Se ha denunciado esta presentación.
Se está descargando tu SlideShare. ×

Business Impact of Online Social Networking

Cargando en…3

Eche un vistazo a continuación

1 de 91 Anuncio

Más Contenido Relacionado

Presentaciones para usted (20)

A los espectadores también les gustó (20)


Similares a Business Impact of Online Social Networking (20)

Más de Micheal Axelsen (20)


Más reciente (20)

Business Impact of Online Social Networking

  1. 1. Managing the business impact of social networking Managing and leveraging the business impact of social networking sites Presented by: Micheal Axelsen Director Applied Insight Pty Ltd
  3. 3. About this presentation <ul><li>Objectives </li></ul><ul><ul><li>This seminar identifies and discusses social networking websites and how businesses should respond to this business challenge. </li></ul></ul><ul><li>Agenda </li></ul><ul><ul><li>Social networking overview </li></ul></ul><ul><ul><ul><li>What can go wrong for individuals? </li></ul></ul></ul><ul><ul><ul><li>What can go wrong for businesses? </li></ul></ul></ul><ul><ul><li>Protecting personal privacy </li></ul></ul><ul><ul><li>How should the business respond? </li></ul></ul><ul><ul><ul><li>What powers do you have? </li></ul></ul></ul><ul><ul><ul><li>Developing policies and procedures </li></ul></ul></ul><ul><ul><ul><li>Leverage business opportunities through OSN </li></ul></ul></ul><ul><ul><li>Conclusion </li></ul></ul>
  4. 4. Meeting the challenges of IT Information Technology & Management Centre of Excellence Forthcoming: Social networking policies & procedures Online social networking etiquette
  5. 5. Your expectations <ul><li>Housekeeping </li></ul><ul><ul><li>Exits, breaks, etc </li></ul></ul><ul><li>Expectations </li></ul><ul><ul><li>Audience demographics </li></ul></ul><ul><ul><li>What are your expectations from this session? </li></ul></ul><ul><li>Strawpoll: Who uses social networking websites? </li></ul><ul><ul><li>MySpace, FaceBook, Friendster, MyYahoo, Twitter, Flickr, Photobucket, SchoolFriends, Blogger, LiveJournal, Tumblr, Microsoft Live... </li></ul></ul><ul><ul><li>Blogs/Vlogs? Others? </li></ul></ul><ul><li>Strawpoll: Who didn’t know about these websites? </li></ul><ul><li>Strawpoll: Anybody here ‘Vlog Naked’? </li></ul><ul><ul><li>(sorry, just wondering) </li></ul></ul>
  7. 7. What is social networking? <ul><li>Definition </li></ul><ul><ul><li>Online social networking sites are web-based services that allow individuals to construct a public (or semi-public) profile within a bounded system, identify other users with whom they share a connection, and view and traverse their list of connections and those made by others within the system. </li></ul></ul><ul><ul><li>They are simply websites that allow you to maintain relationships with friends online, sharing and talking about common interests </li></ul></ul><ul><ul><li>Some social networking websites are internal (private) and some are external (public) </li></ul></ul>
  8. 8. Popular online social networking sites <ul><li>Websites </li></ul><ul><ul><li>Facebook and MySpace are the most well-known examples. </li></ul></ul><ul><ul><li>Blogs such as and </li></ul></ul><ul><ul><li>YouTube, Flickr, PhotoBucket, Yahoo, Twitter </li></ul></ul><ul><ul><li>The CPA Congress 2008 website at is an example of a private social network. </li></ul></ul>
  9. 9. What can go wrong for individuals?
  10. 10. Some “funny” examples From: Nugent, Katrina Sent: Thursday, 1 September 2005 10:21 AM To: Bird, Melinda Subject: RE: Let's not get person &quot;Miss Can't Keep A Boyfriend&quot;. I am in a happy relationship, have a beautiful apartment, brand new car, high pay job...say no more!! 
  11. 11. Some “funny” examples Censored Ex-boyfriend site
  12. 12. Some “less funny” examples MOSSSSSSSSYYYYYYYYYY!!!!!!!! I'm gonna knock you out one of these days if you keep putting up stuiped photos when I'm drunk - ban you from tasking a fricken camera anywhere!!!!!!!!!!!!
  13. 13. Some “less funny” examples
  14. 14. Other examples <ul><li>Exercise: Audience member examples? </li></ul><ul><li>Exercise: Reasons for participating in online social networking? </li></ul>
  15. 15. What can go wrong for business?
  16. 16. What can happen?
  17. 17. What can happen? Alritey. The names Ryan workin at #### #### At the moment to get the money to go out and enjoy my much appreciated young life. As far as i know i enjoy life to the max, i love to get wrecked, mwi and be around mates and loud music. No better way to spend a weekend than gettin out my #### in one way or another and be surrounded by loud music and knowing that i have a stunning girlfriend when i go home.
  18. 18. Business risks of social networking <ul><li>Productivity losses </li></ul><ul><ul><li>Addictive and time-consuming </li></ul></ul><ul><ul><li>Over-use during work time is a genuine issue </li></ul></ul><ul><ul><li>Can actually increase the productivity and effectiveness for some roles </li></ul></ul><ul><li>Legal risks </li></ul><ul><ul><li>Generally employers can monitor their employees’ web use and email, but notice is needed. Can result in legal liability </li></ul></ul><ul><ul><li>Potential for legal liability due to customer actions </li></ul></ul><ul><li>Reputation risk </li></ul><ul><ul><li>A risk to the business’s reputation </li></ul></ul><ul><ul><li>Many examples of gaffes & negative comments </li></ul></ul><ul><ul><li>Difficult to remove these comments </li></ul></ul>
  19. 19. Business risks of social networking <ul><li>Viruses and spyware </li></ul><ul><ul><li>Frequently a platform for malicious attacks using viruses and spyware </li></ul></ul><ul><li>Privacy breaches and identity theft </li></ul><ul><ul><li>Can promote identity theft, even where ‘private’ </li></ul></ul><ul><ul><li>Third party applications usually get access to data </li></ul></ul><ul><li>Social engineering </li></ul><ul><ul><li>Use online information to commit targeted acts of fraud </li></ul></ul><ul><ul><li>Could profess to be the assistant to a high-level staff member, and know enough ‘internal’ information to convince a staff member to provide cheques or goods </li></ul></ul><ul><ul><li>Convincing identity cards/business cards used to gain access to the business or its customers </li></ul></ul><ul><ul><li>Grandparent fraud </li></ul></ul>
  20. 20. Business risks of social networking <ul><li>Inadvertent release of information </li></ul><ul><ul><li>Windows into the lives of users </li></ul></ul><ul><ul><li>Unintentional release </li></ul></ul><ul><ul><li>LinkedIn shows your network your recent connections – who are probably prospective clients </li></ul></ul><ul><ul><li>Using an online wiki to collaborate with a client (or even to track tasks and manage projects) may result in the release of confidential client information </li></ul></ul>
  21. 21. Other examples <ul><li>Exercise: Audience member examples of potential business impact? </li></ul><ul><li>Exercise: What role do CPA’s play here? </li></ul>
  22. 22. Protecting personal privacy
  23. 23. How to keep an online world sane <ul><li>Simple things </li></ul><ul><ul><li>Common sense! </li></ul></ul><ul><ul><li>Don’t post in your real name – set up three email addresses: </li></ul></ul><ul><ul><ul><li>Personal, anonymous email address that forwards to your main email (for blogging comments & mail lists) – but expect that this is not fail-safe </li></ul></ul></ul><ul><ul><ul><li>Personal (for all your personal email) </li></ul></ul></ul><ul><ul><ul><li>Work (for work email – no personal email!) </li></ul></ul></ul><ul><ul><li>Only post online what you’d be happy for Mum (or a potential recruiter/client) to see </li></ul></ul>
  24. 24. How to keep an online world sane <ul><li>Simple things </li></ul><ul><ul><li>Wall posts are wall posts on someone else’s wall, and a tweet is forever </li></ul></ul><ul><ul><li>Get permission before you post a photo of someone online </li></ul></ul><ul><ul><li>Only ‘friend’ friends! </li></ul></ul><ul><ul><li>Be coy about your age </li></ul></ul><ul><ul><li>Never post photos of official identification documents... Just so you know </li></ul></ul><ul><ul><li>Be responsible when writing messages on other people’s sites. </li></ul></ul>
  25. 25. How to keep an online world sane <ul><li>For the more paranoid </li></ul><ul><ul><li>If you have a social networking website (e.g. MySpace, Facebook), use the privacy options – so many people don’t </li></ul></ul><ul><ul><li>Limit the sites you participate in – perhaps FaceBook for friends, LinkedIn for work colleagues? </li></ul></ul><ul><ul><li>Do not accept a flung zombie, which Hero are you?, Blackjack or other application on Facebook </li></ul></ul><ul><ul><li>Set up Google Alerts to monitor your name and email address </li></ul></ul>
  26. 26. Privacy settings <ul><li>Privacy settings </li></ul><ul><ul><li>Facebook </li></ul></ul><ul><ul><li>MySpace </li></ul></ul><ul><ul><li>YouTube </li></ul></ul><ul><ul><li>LinkedIn </li></ul></ul><ul><ul><li>Flickr </li></ul></ul><ul><ul><li>Twitter </li></ul></ul><ul><li>Traps for young players </li></ul><ul><ul><li>Your network is still visible; until recently, employer search showed up even with privacy </li></ul></ul><ul><ul><li>MySpace – owned by News corporation </li></ul></ul><ul><ul><li>YouTube – lose control over ‘derivative works’ </li></ul></ul><ul><ul><li>Flickr – creative commons licence </li></ul></ul><ul><ul><li>Twitter – stability? </li></ul></ul>
  27. 27. Google Alerts
  28. 28. How should the business respond?
  29. 29. Dealing with it <ul><li>Strawpoll: who knows whether their business searches for these discussions? </li></ul><ul><li>Good talk is good, right? </li></ul><ul><ul><li>The only good way to respond is to give good service and hope that people blog about it </li></ul></ul><ul><ul><li>At least show an interest and respond to address a grievance, and be transparent about it </li></ul></ul><ul><li>Professional monitoring services </li></ul><ul><ul><li>Reputation Hawk </li></ul></ul><ul><ul><li>Reputation Defender </li></ul></ul><ul><ul><li>Cymfony </li></ul></ul><ul><ul><li>There are many others of course </li></ul></ul>
  30. 30. Dealing with it <ul><li>Simple (and cheap) </li></ul><ul><ul><li>Google Alerts/Yahoo Alerts/MonitorThis </li></ul></ul><ul><ul><li>Customer representatives join online, private, forums and lurk there while watching for issues </li></ul></ul><ul><ul><li>Set clear expectations as to what staff can do with your brand name on the internet </li></ul></ul><ul><li>Etiquette </li></ul><ul><ul><li>Ensure that potential recruits know if you are researching them online </li></ul></ul><ul><ul><li>Avoid a search engine optimisation solution to ‘drown’ a negative comment </li></ul></ul><ul><ul><li>Never lie and pretend to be a customer – you will be found out eventually, and the price will be high! </li></ul></ul>
  31. 31. Dealing with it <ul><li>Responding to online comments </li></ul><ul><ul><li>Demonstrate an interest and respond online to address a grievance, and be transparent about it </li></ul></ul><ul><ul><li>Don’t post a hot and angry response </li></ul></ul><ul><ul><li>Don’t exercise legal muscle unless you really have to </li></ul></ul><ul><ul><li>Respond with transparency and honesty, but take up discussions off-line at a senior level, after research! </li></ul></ul><ul><ul><li>Engage with the author of the post is most effective </li></ul></ul><ul><ul><li>Encourage discussions to flourish by providing and promoting the use of online forums. </li></ul></ul><ul><ul><li>Invite genuine customers to respond in a forum </li></ul></ul>
  32. 32. Know your digital footprint
  33. 33. What powers do you have? Disclaimer: the following is not legal advice and merely attempts to present an overview of the law from the layman’s perspective
  34. 34. Employees - what can you do? <ul><li>Employer controls over private life </li></ul><ul><ul><li>Can the employer control what you do in your off hours? </li></ul></ul><ul><ul><li>Professional/Staff employee vs a ‘standard’ employee </li></ul></ul><ul><ul><li>three core duties of an employee to their employer that may affect your online social networking activities: </li></ul></ul><ul><ul><ul><li>to work with care and diligence </li></ul></ul></ul><ul><ul><ul><li>to obey all lawful and reasonable orders </li></ul></ul></ul><ul><ul><ul><li>to act with good faith and fidelity </li></ul></ul></ul><ul><ul><li>An employee can be dismissed if these duties are breached by actions in their private lives </li></ul></ul>
  35. 35. Employees - what can you do? <ul><li>Due care and diligence </li></ul><ul><ul><li>Fairly clearly, in work hours we need to work for our employers. </li></ul></ul><ul><ul><li>‘ Cyber-slacking’ in work hours </li></ul></ul><ul><ul><li>Using social networking tools inappropriately in work hours and at home </li></ul></ul><ul><li>Obey lawful and reasonable orders </li></ul><ul><ul><li>An act in your private life would need to demonstrate an intention to ‘no longer be bound’ by the contract </li></ul></ul><ul><ul><li>Acts in private life may prevent you from carrying out your duties – higher standards for professional/staff employees (for example, a police officer or teacher) </li></ul></ul>
  36. 36. Employees - what can you do? <ul><li>Good faith and diligence </li></ul><ul><ul><li>Courts reluctant to intrude on private life </li></ul></ul><ul><ul><li>Cannot act in conflict with your employer’s interests (e.g. commence a competing business) </li></ul></ul><ul><ul><li>Must not disclose private information </li></ul></ul><ul><ul><li>Entitled to ‘blow the whistle’ in the public interest </li></ul></ul><ul><ul><li>Acts in private can be governed by the employer if there is a relevant link to the employer (e.g. uniform) and depending on the employee’s role (senior, client-facing would face a higher standard) </li></ul></ul><ul><ul><li>Should not ‘tarnish the employer’s image’ </li></ul></ul>
  37. 37. Employees - what can you do? <ul><li>Codes of conduct </li></ul><ul><ul><li>Set out expectations clearly </li></ul></ul><ul><ul><li>Ensure consent is given for contractual terms – that the employee has accepted these terms </li></ul></ul><ul><ul><li>Legally enforceable? This will depend – see speculation that a mining company employer could prevent its employee joining a group that is protesting the mining company’s actions. </li></ul></ul><ul><ul><li>Process for managing the issue once it is discovered? </li></ul></ul>
  38. 38. Former employees - what can you do? <ul><li>Former employees </li></ul><ul><ul><li>Very limited control - doctrine of restraint of trade </li></ul></ul><ul><ul><li>May only legitimately use a post-employment restraint to protect trade secrets or established customer connections </li></ul></ul><ul><ul><li>Can draw upon what you learn at a job, but not allowed to take physical (or electronic) documents </li></ul></ul><ul><ul><li>Duty of Confidentiality exists even for former employees to keep ‘secret’ information confidential (of a high standard of confidentiality). </li></ul></ul><ul><ul><li>Difficult to rely on this though </li></ul></ul>
  39. 39. Former employees - what can you do? <ul><ul><li>Can have express confidentiality provisions in the contract of employment </li></ul></ul><ul><ul><li>Can prohibit the disclosure of information to competitors or third parties </li></ul></ul><ul><ul><li>Much easier to identify and enforce with an express provision. Without it, it is difficult for a business to have recourse against former employees should information be disclosed on social networking websites. </li></ul></ul><ul><ul><li>The actions available to a business are otherwise generally limited to the same actions available should a comment be made by a current customer (for example, defamation). </li></ul></ul>
  40. 40. Third parties - what can you do? <ul><li>Defamation </li></ul><ul><ul><li>Law was reformed in 2005 </li></ul></ul><ul><ul><ul><li>Corporations (other than non-for-profit organisations or small businesses) cannot sue for defamation </li></ul></ul></ul><ul><ul><ul><li>Defence of &quot;truth&quot; rather than “truth and public benefit&quot; </li></ul></ul></ul><ul><ul><ul><li>One year to bring an action rather than six </li></ul></ul></ul><ul><ul><ul><li>abolishing the awarding of exemplary and punitive damages in civil defamation proceedings; and </li></ul></ul></ul><ul><ul><ul><li>Juries now determine whether a person has been defamed; Judges now award damages </li></ul></ul></ul>
  41. 41. Third parties - what can you do? <ul><ul><li>See Gutnick v Dow Jones 2002 </li></ul></ul><ul><ul><ul><li>Gutnick contended that an article in the online Dow Jones newsletter defamed him </li></ul></ul></ul><ul><ul><ul><li>Only five physical copies ever sent to Australia </li></ul></ul></ul><ul><ul><ul><li>Location of defamation held to be Australia, even though it was published and uploaded in New Jersey </li></ul></ul></ul><ul><ul><li>No matter what happens, legal action is going to be commercially expensive and would likely be associated with reputation risk </li></ul></ul>
  42. 42. Develop policies & procedures
  43. 43. AS/NZS 4360:2004 Risk Management
  44. 44. Tailoring your response
  45. 45. Elements of policy & procedure <ul><ul><li>Standard </li></ul></ul><ul><ul><li>Title </li></ul></ul><ul><ul><li>Purpose </li></ul></ul><ul><ul><li>Revision History </li></ul></ul><ul><ul><li>Effective Date </li></ul></ul><ul><ul><li>Persons affected </li></ul></ul><ul><ul><li>Definitions </li></ul></ul><ul><ul><li>Responsibilities </li></ul></ul><ul><ul><li>Change to suit risk appetite </li></ul></ul><ul><ul><li>Policy </li></ul></ul><ul><ul><li>Procedures </li></ul></ul>
  46. 46. Draft Policy – Very Low <ul><ul><li>For a very low risk appetite </li></ul></ul><ul><ul><li>In recognition of the very high impact that online social networking activities have upon the business activities of XYZ Pty Ltd, XYZ Pty Ltd implements very strict restrictions on the use of online social networking activities by employees using XYZ Pty Ltd equipment, and/or making reference to the business of XYZ Pty Ltd. </li></ul></ul><ul><ul><li>XYZ Pty Ltd emphasises procedural controls, regular and intense monitoring to online social networking activities referring to the business of XYZ Pty Ltd, and provides explicit guidelines to follow in responding to such activities. </li></ul></ul>
  47. 47. Draft Policy – Very High <ul><li>For a very high risk appetite </li></ul><ul><ul><li>As online social networking activities have minimal impact upon the business activities of XYZ Pty Ltd, XYZ Pty Ltd provides some guidance in the use of online social networking activities by employees. </li></ul></ul><ul><ul><li>Responses to online social networking activities that refer to the business of XYZ Pty Ltd are made on a case by case basis as XYZ Pty Ltd becomes aware of them. </li></ul></ul>
  48. 48. Tailoring your procedures <ul><ul><li>Tailored procedures </li></ul></ul><ul><ul><li>Refer to appendices for a process to tailor your response in line with the business’s risk appetite </li></ul></ul><ul><ul><li>Workshop exercise </li></ul></ul><ul><ul><li>Are there other possible actions a business could include in the procedure? </li></ul></ul><ul><ul><li>Identify pros and cons for each suggested action </li></ul></ul>
  49. 49. Acceptable online social networking activities <ul><ul><li>Possibilities </li></ul></ul><ul><ul><li>Could ban all mentions by employees </li></ul></ul><ul><ul><li>Could ask for pre-approval of a comment </li></ul></ul><ul><ul><li>Could allow employees to publish, but have marketing manager subscribe to RSS feeds and have employees agree to make changes if requested </li></ul></ul><ul><ul><li>Only have authorised representatives respond online </li></ul></ul><ul><ul><li>Could block online social networking websites in work hours (but please be realistic) </li></ul></ul>
  50. 50. Staff training and awareness program <ul><ul><li>Possibilities </li></ul></ul><ul><ul><li>Content </li></ul></ul><ul><ul><ul><li>Awareness of acceptable online social networking activities </li></ul></ul></ul><ul><ul><ul><li>Core principles in ensuring the privacy of personal information in an online environment </li></ul></ul></ul><ul><ul><ul><li>Specific training on the use of major identified online social networking websites to ensure privacy. </li></ul></ul></ul><ul><ul><ul><li>Practical advice in the use and etiquette of online social networking tools, including the use of email </li></ul></ul></ul><ul><ul><li>Make your requirements part of induction program, perhaps with an exam </li></ul></ul><ul><ul><li>Require existing staff to attend annually, and perhaps pass an exam </li></ul></ul>
  51. 51. Online reputation monitoring <ul><ul><li>Possibilities </li></ul></ul><ul><ul><li>Engage online reputation monitoring service provider </li></ul></ul><ul><ul><li>At least set up Google Alerts! </li></ul></ul><ul><ul><li>Document risky mentions in monthly, quarterly, or annual online social networking references report </li></ul></ul><ul><ul><li>Subscribe to likely private online forums </li></ul></ul><ul><ul><li>Ensure that applicants for positions are aware that the candidate’s online profile may be examined in the course of assessing the candidate’s suitability for the position. </li></ul></ul>
  52. 52. Responding <ul><ul><li>Possibilities </li></ul></ul><ul><ul><li>May need to have lawyers involved </li></ul></ul><ul><ul><li>For an employee, the HR manager would deal with it </li></ul></ul><ul><ul><li>Core principles: </li></ul></ul><ul><ul><ul><li>Demonstrate an interest and respond online to address a grievance, and be transparent about it </li></ul></ul></ul><ul><ul><ul><li>Never post an immediate, negative, response to an online reference. Have a conversation in person at a senior level </li></ul></ul></ul><ul><ul><ul><li>Legal action considered </li></ul></ul></ul><ul><ul><ul><li>Making no response may be the least harmful </li></ul></ul></ul><ul><ul><ul><li>All responses conducted professionally and honestly </li></ul></ul></ul><ul><ul><li>Monitor and document responses in social networking references report </li></ul></ul>
  53. 53. CONCLUSION Business opportunities and OSN
  54. 54. Are there opportunities? <ul><ul><li>Workshop exercise </li></ul></ul><ul><ul><li>Identify other opportunities presented by online social networking </li></ul></ul>
  55. 55. Research and development <ul><ul><li>Brand monitoring </li></ul></ul><ul><ul><li>Understand the reach and impact of your brand </li></ul></ul><ul><ul><li>Know what is being said in the ‘hearts and minds’ and be more reactive </li></ul></ul><ul><ul><li>Research communities </li></ul></ul><ul><ul><li>Share and build ideas within internal and external communities to test their value </li></ul></ul><ul><ul><li>Innovation communities </li></ul></ul><ul><ul><li>Users can provide recommendations for new features </li></ul></ul><ul><ul><li>Communities of users can vote on new features to guide product or feature development </li></ul></ul>
  56. 56. Marketing <ul><ul><li>Blogs </li></ul></ul><ul><ul><li>Promote and discuss on your own blogs </li></ul></ul><ul><ul><li>Get a groundswell of discussion amongst your customers </li></ul></ul><ul><ul><li>Communities </li></ul></ul><ul><ul><li>Build relationships between users and the company products </li></ul></ul><ul><ul><li>Video on user-generated sites </li></ul></ul><ul><ul><li>Viral marketing promotion </li></ul></ul><ul><ul><li>Audience gives more weight to genuine user experiences than paid TV spots </li></ul></ul>
  57. 57. Sales <ul><ul><li>Social networking sites </li></ul></ul><ul><ul><li>Can target sales (but need to be careful!) </li></ul></ul><ul><ul><li>Create groups & events e.g. Friends of Ford </li></ul></ul><ul><ul><li>Brand ambassador programs </li></ul></ul><ul><ul><li>Identify loyal customers who bring others into your community </li></ul></ul><ul><ul><li>Communities </li></ul></ul><ul><ul><li>Understand and target sales </li></ul></ul><ul><ul><li>Embeddable widgets </li></ul></ul><ul><ul><li>Users can prove brand loyalty </li></ul></ul><ul><ul><li>Points of presence for sales </li></ul></ul>
  58. 58. Customer support <ul><ul><li>Support forums </li></ul></ul><ul><ul><li>Customers can answer their own problems online </li></ul></ul><ul><ul><li>Customers can help each other </li></ul></ul><ul><ul><li>Become aware of issues much sooner </li></ul></ul><ul><ul><li>Proactive support e.g. Direct2Dell </li></ul></ul><ul><ul><li>Wikis </li></ul></ul><ul><ul><li>Customers can answer their own problems online </li></ul></ul><ul><ul><li>Self-documenting </li></ul></ul><ul><ul><li>Save on publishing costs and corrections </li></ul></ul>
  59. 59. Operations <ul><ul><li>Internal social networks </li></ul></ul><ul><ul><li>Cross-fertilisation of ideas </li></ul></ul><ul><ul><li>From front line to back office – e.g. Blue Shirt Nation (Best Buy Inc) </li></ul></ul><ul><ul><li>Promote the sense of culture and can bring together widely dispersed/loosely coupled workforces </li></ul></ul><ul><ul><li>Wikis </li></ul></ul><ul><ul><li>Provides a platform to develop self-organising teams </li></ul></ul><ul><ul><li>Take on responsibility and change </li></ul></ul><ul><ul><li>External social networks </li></ul></ul><ul><ul><li>Leverage employees’ networks to hire new staff </li></ul></ul>
  60. 60. Cultural change <ul><ul><li>Recommendations for implementing </li></ul></ul><ul><ul><li>Accept the loss of control </li></ul></ul><ul><ul><li>Expect pushback from managers </li></ul></ul><ul><ul><li>Line up executive backing </li></ul></ul><ul><ul><li>Start small and focus on measurable objectives </li></ul></ul><ul><ul><li>Expand beyond projects </li></ul></ul><ul><ul><li>Stay focussed on culture, not technology </li></ul></ul>
  61. 61. Conclusion
  62. 62. Conclusion <ul><li>Review the expectations wall </li></ul><ul><ul><li>How did we go? </li></ul></ul><ul><li>Obtaining a copy of the presentation </li></ul><ul><ul><li>See for a copy of this presentation </li></ul></ul><ul><ul><li>See CPA Congress community: ( </li></ul></ul><ul><li>Applied Insight Pty Ltd Services </li></ul><ul><ul><li>Social networking training for staff </li></ul></ul><ul><ul><li>Social networking review for your business </li></ul></ul><ul><ul><li>Social networking policies & procedures </li></ul></ul>
  63. 63. Contact details Micheal Axelsen Director, Applied Insight Pty Ltd m: 0412 526 375 t: +61 7 3139 0325 e: [email_address] blog: Applied Insight Pty Ltd PO Box 603 Toowong DC 4066 AUSTRALIA
  64. 64. About the speaker <ul><li>Services </li></ul><ul><ul><li>Micheal Axelsen provides consulting services in the enterprise governance of information technology, and the development and implementation of strategy to deal with the business challenges of information technology. </li></ul></ul><ul><li>Position and qualifications </li></ul><ul><ul><li>Director of Applied Insight Pty Ltd </li></ul></ul><ul><ul><li>Chair of CPA Australia Information Technology & Management Centre of Excellence </li></ul></ul><ul><ul><li>Qualifications </li></ul></ul><ul><ul><ul><li>Bachelor of Commerce (Hons) </li></ul></ul></ul><ul><ul><ul><li>Masters of Information Systems </li></ul></ul></ul><ul><ul><ul><li>FCPA </li></ul></ul></ul>
  65. 65. Appendix: For further reference
  66. 66. References <ul><ul><li>AS/NZS 4360:2004 Risk Management </li></ul></ul><ul><ul><li>Boyd, D., and Ellison, N. &quot;Social Network Sites: Definition, History, and Scholarship,&quot; Journal of Computer-Mediated Communication (13:1), March 2007, pp 210-230. </li></ul></ul><ul><ul><li>Brandenburg, C. ‘The Newest Way to Screen Job Applicants: A Social Networker's Nightmare’. Federal Communications Law Journal. Los Angeles: Jun 2008. Vol. 60, Iss. 3; p. 597 (30 pages). </li></ul></ul><ul><ul><li>Emerald Insights. ‘MySpace or yours? Advertising and social networks’. Strategic Direction. Bradford. 2008. Vol. 24, Iss. 8; p. 15 </li></ul></ul><ul><ul><li>Engdahl, S (Editor). “Online social networking”. Greenhaven Press. Farmington Hills, MI, USA. c2007. </li></ul></ul>
  67. 67. References <ul><ul><li>Espejo, R (Editor). ‘Should social networking web sites be banned?’. Greenhaven Press. Detroit, MI, USA. 2008. </li></ul></ul><ul><ul><li>Johnson, R A, and Middleton, J M. ‘Accounting for Second Life’. Journal of Accountancy. New York: Jun 2008. Vol. 205, Iss. 6; p. 54 (5 pages) </li></ul></ul><ul><ul><li>Lavenda, D. ‘Does 'blogging' have a place in the workplace?’. The British Journal of Administrative Management. Orpington: Jul 2008. p. 27 (3 pages) </li></ul></ul><ul><ul><li>Mac Sithigh, D. ‘The mass age of internet law’. Information & Communications Technology Law. Abingdon: Jun 2008. Vol. 17, Iss. 2; pg. 79 </li></ul></ul><ul><ul><li>McCallum, R. “Employer Controls over Private Life”. New South Wales University Press Ltd. Sydney, NSW, Australia. 1999. </li></ul></ul>
  68. 68. References <ul><ul><li>Stewart, A. ‘Drafting and enforcing post-employment restraints’. Australian Journal of Labour Law. Vol 10 pp181-221. 1997. </li></ul></ul><ul><ul><li>Willard, N E. ‘Cyber-safe kids, cyber-savvy teens : helping young people learn to use the Internet safely and responsibly. Jossey-Bass. San Francisco , CA, USA. 2007. </li></ul></ul>
  69. 69. Appendix: Developing your policy
  70. 70. Tailoring your response
  71. 71. Identify the risks <ul><li>Identify business strategy and market position </li></ul><ul><ul><li>Identify organisational focus </li></ul></ul><ul><ul><li>Identify organisational strategy and context </li></ul></ul><ul><li>Assessment of online presence </li></ul><ul><ul><li>Online search for mentions of business name, key products, and senior management team. </li></ul></ul><ul><ul><li>Social networking search for current and past employees. </li></ul></ul><ul><ul><li>Search of relative subscriber-only forums not indexed by search engines. </li></ul></ul>
  72. 72. Identify the risks <ul><li>Stakeholder survey </li></ul><ul><ul><li>A broad survey of stakeholders (including customers, business owners and staff) to identify the extent of participation in online social networking. </li></ul></ul><ul><ul><li>Request suggestions on appropriate online behaviour from stakeholders </li></ul></ul><ul><li>Stakeholder interviews </li></ul><ul><ul><li>Identify current activities, expectations of appropriate behaviour, and general attitude towards OSN </li></ul></ul>
  73. 73. Identify the risks <ul><li>Document risks </li></ul><ul><ul><li>Review the information recorded above, and identify current and potential online social networking activities, and consider the potential risks that arise as a result of these actions. </li></ul></ul><ul><ul><li>Consider the seven potential risks </li></ul></ul><ul><ul><li>Document the risks, identifying online social networking activities that contribute to this risk. </li></ul></ul>
  74. 74. Understand the risks <ul><li>Identify likelihood </li></ul><ul><ul><li>Have stakeholders rate the likelihood of each risk </li></ul></ul><ul><li>Identify consequences </li></ul><ul><ul><li>Understand the risk and its impact </li></ul></ul><ul><ul><li>Define levels of economic loss </li></ul></ul><ul><ul><li>What is the consequence of each risk? </li></ul></ul><ul><ul><li>Have stakeholders rate the consequences of each risk </li></ul></ul>
  75. 75. Understand the risks <ul><li>Risk evaluation workshop </li></ul><ul><ul><li>Use a workshop to agree on an estimated risk level </li></ul></ul><ul><ul><li>Aggregate consequence assessment. Confirm in workshop. </li></ul></ul><ul><ul><li>Map each risk to the matrix below </li></ul></ul><ul><ul><li>Document the estimated risk level </li></ul></ul>
  76. 76. Understand the risks
  77. 77. Evaluate the risks <ul><li>Evaluate risks and risk level </li></ul><ul><ul><li>Identify the acceptable estimated risk level </li></ul></ul><ul><ul><li>Assign each identified risk to the below matrix </li></ul></ul><ul><ul><li>Identify non-policy activities or changes to work practices to: </li></ul></ul><ul><ul><ul><li>avoid the risk </li></ul></ul></ul><ul><ul><ul><li>reduce the likelihood of its occurrence </li></ul></ul></ul><ul><ul><ul><li>to reduce its consequences </li></ul></ul></ul><ul><ul><ul><li>to transfer the risk to a third party. </li></ul></ul></ul><ul><ul><li>What remains is the residual risk that must be reduced through an online social networking policy </li></ul></ul>
  78. 78. Evaluate the risks
  79. 79. Evaluate the risks <ul><li>Match risks to policy and procedure template </li></ul><ul><ul><li>Five core procedure responses, matched to your risk appetite: </li></ul></ul><ul><ul><ul><li>Acceptable online social networking activities </li></ul></ul></ul><ul><ul><ul><li>Staff awareness program </li></ul></ul></ul><ul><ul><ul><li>Staff training program </li></ul></ul></ul><ul><ul><ul><li>Online reputation monitoring </li></ul></ul></ul><ul><ul><ul><li>Responding to online social networking activities </li></ul></ul></ul><ul><ul><li>Provides a draft online social networking policy that can be developed further </li></ul></ul><ul><li>Validation Check </li></ul><ul><ul><li>Refinement will be needed </li></ul></ul><ul><ul><li>Circulate, discuss, and confirmed </li></ul></ul>
  80. 80. Treat and monitor <ul><li>Develop program of activities from procedures </li></ul><ul><ul><li>Steady and sure approach is usually best </li></ul></ul><ul><ul><li>Three crucial factors: </li></ul></ul><ul><ul><ul><li>Be realistic (and then halve it!) </li></ul></ul></ul><ul><ul><ul><li>Prioritise the identified risk mitigation controls with separate actions </li></ul></ul></ul><ul><ul><ul><li>Identify a program of work over the planning horizon period </li></ul></ul></ul>
  81. 81. Treat and monitor
  82. 82. Treat and monitor <ul><li>Establish monitoring program </li></ul><ul><ul><li>Review actions each delivery period </li></ul></ul><ul><ul><li>Plan the actions for delivery in the next </li></ul></ul><ul><ul><li>Focus on the development of an active strategy </li></ul></ul><ul><ul><li>Regularly monitor & review in a group </li></ul></ul><ul><ul><li>Monitor effectiveness </li></ul></ul><ul><ul><li>Review policy & procedures annually </li></ul></ul>
  83. 83. Appendix: OSN Risk Examples
  84. 84. Scenarios <ul><ul><li>Productivity Losses </li></ul></ul><ul><ul><li>Employees use social networking websites during work time to the detriment of business performance. </li></ul></ul><ul><ul><li>Legal risks </li></ul></ul><ul><ul><li>As no policy explicitly states that email use is monitored by the employer, the employee brings an action for wrongful dismissal when dismissed for posting inappropriate content to an email forum. </li></ul></ul><ul><ul><li>As no policy explicitly states that web use is actively monitored, it is difficult for a business to further investigate an employee who is suspected of posting details of an upcoming marketing program and product price list onto Wikipedia. </li></ul></ul>
  85. 85. Scenarios <ul><ul><li>A junior financial planner with an accounting firm provides taxation advice in a public forum using the firm’s email address and with a signature including the firm’s name. The advice is posted publicly, is relied upon by some readers who suffer a loss and subsequently bring an action against the accounting firm. </li></ul></ul><ul><ul><li>Reputation Risk </li></ul></ul><ul><ul><li>A customer writes a blog post or video that is negative towards your product, service or staff. </li></ul></ul><ul><ul><li>An employee writes a blog post or posts a video that is negative towards the company’s product, service or staff. </li></ul></ul>
  86. 86. Scenarios <ul><ul><li>An employee writes a blog post or status update that places company secrets in the public domain using the business’s equipment. </li></ul></ul><ul><ul><li>An employee posts lewd photographs online in a public forum. </li></ul></ul><ul><ul><li>A friend of an employee posts lewd material on the employee’s public website or social networking page. </li></ul></ul><ul><ul><li>Photographs of office functions depicting inappropriate behaviour are posted online by staff. </li></ul></ul><ul><ul><li>Photographs of office functions depicting inappropriate behaviour are posted online by staff employed by the venue. </li></ul></ul>
  87. 87. Scenarios <ul><ul><li>An employee writes a blog post or posts a video that is derogatory to his or her colleagues or the firm’s customers. </li></ul></ul><ul><ul><li>An ex-employee writes a blog post or posts a video that is derogatory to his or her colleagues or the firm’s customers. </li></ul></ul><ul><ul><li>A supplier writes a blog post that is derogatory about the company’s ability to pay its suppliers. </li></ul></ul><ul><ul><li>Viruses & spyware </li></ul></ul><ul><ul><li>A staff member’s computer infects all networked computers with a virus that was launched from a website that advertised on MySpace. </li></ul></ul>
  88. 88. Scenarios <ul><ul><li>The accountant’s username and password for the business’s online banking is stolen by a Trojan key-logging program that was downloaded to the accountant’s laptop from an advertisement on a niche social networking website while her teenaged son was using the computer at home. </li></ul></ul><ul><ul><li>Privacy breaches/identity theft </li></ul></ul><ul><ul><li>Using an edited copy of a signed letter and a business-card posted on Flickr, a fraudster creates a fake letter of employment as supporting documentation for a bank loan in an employee’s name that is subsequently defaulted upon and causes personal bankruptcy for the employee. </li></ul></ul>
  89. 89. Scenarios <ul><ul><li>The employee subsequently brings an action against the business for not taking reasonable precautions to prevent this from happening. Although the resulting court case is unsuccessful, it is a serious distraction and expense for the business. </li></ul></ul><ul><ul><li>An employee posts a photograph of a colleague and her children on her blog at the annual Christmas function. The colleague’s estranged husband is able to identify the children’s school from the uniform they are wearing, and subsequently collects the children from the school. The children are never seen again. </li></ul></ul>
  90. 90. Scenarios <ul><ul><li>Social engineering </li></ul></ul><ul><ul><li>Using names, email address, and positions gleaned from Facebook, position titles and references from LinkedIn, and faked letterhead or invoices from a site such as Flickr or Photobucket, a conman is able to extract payment for non-existent products or services. </li></ul></ul><ul><ul><li>Using photos from Flickr of a business card and letterhead, and information gleaned from Facebook, a fraudster poses as a contract cleaner who then uses an unattended and logged-in computer to steal clients’ taxation information on a 4gb USB memory stick. </li></ul></ul>
  91. 91. Scenarios <ul><ul><li>Inadvertent release of information </li></ul></ul><ul><ul><li>The company’s proprietary approach to the bidding process for government work is submitted to Wikipedia by the business development assistant and is not able to be withdrawn in time. </li></ul></ul>

Notas del editor