By: Mike Pagani
There’s no doubt that using social media communications can offer businesses tremendous business advantage in terms of reaching potential new customers and staying in touch regularly with the ones they have. In fact, the number of organizations now actively using social media as one of their standard outbound forms of communications is on the rise.
That said, some social media channels are more popular than others, and staying compliant is the driver. For example, according to data contained in the Smarsh annual compliance survey for 2015, the use of Twitter and LinkedIn by compliance professionals and employees of financial services firms over the last four years has grown considerably, where the use of Facebook has not.
Social Media: The Weapon of Self-Destruction
At the heart of the compliance focus with social media channels is the balance between personal and business orientation for each of the various channels. LinkedIn is clearly a networking channel oriented toward professionals and Twitter is a primarily business-focused means of getting fast-breaking messages out in real-time, but Facebook is largely geared toward promoting personal updates and activities – usually with pictures and comments added by others.
This potential co-mingling of personal and business content as a result of using the same social media channel and persona/profile for both raises some interesting issues to consider. It also mirrors a prior technology adoption cycle that we have now solved for: Bring Your Own Device (BYOD), where the same dilemma presented itself almost immediately.
When looking at the BYOD phenomenon and how it played out, the similarities to using personal social media channels and the same persona for business communications are very real. We can even argue that we are now evolving to BYOP or “Bring Your Own Persona” as the next step beyond BYOD.
BYOD did not go away and ultimately went mainstream for two key reasons: personal devices offered a lot more capability than the typical corporate-issued device of the time, and IT eventually found a way to effectively “manage” devices’ use for business in a responsible way.
Think about it…the Blackberry was the device of choice issued by financial services firms to new employees the Blackberry was very reliable and did a great job at providing secure access to email with instant messaging capabilities as well. However, the device did not offer an agile format to support new apps for social media channels like the personally purchased iPhone did. In reality, the iPhone is more of an “app-launching device” than a phone when you get right down to it; it gives users mobile, anytime, anywhere access to their social media accounts – something they simply can no longer live without.
For a long period of time, it was customary to carry two phones (one corporate issued and one personally owned) to keep our business lives and personal lives separate. Although we still see this in regulated industries like financial services, management technologies have evolved, making it safe for the two worlds to co-exist on the same device, and it’s becoming much more commonplace for personally owned devices to be used for both purposes.
Just like consolidating personal and business usage down to one device with the right management solution, there are also reliable and secure ways now to manage the risk out of using the one social media channel persona for both purposes. Managing the use of a single persona for business and personal communications eliminates the need to create and maintain two personas.
Enter Comprehensive Archiving
Comprehensive archiving platform technologies now feature support for the capture of social media communications through automated application programming interfaces (API) so that the content can be policy-checked, flagged for compliance review, indexed and held centrally for immediate access at a later date. Leveraging the use of a comprehensive archive platform allows businesses to create specific policies around the compliant use of social media channels so their employees can utilize their one personal social media persona for both business and personal communications, knowing that it is all being supervised by the organization they work for.
When improper, noncompliant use is automatically detected by the archiving system’s policy-checking engine as the communication goes out, the individual messages are flagged for review. The compliance team can then take remedial action with the individual(s) involved to correct the behavior going forward and have a built-in audit trail within the system to show the regulator, should the company be audited or examined. The firm can easily demonstrate that they are being responsible with their use of social media and taking corrective action to enforce compliance policies when improper use is encountered, which is exactly what regulators want to see.
If You Can’t Beat ‘Em…Join ‘Em!
It’s no longer an option to simply outlaw the use of social media altogether within an organization and hope to stay competitive with ones that allow it.
Yes, an interim step is to allow the use of a select few channels, such as LinkedIn and Twitter, but eventually there will be others that will increase steadily in popularity so that their use, too, will become a necessity. We saw this happen with BYOD, where the interim support phase was to allow the use of only a select few types of personal devices, but the pace of innovation and the emergence of newer and more capable devices quickly made that an impossible edict to maintain.
The compliant use of social media communications and utilizing a single persona for both personal and business purposes is possible today, provided businesses create the right policies and have the right technology in place to automate reliable enforcement, manage the risk out of the equation and reap the benefits.
Mike Pagani is the Senior Director of Product Marketing and Chief Evangelist for Smarsh. Mike is a seasoned IT professional and recognized subject matter expert in the areas of mobility, identity and access management, network security and virtualization. Prior to joining Smarsh in November 2014, Mike held executive-level corporate and technology leadership/spokesperson roles for Stay-Linked, Quest Software, NComputing, Dell Software and others.