothold in the battle for market share, many small, aggressive companies are targeting their colossal, traditional counterparts across the open social universe, engaging a variety of tactics. The objectives of these emerging competitors are often to dramatically disrupt the market and its leaders and to damage, if not destroy their financial state and reputations.

One example of these emerging disruptors is SodaStream, which is targeting the 178-year-old U.S. carbonated beverage industry with their home soda machines. The company’s focus is to completely disrupt the traditional soda beverage market by convincing consumers to make their own carbonated beverages at home. One of SodaStream’s major tactics is to focus on their product’s elimination of plastic bottles, which they target as an environmental threat.

Creating Disruption with Activists

To maximize this strategic disruption, SodaStream opted to partner with Alex Bogusky, the former co-chairman of ad agency Crispin, Porter + Bogusky, which ironically designed and developed ads for Coke Zero during his tenure. Now an activist against the beverage industry, Bogusky is known for developing widespread activist campaigns against the carbonated beverage industry for health and environmental causes.

As an example of his work, Bogusky has developed viral videos, like one entitled “Real Bears” that chastises his former client, Coca-Cola, using their iconic polar bears to make statements on the health effects, like diabetes and high blood pressure, of soda consumption. Bogusky distributed these videos with the Center for Science in the Public Interest, a self-described non-profit watchdog and consumer advocacy group focusing on nutritional education and awareness. To date his “Real Bears” video has had over 2.2 million views on YouTube.

SodaStream turned to Bogusky to create their 2013 Super Bowl ad targeting soda manufacturers for the amount of plastic bottles they produce. The ad directly attacks the beverage industry’s market leaders with exploding bottles as consumers use SodaStream’s product, saying, “With SodaStream, we could have saved 500 million bottles on gameday alone.” While one SodaStream ad submission was aired, another that directly showed Coca-Cola and Pepsi was rejected by CBS.

Bogusky’s activism approach delivers SodaStream a direct, aggressive channel that many traditional competitors do not employ. Bogusky also affords SodaStream the opportunity to leverage his extensive, sympathetic social network, which features a wide array of activists targeting a variety causes against the beverage industry’s leading providers, ranging from portion size, bottle elimination and sugars to soda taxes and an array of health issues. This network spans activists and advocates across the media, academic, health and corporate sectors, which Bogusky leverages to bring further pressure against the beverage market’s leaders, providing a greater advantage for SodaStream. This direct, aggressive approach poses a huge financial risk for the market leaders who have been battling for carbonated beverage industry supremacy for nearly half a century.

Unveiling the Activist Network

Half the challenge of mitigating risk is having the ability to identify it. The complexity of these competitive forces can be very challenging to pinpoint and understand. However, as companies are now faced with the critical need to gain insight into these new types of veiled, aggressive competitive threats, more enterprises are turning to advanced social intelligence to identify, map and track these threats both individually and collectively to help guide their strategic direction and decisions.

Mapping the activist partners of SodaStream unveils a massive “stealth” network that is often, knowingly or unknowingly, supporting the efforts against SodaStream’s competitors. The example below unveils Bogusky’s massive sympathetic activist network focused on damaging the reputation and financial state of beverage industry leaders, which provides a collective reach to tens of millions of consumers to distribute their damaging messages.

Despite their differing focuses, most of these individual activists share a common objective to damage, or even destroy the major providers of carbonated beverages, which is an objective they share with SodaStream.

Achieving Advanced Competitive Intelligence

Corporations are no longer faced with only traditional, direct competitors. Rather, companies have to understand the emerging disruptive competitors that will often join forces with individual aggressive activists and their massive sympathetic networks to damage their business, engaging unconventional tactics to disrupt industries that have traditionally been unmovable.

To gain this type of advanced insight on a corporation’s disruptive competitors and the activists who may be working in concert to damage them, the organization needs the ability to filter, classify and analyze billions of daily open social discussions to extract invaluable on-going insight. This insight delivers multidimensional competitive views previously unavailable to the corporation to drive strategic decision-making. It is not always effective enough for corporations to rely on simplistic keyword lists and basic tools that “listen” to narrow samples of the social landscape. To manage the widespread financial and reputational threats, the enterprise has to process the entire open social universe, using measure that includes sophisticated “big data” processing tools and analysis from digital media experts.

This advanced social intelligence facilitates proactive planning and strategic response to effectively combat these competitive forces, allowing businesses to protect themselves and their employees, their market share and even their industry itself.

The Risks of Social Media: Spam Attacks Q&A

Posted on by

In mid-November, Facebook became the target of spam attack that infiltrated user’s profile pages on which it posted disturbing images. The attack caused an uproar due to the nature of the violent and sexually explicit images. Facebook chalked it up to a “security bug in an internet browser.” But this was not the first (or, most likely, last) spam attack on the social media site. Over the Thanksgiving weekend, the Facebook community forum was flooded with spam messages that advertised links for streaming sporting events. And just today it was announced that a new worm spreading on Facebook is aiming to infect users with a data-stealing virus. Though not considered a spam attack, it is just another example of the risks of social media.

With questions on this topic, I turned to Dr. Hongwen Zhang, co-founder and CEO of Wedge Networks.

Facebook has been the target for several recent aggressive spam attacks. What makes the site so popular for spammers?

Spammers are moving their efforts away from email and towards social media, exploiting the ability to create fake profiles for free while quickly gaining a massive online presence across various platforms such as Facebook. In addition, hackers/spammers are capitalizing on the popularity of social media by manipulating end-users into downloading malicious content or browsing malicious sites. Studies conducted by security vendor Kaspersky Labs, show that social networking sites are 10 times more effective at delivering malware than previous methods of email delivery. This is a result of social media sites, such as Facebook, where development is based on human relationships and the ability to quickly and easily connect, creating a perfect breeding ground for malicious code and spam.

What were the implications of the recent Facebook spam attack?

With such a large online community, the increasing amount of spam and malware affects Facebook’s operations as well as their users. While the most recent spam attack isn’t new, the violent and pornographic nature of November’s attack upset users more than usual, who went to their blogs, Twitter or Facebook accounts to discuss the outbreak. As of October of this year, Facebook said that spam represents less than 4% of content shared on the social networking website and affects under 0.5%, or 4 million users, on any given day. This is still a large number of people who are being affected on a daily basis and I suspect that this number only includes spam that Facebook catches, therefore it’s not 100% accurate.

Have there been any recent spam attacks on other social networking sites, such as Twitter or LinkedIn?

Twitter and LinkedIn both have faced similar attacks as Facebook, although we have not seen any published information on these attacks as large of a scale or as organized as what we saw in November with Facebook’s stream of spam messages on user profiles and on their help forum. However, most social media sites follow the same principles of user-generated content on trustworthy sites and as such, hackers and spammers can quickly and easily publish their attacks on all sites and expect a similar effect. For example, there have been many documented cases of spam and malware on multiple sites at once, such as the Starbucks themed attack that used both Facebook and Twitter concurrently in November. According to Sophos, spamming on social networks rose in 2010, with 67% of people surveyed receiving spam messages, up from 57% at the end of 2009 and 33% in the middle of that year. Phishing and malware incidents were also rife, with 43% of users spotting phishing attempts and 40% receiving malware.

How can these spam attacks affect businesses who use social media for marketing purposes?

Twitter, Facebook and LinkedIn have entered the IT security landscape — bringing both advantages and dangers to your business. Organizations continue to utilize social media services for marketing and its employees utilize social media for personal usage. IT departments must balance use with control in order to protect a business in the social media world. It becomes a two-fold job:

1. Stopping Outbound Malicious Spam:
Proactively controlling outbound content mitigates the risk of disclosure, ensures appropriate information is being sent and stops the network from sending out spam or malware from your organization. Organizations need to take measures to ensure that its corporate accounts are safe. This includes limiting passwords, staying up-to-date on industry trends and providing education to staff that are managing social media accounts on behalf of the organization. In addition, outbound malware and spam threatens business relationships with customers and negatively impacts the reliability of the brand. Companies must use content protection strategies to strengthen their brand by preventing the distribution of bad outbound content, including spam and malware from their corporate IP or account.

2. Protecting You and Your Employees from the Dangers of Social Media:
Organizations must also protect their networks and assets from employees who use social media sites. With high click through rates, spam being sent through social media can damage corporate assets as well as cost organizations time and money while they clean infected devices. Inline real-time threat protection and malware analysis of all content, including hidden injected malware attacks and downloads, is necessary to efficiently analyze web traffic for malicious attacks against all endpoints. This provides organizations with the comfort of knowing they are protected, even if their employees have been tricked.

What can businesses do to prevent, or at least minimize, the attacks?

Prohibiting employees from accessing social networking sites like Facebook, Twitter and LinkedIn is no longer realistic. Blocking and application control policies are becoming inefficient with dynamic user generated content and cross-site, drive-by attacks on good websites. Combined with access through multiple endpoints (mobile devices, PDAs and tablets), old approaches are no longer effective. Security solutions with the ability for deep content inspection give organizations the advantage of utilizing all social media, while guaranteeing compliance mandates are met and the organization is protected, regardless of what the end-user is accessing. The solutions provide visibility of the application content and the aptitude in which to apply flexible policies over users, applications and protocols based on the real-time understanding of the applications’ intent.

It seems individuals and companies will always be one step behind when it comes to preventing such attacks. Hackers and spammers are just more sophisticated in terms of technical expertise. Do you agree?

I agree with this as many companies and individuals are struggling to protect themselves against attacks, especially when conventional approaches, such as blocking web access according to the reputation of the URLs, are used. However, there are innovative solutions out there that go beyond simply checking on the reputation of a link and go deep to make sure that the actual content is not malicious. These deep content inspection based solutions are effective tools to prevent the spreading of malicious content in social media use.

The CLM Women’s Forum: Tackling Social Media

Posted on by

Yesterday was the 2nd annual CLM Women’s Forum. Held at the Walter Reade Theatre in Lincoln Center, the event drew more than 200 women from the fields of law, risk management and insurance. One of the engaging panel discussions was on the topic of social media and social networking. Leading this discussion was Holly Maust, president of Interactive Swim, a social media strategy company. Holly shared with us her wisdom on the topic, including:

  • Companies should harness the power of LinkedIn and Twitter — something not all companies have done, and those that do use these platforms usually aren’t using them to the best of their ability.
  • LinkedIn is the most important social media platform out there, but companies and entrepreneurs must learn to market themselves on LinkedIn without being “spammy.”
  • LinkedIn “recommendations” are the new job references. Embrace them.
  • Leverage yourself as a leader with your brand using Twitter, following three steps:
  1. Listen — where are people talking about your product?
  2. Engage — social media is a two-way conversation.
  3. Learn — stay agile and flexible by staying on top of new social media.
  • Do it the right way and do it ethically.

On the (somewhat) other side of the spectrum, Lori Seidenberg, vice president of enterprise risk management at Centerline Capital Group, sounded off against the use of social media in the workplace, saying her employer has considered restricting access to social media sites. And however much it hurts to hear, she has a few good points, including:

  • Social media hurts workplace productivity.
  • Engaging in social media and the various quizzes, games, applications, etc., that come along with some sites, breeds spam, some of which passes through a company’s server potentially causing cyber risks.
  • If you have something on your screen that another employee finds offensive, they can file a lawsuit.

In closing, Seidenberg stated that social media litigation is the next big wave.

Scary, and, unfortunately, true.