Global Security, Privacy, & Risk Management

Managing online “Reputational Risk” August 24, 2011

In today’s world of near instant communication, and social media, it is easier than ever to get information to the world.  Companies would be well advised to consider employing such technologies as they often provide a very good return on investment.  Like many technologies, social media is a double edged sword and must be managed.  Companies can be exposed to many forms of risk including that of “reputational risk”. What is “reputational risk”?  Simply it is a risk to an organization (or person) which derives from a negative association to the brand.  This can be brought on by an executive saying or doing something illegal or an employee voicing a seemingly innocuous statement in what they believe is a private setting that gets forwarded and distributed.  Many Gen X job seekers are learning the hard way that their Facebook pictures of keg stands and Mardi Gras flashing follows them to their interview.  Companies are much more savvy in searching out indiscretions on social media.  The same holds true for companies and their executives.

I am constantly surprised by how little corporate executives seem to understand about the Internet, social media and how easy it is to find information.  In today’s age it is important that company’ have social media policies in place to ensure that 1) OpSec is not being compromised by an employee inadvertently giving away secrets and 2) reputational risk is being managed by ensuring employees understand that everything they do online is publicly available.

All employees should understand that everything they post online is accessible for perpetuity.  While it is certainly every person’s right to have their own views on politics, sexuality, religion, and other topics, posting these views may irreparably harm the very company for which they work.  It should be noted that the level of reputational risk exposure is directly proportional to the person’s role within the company.  A junior level employee that rails on about their views on gay marriage may harm their own reputation in some areas but likely will have less impact than a CEO who rails on about his dislike of women in the workforce.

Recently, I was doing some research on some companies and I found the CEO of a company that listed as his favorite quotation: “F@#K All”.  As a former Marine and Sailor I am not offended by colorful language but I question the professionalism of a CEO publicly listing his favorite quotation as something so patently offensive to so many people.  What is more disturbing is that this quote was not referenced once but many times in various places throughout the Internet (as were other things).  I am sure that this particular person felt his railings had been archived and deleted over time but, as stated previously, it is relatively trivial to find information that is believed to have been long deleted.

To protect yourself and your company from reputational risk follow these simple guidelines:

1) Operate with the belief that anything you post online is there “forever”. While the average user may not be able to retrieve some information, there are some people that can access nearly everything…and can repost.

2) Don’t post anything patently offensive.  While we all have our own political, religious and other beliefs, they may not be in line with our employer’s.  While most companies are tolerant (there are laws that protect expressions) of such beliefs, understand that patently offensive statements can harm the company and your employment.

3) Don’t say anything that is patently offensive.  Remember that this is 2011 and not 1988.  Calls are recorded ‘digitally’ which means they are easy to retain, repost, and republish.  If you are angry at someone, don’t call and record drunken, profane threats.  They are preserved forever (see #1).

4) Be aware that as an officer of a company there are likely people tracking your public online actions in near real time.  This means that if you twitter something and then immediately ‘delete’ it is still captured.   Look at all of the US athletes and actors that have ‘tweeted and deleted’ only to have the press have the original tweet.

Certainly some are reading this post and saying: “this hits close to home”.  It should.  Follow the simply rules above and you can manage online reputational risk for you and your company.