Stephen Collins has just tweeted his 12,000th tweet on Twitter – its a demonstration of the power of this social computing tool as a way of communicating with others that we’ve not seen since the days of the village square where everyone knew everyone else, what they were up to, and embraced the friendship and social cohesion it brought.
In his recent blog post, “Adventures in connectedness – Twitter“, Stephen questions the value of twittering as an internal business tool and suggests the risk is too great. He instead suggests locking your tweets in a cage and using Laconica or Yammer which provide equivalent value. But what are the risks? What are the mitigation strategies? What is the ROI in using Yammer over Twitter? He doesn’t suggest any. And I’m a bit surprised by his timidness in this regard.
Having recently undertaken a few threat/risk assessments, I’d like to suggest a more objective approach for assessing risk of adoption of social computing tools, including things like Twitter. Essentially, when assessing a risk, it’s part of an overall equation that examines:
- an individual threat or issue: write the description of the risk
- the likelihood of the risk: rate it from 1 (unlikely) to 3 (highly likely)
- the resultant damage is the issue occurs: rate it from 1 (low damage) to 3 (high damage)
When you’ve written down all of the issues, multiply the likelihood with the damage. Those issues with high scores need stronger mitigation treatments than those with low scores. A mitigation strategy for an issue rated as a risk of 9 might be simply not to do it at all, while an issue with a score of 1 might simply have a mitigation strategy of monitoring to see if the issue rises in likelihood.
Risks and Mitigation
Here are some examples of risks and mitigation strategies that you might consider when putting a threat/risk assessment together.
| Risk | Mitigation |
|---|---|
| Loss of privacy: People can read what you’re doing. With an inbuilt GPS in the iPhone, for example, your location is always known, openning up your home to robbery or setting yourself up for a mugging. | Decrease likelihood: Your tweets can be private so only those who you trust and allow to follow you can see what you’re writing about. |
| Loss of IP: Staff may talk about company secrets, policies and intellectual property that should be kept inside the walls. | Decrease likelihood: Create rules of engagement for staff for use of social computing tools, from blogs and wikis to Twitter and Facebook, and what people should and shouldn’t write about in public spaces.
Jason Ryan has many blog posts on this issue. A policy should always be created in order to set the playing field for any interaction your staff might have with the public.While some organisations already have policies in the form of a Code of Conduct, it’s always good to spell out what the rules are with regards to certain higher-risk social computing behaviour so everyone has equal expectations. |
| Damage due to changes in public perception: As suggested by Michael Krigsman in his blog post Twitter is Dangerous:“Twitter has the power to turn groups of innocent bystanders into instant analysts. Even seemingly innocuous comments, when put before a large group of people, can be analyzed more rapidly, and in more depth, than you might expect. This can easily cause ranges of unintended, highly negative, consequences.” | Decrease potential damange: Any communication taken out of context is dangerous to an organisation’s reputation. A common practice is to only use formal communications channels with highly sanitised and edited messages. If the likelihood of messages being taken out of context is high, and the likely resultant damage is high, then the risk is high. This may mean that tweets are limited to news and media release notification rather than person-to-person interactions.The downside to this approach is reduction in efficacy of the message — people tends not to trust the CEO or his ’official spokesperson‘.
Decreasingn likelihood: If Twitter is a source for connecting your internal Practices with those outside the walls, having tweets closed to the public and open only to those who follow you ensures that only those for whom the conversation has context and relevance will be able to contribute and collaborate. Combined with a policy that articulate the rules of engagement will mean an overall reduction in risk.
|
Constant monitoring of risks is required with regular assessment points to determine if the likelihood of an issue should be downgraded (if its not occurring) or upgraded (when there are a few observations of the issue).
Assessing Risks in the Context of Benefits
The last part to the equation is balancing the calculated risk with the perceived benefits. You wouldn’t be considering any using something like Twitter unless you could see that your organisation would somehow benefit from using these tools.
One organisation I am working with, for example, has a BA Practice. Largely, they are isolated and essentially years behind current industry and best practice as a result. We’ve discussed using Twitter as a tool for not only establishing greater social cohesion with their internal Practice, but also as a way of better integration with those groups, experts and thought leaders outside the organisation, and encouraging knowledge sharing with other like-Practices.
The benefit to the Practice of using Twitter (and therefore the ROI to the organisation) are:
- greater opportunities for sharing knowledge thereby improving the capabilities of practitioners
- increasing capability for innovation, and
- increases in capability to generate IP as a result
Weigh the benefits with the risks is the important part. If the benefit is great and the risk is small then obviously adoption of the tool is a no brainer.
Putting it all together – a strategy
Documenting your decisions is the last step in implementing or choosing not to. It should clearly articulate all of the above items — issues, likelihood and damage — in light of the benefits as well as the roles involved with continued assessment and who is responsible for the mitigation actions.
Conclusions
Because tools like Twitter are really only new it’s hard for some people to get past the fear and doubt about their worth. It’s important in situations like these to move past personal opinion when making decisions and get down into addressing what the threats actually are, how they can be mitigated, and whether the benefits outweigh the risks. If you take this approach I think you’ll be pleasantly surprised at what you can achieve inside the walls.
M
27 October, 2008 at 11:33 am |
[...] to the RSS feed. Thanks for visiting!My friend and colleague, Matthew Hodgson, has suggested I was being timid in my last post for not delving into the business alternatives to Twitter for those times public [...]
28 October, 2008 at 8:58 am |
I think the strongest argument for a private network is to lower barriers for reluctant participants until they gain some comfort. That, and perhaps technical value of avoiding issues of scale.
We live in a transparent age. As humans, we are hard-wired for connection. The benefits of sharing outweigh the dangers. I would think the best strategy for businesses is to embrace this reality and learn how to engage by engaging.
28 October, 2008 at 9:43 am |
Matt, I was disappointed that you did not tackle the biggest risk from social networking tools which are loosely grouped under the banner eDiscovery.
When a person/employee acting on behalf of their organisation generates an ePresence, how the associated information is handled/exposed/archived etc is no longer under the direct control of the organisation (and therefore lives at the crossroad of organisation, service provider and individual responsibilities, policies and actions).
I’d be interested in your suggestions on how you think we should be addressing these legal risks with our policies and strategies? (this topic has also recently surfaced on ActKM).
28 October, 2008 at 11:53 am |
It’s an interesting risk because it’s always been there, it’s just that because the online environment now allows for a greater level of interconnectivity with others that the likelihood is now greater than ever and will probably only grow over time.
In her talk to Web Directions South in Sydney recently, Laurel Papworth suggested that people should be utilising different personas for different environments. This would at least serve to change the context and decrease the likelihood.
As for my own suggestions … there are issues of control, IP, privacy, and the distinction between personal and corporate ownership that probably need to be addressed. …. but I think I’ll have to think on this a little longer and write a whole blog post on it. Just give me a day or two
M
28 October, 2008 at 12:18 pm |
I’m sceptical about Laurel’s suggestion and feel the courts would take a dim view towards endorsing a strategy which could potentially be viewed as an intention to “hide” or “disguise” information “of interest”.
Now then, having not been at her talk, I’d like to say that I’m not accusing Laurel of saying that (as I do not have context) – but rather point out that it needs to be handled “with care” as it could be constured negatively (as I showed above).
28 October, 2008 at 1:05 pm |
Laurel’s comment is more about the dissassociation of work-self with play-self to ensure that there is a good enough distinction between a persons role as an employee and their home life. This allows an easier aggregate view from an evidentiary perspective as to the activities you’re engaging in for work and those you’re doing for yourself. It’s not about subderfuge
It doesn’t, though, address how to go about collecting the transactional data for ediscovery though.
M
31 October, 2008 at 3:19 am |
Hi Matt. I feel like we are living parallel lives on the opposite side of the world. I’m getting ready for a presentation on “The Rapid Transfer of Knowledge” and I was trying to disseminate all my thoughts concisely around Twitter. Thank you for doing it for me.
I will give you tons of credit. I already find myself quoting you often.
I’m consulting for an extremely large and bureaucratic oil company that is curious about all this social networking jazz, but is too scared of its own shadow to step out and DO SOMETHING.
I find it very ironic that as human beings we know how to communicate and collaborate naturally, but when a ‘tool’ is thrown at us to help us do it…some adapt immediately, some sit and look at it for a long time, and ultimately…some just die. Hey, survival of the fittest.
12 November, 2008 at 6:07 am |
Hi Matt, some good ideas here! Especially the idea of communicating and extending the companies policy on using social media can be a good enabler for starting to use tools such as Twitter within the enterprise and externally.
Jeroen