Managing brand backlash and slander from customers and competition on social media is challenging enough on its own. But when you are faced with an anonymous threat from within, the consequences can be far more grave because staff are privy to information that outsiders are not. Not only can their slanderous words be more targeted towards product/service deficiencies and management figureheads, they can leak sensitive information.
Look no further than the recent news that broke during the 2018 NBA Playoffs. Philadelphia 76ers’ president of basketball operations Bryan Colangelo was linked to five anonymous Twitter accounts that were used to criticize players and other NBA executives in addition to leaking unreported medical information about a player. The latter is especially concerning, given the implications of injuries on game performance and the fact that the U.S Supreme Court just lifted the national ban on sports betting just days before the 76ers Twitter scandal.
The NBA story is just one of many examples of how disgruntled members within a corporate hierarchy are using the anonymity of social media to vent their frustrations and leak sensitive information. While you may feel powerless against such a threat, there are steps you can take to mitigate the risk.
6 Tips to Protecting Your Brand from Anonymous Internal Information Leaks and Slander on Social Media
1. Establish a Firm Policy for Employee Brand Advocacy (and Opposition) on Social Media
While many companies seek to reap the benefits of employee brand advocacy on social media, you need to develop a clear policy not just to account for advocacy, but for all communications involving the brand. The policy must clearly detail repercussions (suspension or termination) and dictate topics that may and may not be discussed. The later typically includes customers, clients, vendors, financial and confidential information, research and development, legal proceedings, and the impending release of a new product or service. The policy must also explicitly state that the rules apply to anonymous profiles.
While the policy may not curtail anonymous profile posts outright, it will certainly force some staff to reassess whether or not they should make a post or Tweet given that the business has now established a clear course of punitive action. The potential for an official “policy violation” can be enough to stop a disgruntled employee in their tracks.
2. Establish a Non Disclosure Policy
Bryan Colangelo vehemently denied knowledge of four of the five anonymous Twitter accounts linked to the scandal, and stated that he had not been directly responsible for any of the Tweets in question. The Philadelphia 76ers themselves concluded that Colangelo himself was ignorant of the activity, citing that it was in fact his wife who took to the Twitter accounts to criticize her husband’s own players and colleagues while releasing player medical information. Whether or not Colangelo was directly responsible, his resignation is a clear indication that he is not absolved of fault. Had his wife had not been privy to certain details, the damage could have been mitigated.
This is where a firm non-disclosure agreement (NDA) between the company and staff comes in. While you can’t expect staff to not vent to their spouses (etc.) about the current state of affairs at work, you can ask that they limit the type of information that is shared. But where do you draw the line?
If a given employee have access to sensitive information (i.e. customer data, financial reports, legal documents, etc.) or if your company is on the cutting edge of research and development (i.e. you apply technology to design or manufacture new products or services) you should issue an NDA to keep that information in-house. The NDA must be explicit, stating that it applies not just to the public, media, and competition, but to personal relationships as well. Yes, it can be hard to enforce the latter, but in knowing that the sharing of sensitive information is a violation of the NDA (which comes with punitive consequence) staff will be less likely to do so.
Lastly, you can recommend (not enforce) that staff inform their companions, spouses, family members and friends that anything they share about the company can get them in hot water, which may deter their relations from taking to social media to vent on their behalf.
3. Limit Access to Sensitive Information
Disgruntled staff with anonymous social profiles will have less ammunition to work with if they have limited access to information. Moving forward, access to sensitive data should be provided on a need-to-know basis only. This new policy should be reflected in your own cyber security protocol, given that internal players are one of the top cyber security threats to watch out for in 2018. In addition to limiting access to data, institute IT security systems to carefully monitor staff for suspicious online behavior (without violating their privacy) which can include reviewing their public facing social media profiles to take note of brand mentions.
4. Request Removal of Damaging Posts/Tweets and Report Anonymous Accounts
Few companies realize that recourse can be found on the social networks being used as platforms to besmirch the brand and/or leak information.
For example, if an anonymous Twitter profile is claiming to be a representative of the brand and using the profile to release information, you can appeal to Twitter’s rules regarding Intellectual Property and Trademarks:
“We reserve the right to suspend accounts or take other appropriate action when someone’s brand or trademark, including business name and/or logo, is used in a manner that may mislead or confuse others about your brand affiliation.” (Twitter)
While the above may not allow you to uncover the identify of the violating party, it can result in account suspension and removal of concerning Tweets.
Anonymity is even easier to target on Facebook, given their rules about Misrepresentation and the fact that they are quick to ban inauthentic profiles:
“Authenticity is the cornerstone of our community. We believe that people are more accountable for their statements and actions when they use their authentic identities. That's why we require people to connect on Facebook using the name they go by in everyday life. Our authenticity policies are intended to create a safe environment where people can trust and hold one another accountable.” (Facebook)
If it looks like an inauthentic profile was created so that someone (be they internal or otherwise) can defame your brand or leak information, you can use Facebook’s Report Abuse tool. It may or may not have the intended impact, but it’s certainly worth a shot. Facebook takes reports about any profile in violation of their Community Standards quite seriously.
5. Legal Action
You may have legal recourse. Many courts to date have ordered internet service providers (ISPs) to hand over the IP addresses of anonymous online profiles so that they could be identified and taken to court when their activity is deemed to be defamatory, slanderous, and/or unfairly damaging in nature.
This is more than a reactive tactic, mind you. If your company develops a reputation for taking inauthentic profiles to task, and court, those from within will take note and be far less likely to create anonymous profiles to harm the brand.
6. Keep Aware
Timing is everything when it comes to protecting your brand on social media. That means you need to monitor all keywords and hashtags that reference your brand on Twitter, Facebook, Instagram, LinkedIn, Reddit, and Google+. In addition, drop your brand name into Google Alerts so that you’ll receive notifications when your brand is mentioned online. Given that Google Alerts does not always pick up Tweets and Posts, so you will want to back this tactic up by using HootSuite to monitor brand mentions. By monitoring all social networks for mention of your brand, you will be able to take quicker action as it applies to everything else addressed above.