PreviousPicking the right framework for your Data Privacy and Protection Program
Let’s be honest, if your business isn’t on social media does it even exist? Nowadays putting your business “out there” has become a necessary evil; leveraging the benefits of social media and its potential to reach more people all the while leaving yourself at the risk of too much exposure. So how much information is the right amount to get your brand seen and heard by potential customers, without leaving your business exposed to unnecessary risk?
Digital Marketing, especially Social Media, is a critical component of a solid Promotion Mix, which is the strategic blend of marketing approaches that enables an organisation to communicate its value to the market. In today’s digital reality, there are more smartphones than there are people on earth. Facebook can be considered as one of the largest countries on earth if you compare its monthly active user counts against world populations. Social media creates a perfect platform to speak to customers at every level of the hierarchy of effects model (Awareness, Interest, Desire, Action - AIDA Fig1.) allowing for an organisation to uniquely create organic content and events for every customer throughout the customer journey. But eager marketers must be cautious and ensure they put the necessary protections in place.
Tapping into this world provides the 3 core objectives of promotion that is to Persuade, Inform and Remind/Retain which are critical to any organisation’s growth strategy.
Social Engineering attacks are on the rise and with the human element comes manipulation through social media. 2020 created a catastrophic shift in the way we operate and do business today and we are entering a new phase of our “new normal”. We are in the hybrid state of the workplace, where some organisations are still all working remotely while some have returned to regular daily routines and others are somewhere in between. This is the perfect storm for the social engineer seeking to take full advantage of the confusion and having an untrained staff makes you the perfect target. Consider the following:
Ensure you have Two-Factor Authentication for all accounts associated with the brand.
Ensure that all brand accounts including your CMS platform use strong passwords and you’re making use of tools such as password managers.
Social media managers, for all accounts, should be made aware of your Least Privilege Policy - which pertains to access controls limitations and states that a subject should be given only those privileges needed for it to complete its task.
Conducting a Privacy Impact Assessment as a part of a larger organisation-wide risk assessment process. This will limit the potential for those who manage your online platforms to have access to Personally Identifiable information of both your external and internal customers. Additionally, this will help stakeholders within your business become more aware of the potential reputational harm that can come from mishandled digital platforms.
Consider the development of an employee Social Media Policy. Depending on the type of organisation and the level of an employee it can be very difficult to distance the brand’s values and reputation from that of the actions of an employee on social media in the eyes of the general public.
Remember bad news travels faster and farther than good news, so cover all your bases and be vigilant. This starts with training and awareness. For the very same reasons as above, you must first raise the level of all members of the organisation so as to reinforce the policies and procedures that are to be executed. Symptai can assist in the development of relevant policies and procedures that will help to guide the engagement of all members of staff involved in the managing of social media and all other digital platforms. We can also assist in assessing and improving your overall Privacy and Security posture from a technology and processes perspective while offering guidance on the selection and management of third-party vendors that do not violate your privacy or security policy.
An additional consideration, in which we are experts in assisting, is CIPM training, Certified Information Privacy Management. The CIPM course is ideally suited to prepare your entire organisation on how to handle information privacy concerns as the primary focus of the course is the development and understanding of the Privacy Program/Framework across the entirety of the organisation and this too includes Marketing and Communication.