“The debate is over. Social media has become the Internet.” Those comments kicked off my conversation with Symantec’s Director of Product Marketing, Sean Regan, as we discussed the results of a Social Media Protection Flash Poll that Symantec released yesterday. Among its many findings, social media is rapidly gaining momentum in enterprises as an accepted way to communicate even though IT is still in the early stages of making social media safe for enterprises to use.
Regan’s statement may have been viewed as heresy even as recently as five years ago. But Facebook, LinkedIn, Twitter and the newly announced Google+ are rapidly becoming the new face of how people get and share information on the Internet.
This trend has not been lost on businesses. While they were maybe just dipping their toes in the social media waters a few years ago, this survey shows they are now fully immersed in it. Of the 1,225 individuals surveyed who work in enterprises of over 1,000 employees, 42% confirmed they use social media for business related purposes with 49% accessing forums, 46% using it for professional social networking and 42% reading and/or writing blogs.
But as businesses jump into the social media waters IT is rightfully concerned about the new risks that social media presents to the business. The top worries that IT have include:
- Employees will share too much or inappropriate information (46%)
- Compliance with government/commercial data protection regulations (45%)
- Compliance with information retention policies (45%)
- There will be the loss or exposure of confidential information (41%)
- Damage to brand or reputation (40%)
These are not necessarily new concerns. They surfaced when both email and instant messaging technologies gained momentum in the late 1990’s and early 2000’s. So it is no surprise that they reappear as another new forum for Internet communication has surfaced and, as before, these fears are justifiable.
The Flash Poll asked businesses to comment on nine different types of social media incidents that may have occurred in their organization in the past 12 months. It found that:
- 28% experienced some level of damaged brand or trust
- 27% experienced loss of customer, employee or organization data
- 25% attributed lost revenue to the incident
In some cases, these incidents result in a tangible impact to the bottom line. The biggest cost cited over the last year was a reduced stock price but the direct financial costs of dealing with the issue, damaged brand or trust, lost revenue and litigation all were neck-in-neck in terms of costs that social media incidents incurred.
Despite these risks, businesses are still rapidly immersing themselves in social media for three reasons.
The first reason is simple. It enables businesses to connect with other businesses and customers in ways that traditional Internet portals (web pages, Google search, etc.) simply do not permit. Both the business and the customer learn more about each other and can more quickly come to a decision if there is a fit and if it makes sense to proceed in a business transaction. That is appealing to both consumers and businesses and helps to explain why Google embedded circles in its new Google+ offering.
Second, the software tools required to protect and secure this data is very similar to what was required to protect email and instant messages. Yes, some hooks and features needed to be added into existing software to access these new social media sites to prevent data loss, archive the data and search it for eDiscovery.
But in many cases organizations already own software such as Symantec Data Loss Prevention or Enterprise Vault which already possess these features and hooks. As such organizations are not looking at net new purchases or creating entirely new processes to secure and manage this data. Instead the management of social media content can be folded into their existing processes and software.
Third, policies, processes and training to deal with the risks of social media are forthcoming. This explains in part why organizations do not appear overly concerned about its risks as ~50% of them already feel they can somewhat protect their social media data. But is also explains why only about 25% of organizations have fully implemented risk strategies for social media as these strategies are not yet fully defined.
Just as the Internet took organizations by storm in the late 1990’s and changed how they do business, social media is having the same impact on organizations again. But the good news in this case is that businesses do not have to re-invent the wheel (or the technology in this case) in order to successfully implement social media or protect the information that it generates. Rather it appears they are more confident they can quickly get to the point where they are reaping the benefits that social media offers while mitigating its risks.