Social Media for Small Businesses
Posted by EYHokie
Monday night we discussed auditing Social Media. Our discussion (really my short lecture)
focused on anything from twitter, facebook, LinkedIn to Google Docs. My suggested approach focused more on a
corporations and less on small businesses. For this post, lets focus on the
small business.
Understanding the Organization:
The first place to start should always be to understand the business
and the business processes.
·
What exactly does the company do?
·
What is the culture like?
·
What are the short and long-term goals?
·
What is the company structure?
·
What social media formats are being used?
·
How do they align with the company
goals/direction?
Understand the Business Unit
Now that you have an overall understanding of the
organization, its important to understand the business units. Here we are
taking one step closer to the business processes.
·
What is the breakdown of the organization
(structurally) by department?
·
What are the department’s goals?
·
How do they align with the companies short and
long-term goals?
·
What does the business unit do? How do they fit into the organization?
Understand the Business Processes
This can be a difficult piece to understand. Above we explored the organization and then
dove into a specific business unit. We
know what the groups do at a high level but what does the day to day look like? This will take some skill. We want to get enough detail that we can
identify what can go wrong with the business processes. At the same time, we don’t want to get stuck
in the details. The conversation should
be an open-ended conversation. Repeating
your understanding or drawing pictures is a great was to feel comfortable that
you can speak to the department at a later date.
Porter’s Five Forces[1]
Why analyze the industry?
To fully complete any audit, I think it is important to step away from
the details and take a look at the overall industry. We can then move into the company and then down
to the business processes. There are
many sites online that can help with this step.
SWOT/TOWS Matrix
Now to understand the internal company, a SWOT analysis
should be completed. This will further
give guidance on the risks the company faces.
This will also help determine how the use of social media aligns with
the strengths and opportunities in the organization. Some of the notable business risks may
include:
·
Disclosure of corporate assets/sensitive
information
·
Violation of law/regulation
·
Loss of customer confidence
·
Loss of reputation
·
Dissemination of fake/fraudulent information
Let’s stop here. We’ve
spent a good bit of time understanding the industry, the company and the business
processes. This is a discussion on
social media. Why all the extra work? From this point forward, we can either assume
you knew all of this information or you were new to the company and needed to
get a strong foundation. By now, we’ve identified
the major risks to the organization and should have determined how the use of
social media fits into the organization.
If the company cannot get past this point, there is no real value in moving
forward. The company can have all the
controls in the world but if it doesn’t align with the external and internal
strengths, then why are they even using these tools?
Governance[2]
Surprisingly enough, the Citizenship and Immigration Canada
provides an interesting audit of IT Governance.
Ok, surprisingly may be a push.
The following are some topics to consider:
·
Policies and procedures
o
Legal counsel review of all policies
o
Personal use (social media) at work
o
Personal use (social media) outside of
work. Why care? The image portrayed outside of the work
environment can have an impact on the greater image of the company.
o
Who can use the tools for business purposes
·
Strategy
o
Risk Management
§
Approval of social media projects
§
Inventory of all media outlets
o
Ongoing assessments
·
People (Office Manager)
o
HR Function
§
HR review of all policies
§
Defined violation policies (up to and including
termination)
o
Training and Awareness
§
Associate/contractor/customer awareness of
responsibility related to social media
·
Update training/people on a regular basis.
o
Staffing
§
Evaluate staffing levels related to support
·
Internal support (IT)
·
Customer facing (marketing)
§
Background checks
§
Employment criteria
·
Processes
o
Social media align with business/department
processes
o
Brand protection
§
Protect from negative publicity
§
Response channel for negative events (hacking
facebook, credit cards, internal data storage)
§
Consistency in branding
o
Monitoring of adverse posts/publicity
§
When identifies, how is this addressed?
§
Is there a plan in place to handle such
situations?
o
Access to social media data
§
Location of data (appropriateness)
§
Data encryption
§
Data classification (define the critical data)
o
Access management
§
Authorization and authentication
§
Contractor access
Technology
At this point, we should be feeling good about the
company. Now lets take the next step
into the actual technology.
·
Social media technology infrastructure
o
Anti-virus software management
§
Current licenses
§
Up to date virus definitions
§
Continually monitoring for latest viruses
patches
§
Update/deploy virus definitions
·
Incident response
o
Handling outages when they arise
o
Timely response to customer/associate issues
·
Content filtering
o
Are there limitations to content
§
Content the associates can view at work
§
Restricted access to content (internal and
customer)
o
Web browser settings
§
Cookie retention
§
Server certifications
§
HTTPS/SSL
§
Popups
§
Java scripts
·
Monitor social media and effect on technology
o
Monitor key matrices
§
Align with business goals
§
Customer “hits”
§
Bandwidth
o
Processes for monitoring (Incident response)
o
Involvement of key stakeholders
§
Owner/President
§
Head of IT
§
Legal Council (legal retainer)
§
Office Manager
As you can see there is a lot to take into
consideration. I would suggest, if there
is going to be a big investment in social media, a full FTE be brought on-staff
to manage content. Think of this as your
marketing. Do you have a full time marketer? If so, social media is a clear interaction
with your customer, good or bad. Proper
attention needs to be made.
While modified, the core structure of the last half of this
post was supported by ISACA’s Social Media information. Strategy, People, Processes and Technology
0 comments: