Flyer Retain Governance

Top Social Media Risks and Concerns for Most organizations are allowing employees to access social media at work. In fact, many organiza- tions are implementing enterprise social media solutions to facilitate this new form of communication. However, with enterprise social media, companies are facing new and ever-evolving challenges.

Retain Social Media Governance There are a number of the challenges organi- text and images both internally and externally at a Glance: zations face with social media. While we can via social media. mention the challenges, our information is not ■■ Retain Social Media Governance Monitors and all-encompassing. Your organization may face Reputation damage and scandals: Inap­pro­ Archives Corporate Social Media Communication other circumstances that we do not mention. priate posts and communication can damage Data from the Following Platforms: The solution for these challenges, whether dis- a company’s reputation, their brand image, or Public Social Media Channels cussed here or not, is the same: you need to could create scandals. The results of these inci­ LinkedIn Pages & monitor and archive social media data. Accounts dents could lead to litigation and monetary loss. Pages & Accounts Social Media Risks and Loss of control around brand message: With Accounts & social media access, your employees can post Search Challenges Facing Corporations Flickr Loss of productivity: Accessing social media information online about your company. This Instagram at work can cause your employees to waste could be tied back to your organization and Google+ Accounts, time at work, which leads to productivity loss. could influence the way your brand is perceived. Pages Plus, many employees have access to your cor- Google+ Tumblr Reddit Sensitive or confidential information leaks: porate social media accounts and they could YouTube Channels Data, such as product information, proprietary post inappropriate messages and images to information, trade secrets, company informa- the corporate page (whether inadvertently or Generic RSS Feeds tion or other sensitive data can be inadver- maliciously), thus damaging your brand. Enterprise Social Networks / CRM tently, or overtly leaked through social media Microsoft Yammer Privacy violations: Many organizations deal IBM Connections channels. An Osterman Research survey found Sales Force Chatter that 13% of organizations have experienced with protected information, including financial Sales Force Communities sensitive or confidential information leakage (account information, social security numbers, Salesforce CRM through Facebook, 9% through Twitter, and stock information, trade deals), healthcare (pro- Slack 10% through LinkedIn. This loss of data can tected health information or PHI), and govern- Social Mobile Hub mental data (confidential or classified material). WhatsApp lead to loss of untold amounts of money due WeChat to damaged reputation, potential litigation, and These types of information could be shared on Enterprise Social Hub loss of competitive advantages. social media, causing privacy violations, espio- Cisco Jabber nage, or treason. Salesforce CRM Harassment and Cyberbullying: Social media SharePoint (News Feeds) access makes it easy for employees to harass Loss of competitive advantage: Your orga­ SharePoint—Office 365 (News Feeds, , Documents, Discussions) or bully coworkers, contractors, customers, or nization may have many ideas, secrets, or pro- Skype for Business Office 365 others. This can create a hostile work environ- prietary data that gives you an advantage over Skype for Business On-Prem ment and can lead to complaints, lawsuits, and the competition. Social media gives employ- Social Media Management Tools employee turnover. ees an easy method for sharing this type of GrapeVine6 Sprinklr information,­ leading to the loss of that compet­ Hootsuite Inappropriate communication: Employees can itive advantage. Others accessing DS SMG API easily share lewd, vulgar, or other inappropriate Brainshark Salesforce Marketing Flyer Top Social Media Risks and Concerns for Corporations

Increased risk of exposure to hacking and Insufficient social media and instant mes- SEC Rule 17a-3 and 17a-4: A dealer or bro- malware:­­ Roughly one in seven social media saging policies: Nearly one in five organiza- ker must preserve documents and records for users have had their social media account tions has not created or implemented a social three to six years. The first two years of which hacked or have been victims of malware. Some media and instant messaging usage policy. they must be in an accessible location. examples of hacking and malware include click- However, even though social media policies jacking, where hidden hyperlinks are placed are widely implemented, nearly three in four Sarbanes-Oxley Act: Public companies must underneath valid content (such as Facebook organizations have only a general policy about save all business records, including electronic ads), and lead victims to malware-laden sites. the use of social media on the corporate net- records and messages, for no less than five Cybercriminals will create bogus pages, which work, or they have no policy at all. Only 28% of years. dupe victims into downloading malware. Users organizations have what can be considered a are often tricked into these scams because detailed and thorough policy about how social Dodd-Frank Act: “Each organization shall they are offered a unique capability, such as media should be used. maintain records of all activities related to the finding out who visited their Facebook profile, business of the facility, including a complete so they are willing to provide their login creden- Inability to produce social media and IM audit trail in a form and manner that is accept- tials or click on a link to obtain the information. messages­ for eDiscovery, subpoenas, reg- able to the Commission; and for a period of not ulatory investigation, or litigation purposes: less than 5 years.” All oral (phone, voice mail) Bypassed enterprise controls: Many users You are going to have to produce relevant so- and written (email, instant messages, SMS, will bypass company controls on accessing cial media and instant messaging data in the etc.) communication that led to trade execution social media or instant messaging by using event of discovery request, a subpoena, a reg- must be retained. ulatory investigation, or litigation. Without an their personal mobile device off of the network. archive of this data, the information is next to This creates a situation where an organization IIROC 11-0349 (Canada): All methods used to impossible to retrieve. does not maintain oversight or control of what communicate, including social media, blogs, is being posted online. and chat rooms, are subject to the IIROC Dealer Regulations Regarding Social Media Member Rules. Data theft from mobile devices: Mobile de- Archiving for Corporations vices can be easily misplaced or stolen. These You need to be aware of the regulations that Gramm-Leach-Bliley: Mandates that the con­fi­ devices can even be out of a user’s control for apply to your organization for social media dentiality and security of customer information a period of time. Any of these situations can and instant messaging data storage. Failure is enforced through securing the information, allow information to be stolen from these mo- to comply with these regulations can lead to such as email correspondence, and limiting its bile devices. fines, sanctions, and litigation. The following access. Email retention periods parallel that examples highlight, by industry, a number of of the SEC 17a-4 regulation, which requires regulations and suggestions for social media retention of six years in an easily accessible and instant messaging archiving and usage: space, secure from erasure and rewriting. With the new and ever increasing risks that organizations face Financial Government because of social media, you need FINRA 10-06: Financial firms must retain re­ NARA October 2010 Bulletin explains that as to be able to mitigate these cords of social media communications. government agencies adopt Web 2.0 tools, risks with oversight on social they must comply with all records manage- ™ FINRA 11-32: Defines tweets and text mes- ment laws, regulations, and policies. communication data. Retain Social sages as written material that needs to be Media Governance provides you preserved. The Freedom of Information Act (FOIA): 5 with that insight by archiving U.S.C. § 552, as amended by Public Law No. all corporate social media FINRA 11-39: Firms are required to retain, re- 104-231, 110 Stat. 3048 states that Gov­ communication data in one trieve, and supervise business communica- ernment­ agencies such as public schools, tions regardless of whether they are conducted colleges, and universities shall make avail- central, accessible archive. from a work-issued device or personal device. able copies of all records, regardless of form

2 or format. Unlike other regulations, the law social media—to address these issues.” The doesn’t specify how long organizations must implication of the new law is clear: social retain their mobile messages. The IT depart- evidence is given at least equal weight and ment must adhere to the information request import as other forms of ESI such as email within 10 days of its receipt. and documents.

Federal Information Security Management Healthcare Act (FISMA): Requires federal agencies to doc- HIPAA regulates healthcare providers’ man- ument and implement an agency-wide program agement of protected health information (PHI), to provide information security for the systems which includes medical records and payment Contact us at: that support the operations and assets of the histories. Organizations must maintain a record www.microfocus.com agency. Many state sunshine laws outline the of all messages to prove they did not contain need to produce electronic communication PHI, and that any messages that did contain Like what you read? Share it. when requested. PHI were sent through the proper and en- crypted channels. Commercial Federal Rules of Civil Procedure (FRCP): HITECH expands on HIPAA and holds health- FRCP rules state that all employee-created care organizations to a higher level of responsi- social media content that is work related, re- bility for breach of patient information. gardless of whether or not it was created on a personal account, is discoverable. Not only The Solution: Retain Social should data be archived and supervised ac- cording to corporate policies, but archiving Media Governance this data in a siloed bin may also be required to Micro Focus® Retain Social Media Governance address employee privacy issues. ensures that your social media communication data is compliant with archiving regulations. *Important Update as of December 2015* The entire social media history is captured in A new version of Federal Rule of Civil Procedure its original context. This allows you to see mes- book went into effect December 1, 2015. Sub­ sage threads, view photos, and watch videos as section 37(e) replaces the previous subpart in they originally appeared. Retain Social Media its entirety, and features a new title: “Failure to Governance provides configurable rules that Preserve Electronically Stored Information.” allow you to control the retention period of ar- chived data. This solution gives you immedi- In addition to this amendment to the previous ate and complete access to all your company rule, Rule 37(e) is accompanied by official Com­ social media communication data. Search, mittee Advisory notes that clearly call out coun- perform eDiscovery, and export social media sel to preserve clients’ ESI, and that counsel communication data from the central archive, should. “…become familiar with their clients’ in- along with your employees’ email and mobile formation systems and digital data—including message data.

161-000115-002 | G | 01/19 | © 2019 Micro Focus or one of its affiliates. Micro Focus, the Micro Focus logo, and Retain, among others, are trademarks or registered trademarks of Micro Focus or its subsidiaries or affiliated companies in the United Kingdom, United States and other countries. All other marks are the property of their respective owners.