Social guest postThis post is part of our cyberSAFE series focusing on SMB financial and reputational risks. You can learn more about the financial and reputational risks SMBs face during every phase of business growth by registering for our upcoming webinar on June 10th at 12 PM CT.

This cyberSAFE guest blog post comes to you from Jasmine McNealy, Assistant Professor at the University of Kentucky and privacy and law blogger at Unmasking Doe.

Social media has proven an indispensable tool for businesses of all sizes. It’s used by organizations to manage customers, respond to complaints, and to build social capital. And social media can certainly can build or ruin a reputation. This is, no doubt, one of the reasons that over 15 million businesses, companies and organizations have pages on Facebook.

But it is not solely corporate use of social media tools and sites that should be of concern when building a business reputation. Employee social media habits – including inappropriate posts and insecure password practices – can affect an organization both positively or negatively. Many social media users display affiliation information in their online bios, and tools like LinkedIn make it easy for anyone to find out the name of a user’s workplace. Usually, this affiliation information or the ability to find an individual’s employer is benign, and the employee’s use of social media has no effect on company reputation. Yet, when that employee is involved in or says something untoward on social media, or a hacker gets hold of an employee’s credentials, there can be consequences for their employer as well.

One need only consider the recent Justine Sacco tweet scandal for an illustration of this. In December 2013, Sacco, then a corporate communications professional at leading Internet company IAC, tweeted, “Going to Africa. Hope I don’t get AIDS. Just kidding. I’m white!” before embarking on a many hours long plane trip to South Africa. Twitter reaction was swift and brutal, with the hashtags #JustineSacco and #HasJustineLandedYet trending for hours while watchers waited for her plane to land. Although Twitter’s reaction to her, individually, was considerable, the response of her employer was also significant. The company fired Sacco, but not before being contacted via Twitter, phone, email and other social media inquiring about its reaction to its employee making such statements.

It would be nice to say that incidents like that of Sacco are few and far between. Yet the continuing growth in social media outlets and use make all organizations vulnerable to having to go into crisis communication mode as a result of an employee’s comments. Here are a few tips that may help to mitigate this concern:

  • If you encourage employee social media use, consider requiring that employees make separate personal and professional accounts.
  • Require that social media passwords must be different from work logins. Employees should not reuse their work emails and passwords for personal sites. This serves as a barrier of protection for work accounts, in case an employee’s social media account is hacked into.
  • Make sure that the corporate social media accounts are the most popular. In this way customers and other consumers may recognize the organization’s statements as reflective of corporate conscious.
  • Never attempt to censor employees. Instead, offer social media training that increases their information literacy, and allows them to understand that actions (or speech) have consequences. Let them know what is appropriate to post on social media and what is sensitive company information.