It’s not just the Government that wants judicial of social media, in March this year the Securities and Exchange Board (SEBI) issued Cir/ISD/1/2011, its latest guidance on electronic communications specifically relating to circulating unauthenticated news via social media web sites. The circular points out that a lack of internal controls is placing many organizations in danger of being out of compliance and puts the individual and the compliance officer firmly in the firing line if investigated. But squaring up to compliance obligations can have unexpected positive results.
The line between enterprise and consumer real-time communications has never been clear cut. The last five years have seen a dramatic change in the internet and financial institutions have been swift to take advantage. As one of the early adopters of instant messaging, it’s a sector that understands the advantages of timely communications, so it’s not surprising that users have introduced into the workplace all manner of Web 2.0 applications and tools from social networking, instant messaging peer to peer, streaming video, voice over IP applications such as Skype.
Recognizing the trend, and its potential, organizations have been swift to introduce enterprise platforms such as Microsoft Lync, IBM Lotus Sametime, or social collaboration platforms, such as Connections from IBM, or SharePoint from Microsoft. However, this hasn’t stopped users from continuing to use their favorite consumer applications – particularly when their customers or partners are only available – and particularly active on those platforms.
From building a loyal following of customers, collaborating with colleagues and developing new business, social media has proved to be a formidable tool. But there is also a darker side, one where data leakage, non-compliance, malware and errant employees threaten to undo any success at the tap of a tablet, or the click of a mouse.
Regardless of whether the regulations an organization follows are SEBI, FSA or SEC to name but a few, most require member firms to follow due process on approvals as well as to keep and archive adequate records of all electronic communications. However, in practice not many firms are able log content posted to Facebook, let alone try to control the content of the actual message. Thus the obvious procedure has been to simply ban its use.
This view is supported by SEBI’s circular which says - Access to Blogs/Chat forums/Messenger sites etc. should either be restricted under supervision or access should not be allowed. But banning the use of Web 2.0 applications in the work place presents two other issues. Firstly over 50 percent of Web 2.0 applications are evasive. They hop from port to port, use encryption and non-standard protocols, they even tunnel through HTTP. All these tactics allow them to bypass conventional firewalls and URL filters and be installed on machines with virtually no technology knowledge required by the user.
The second problem with banning their use is that the productivity gains are now so strong that businesses not taking the full advantage of Web 2.0 communications are losing out to their competition. The power of networking should not be underestimated. According to Socialbakers.com India is currently the third largest user of Facebook by country, with over 35 million people registered. A company that has just spent a small fortune headhunting a top trader needs them to continue to communicate with their contacts in the most effective manner. Stifling the speed of conversation may end in poor results and opportunities missed.
However, unsurprisingly user behavior poses a considerably risk to any organization and relying on their common sense isn’t always the best policy, particularly when it comes to posting photos on Facebook. In addition, despite social networks growing reputation as a productivity enhancer through collaboration, downloading and uploading videos on Youtube or podcasts on LinkedIn can cause problems, diverting bandwidth away from business critical applications.
But controlling the content posted isn’t the only problem that needs to be resolved. Whether it is for legal litigation purposes, to prove a point on compliance or just to confirm a customer complaint is justified, all business conversations need to be stored securely and social media is no different. The problem is that the process of archiving, storing and making posts easily retrievable is made exponentially more complex because of their multidimensional nature.
For example, a conversation within the chat function of Facebook might include numerous participants joining at different times, creating a requirement to understand the context surrounding each participants understanding of these conversations – who entered – and left the conversation at what point during the discussion. What happens to the social media archive if the conversation is taken to another medium such as Twitter to email? A perfectly legitimate action when privacy needs to be afforded to the customer and a response is going to take more than 140 characters.
Archiving social media is also made more difficult because of the different channels available to users in which to participate. Unlike email where all messages can be driven through a designated email server, social media can easily be accessed outside of the corporate network such as home computer or on a mobile device. Key to be able to easily recognize employees in archived social media conversations, as well as controlling user activity and monitoring content, is the ability to identify individuals by their numerous social media logins and pseudo names back to their corporate identity.
The threat from Web 2.0 applications is not limited to errant employees or compliance issues. Malware is rife too. One of the main reasons behind this is that many users place too much trust in their network. Even though they may not know who their “friends” are in the real world, a feeling of trust builds up over a period of time. This makes users far more likely to click on a link from friend on Twitter, Facebook or Instant Messenger than in an email, where most people today are a little more circumspect, particularly if it’s unexpected.
For financial organizations, the need to take back control over the myriad of Web 2.0 applications and the content posted to them is immediate. The consequences of not doing so are too great to be ignored. However, it is not as difficult as it first seems, organizations just need to follow the best practice guidelines of control, log and archive that they have been doing so for many years.
But here’s the good news. Resolving all of these issues can have an unexpected benefit. Controlling the content of messages posted and providing pre-approved content doesn’t just empower the very individuals the organization employed to create their messaging in the first place – it does so with measurable results. Employees (even the luddites amongst us), can choose the content most suited to their networks and easily judge its success based on its return on engagement by measuring the impact such as new sales leads or connecting with key individuals.
The road is littered with soon to be forgotten social networks such as MySpace or Bebo, and whether Facebook will be as popular in two years time or that we will all be following Amitabh Bachchan on Bubbly is impossible to say. However, to be competitive businesses must be able to embrace the communication tools that their customers are using now and in the future. For highly regulated industries that means looking beyond point solutions and taking a holistic approach to engaging with the new internet
The author is President & CEO, Actiance, Inc
Actiance enables the safe and productive use of Unified Communications, collaboration and Web 2.0, including blogs and social networking sites. Actiance supports all leading social networks, unified communications providers and IM platforms, including Facebook, LinkedIn, Twitter AOL, Google, Yahoo!, Skype, Microsoft, IBM and Cisco.