One wrong move can land you or your company into an unknown abyss. The lack of guidance from Social Media and non-existent controls can cost companies hundreds of thousands or even millions. The hidden risks of not understanding the many channels of Social Media are immeasurable. With a better understanding and some guidance on Social Media Patterns yourself and your company are going to be able to mitigate the arising risks.

1. Corporate Social Media Guidelines Protecting your organization from Hidden Risks.

2. KPMG: Ten to-do's for audit committees in 2010 How Important is Social Media Understand the company's policy on the use of Twitter and other Social Media networks to reach Investors and customers. http://www.accountingweb.com/topic/kpmg-ten-dos-audit-committees-2010

3. Revealed: Which social networks pose the biggest risk? Biggest Risk in a Social Network? Over 500 Firms Polled “...sizeable pool of information for hackers.” “Sites like LinkedIn provide hackers with what is effectively a corporate directory, listing your staff's names and positions. This makes it child's play to reverse-engineer the email addresses of potential victims.” According to the Sophos Security Threat Report 2010 http://www.sophos.com/blogs/gc/g/2010/02/01/revealed-social-networks-pose-biggest-risk/

4. Bigger risks with younger employees than older ones. SN Risk: Managing the Inevitable “According to the survey, about 50 % of those responding use Web-based social networking to make new friends” “The problem lies in the tendency for experienced social networkers to continue to initiate new friendships, friendships with people they’ve never actually met.” “So the 1st element is making a person feel accepted, part of a group of at least two. This isn’t difficult for experienced social engineers.” Does your organization block use of social networking sites? Yes No Don’t Know Does your organization address social networking in its acceptable use policy? Yes No Don’t Know http://blogs.techrepublic.com.com/security/?p=730

5. Defending against the inevitable SN Risk: Managing the Inevitable “Block use of public social networking sites from the office is a strong recommendation. This will help protect your data or social engineered information, about your company or network, from finding its way directly from the employee’s desk or your network, to either a social networking site or a friend met at such a site. “Implement DLP*. Know where and how your data is moving. If an online ‘friend’ of one of your employees happens to gain access because of sharing activities, you will be able to block data loss or at least know it’s happening.” Block use of Social Networking Sites from Office. Implement Data Leakage Prevention Know where your data is moving Create, edit, or update your social media policies. http://blogs.techrepublic.com.com/security/?p=730 * DLP (data leakage prevention

6. Social Media Policy the 1st line of defense What Every Company Should Know About Social Media Policy 1 in 3 companies has a social media policy in place. Part of the problem is that a social media policy is a misnomer. Your company should have social mediapolicies. socialmediaexplorer.com http://www.socialmediaexplorer.com/2010/02/03/what-every-company-should-know-about-social-media-policy/

8. Employee Policies

9. Corporate Policies

10. Employee Code of Conduct for :

11. Online Communications

12. Company Representation in Online Communications

13. Employee:

14. Blogging Disclosure Policy

15. Facebook Usage Policy

16. Personal Blog Policy

17. Personal Social Network Policy

18. Personal Twitter Policy

19. LinkedIn Policyhttp://www.socialmediaexplorer.com/2010/02/03/what-every-company-should-know-about-social-media-policy/ socialmediaexplorer.com

21. Blogging Policy

22. Blog Use Policy

23. Blog Post Approval Process

24. Blog Commenting Policy

25. Facebook Brand Page Usage Policy

26. Facebook Public Comment/Messaging Policy

27. Twitter Account Policy

28. YouTube Policy

29. YouTube Public Comment Policy

30. Company Password PolicyWhile it may seem frivolous to spell out policies for every social network, that’s not quite the point. Different networks have different implications for different companies. http://www.socialmediaexplorer.com/2010/02/03/what-every-company-should-know-about-social-media-policy/ socialmediaexplorer.com

31. Social Media Policies Few Companies Have Policy for Employee Use of Social Networks Does Your Company have a written policy? Does it include all or part of the listing? What challenges did you find writing it or are concerned you will find? emarketer.com http://www.emarketer.com/Article.aspx?R=1007493

33. Jeff Jarvis, Journalist, wrote on his blog about his frustration of poor customer service by Dell. With the Title “Dell Sucks”.

34. Thousands of people where having the same issues.

35. Biggest Issue:

36. Dell was Not:

37. Reading Blogs

38. Listening

39. Dell’s policy on blogs was do not touch them. JEFF JARVIS @JeffJarvis buzzmachine.com

41. Start at Google:

42. Search for your company, team, yourself.

43. Same search on Blogs:

44. Technorati, Icerocket, & BlogPulse, Youtube, Twitter, & Facebook.

45. Respond to People

46. Do it yourself!

47. Try to solve problems online

48. Put Yourself in their own shoes

49. Set up your own blog.

50. Don’t Forget to thank your customer. puertoblogs.com

52. Didn’t shy away from obstacles

53. Cultivating a cross-platform community

54. Multiple Twitter handles

55. Network of Blogs

56. Very active on Facebook

57. 1 of the few companies to publicly state a ROI from

58. 1 Million In Revenuecommunity.dell.com dell.com/twitter

59. Dell Doing it Everywhere

61. The greater risk is ignoring the conversation that is going on with or without you. JEFF JARVIS Journalist & Author @JeffJarvis Buzzmachine.com

62. Corporate Social Media Guidelines Morgan Johnston’s Quote | Via Twitter Morgan Johnston Manager Corporate Communications @MHJohnston knitwitr.tumblr.com Always ask for Permission when quoting someone

63. Opportunities / Threats Threats / Risks Opportunities Customer’s or Disgruntled employees can create groups to defame a company & disperse sensitive Information. Passing over a possible good candidate based on profile information, pictures, & other postings. The competition can also monitor You. Open Up Fan Page or Group to reach out. Recruiting tool for young professionals looking to join your company and worldwide connections with other professionals. Magazine’s like CIO.com are posting information Monitor the competition’s presence.

64. Opportunities / Threats Opportunities HR Department uses it to keep in touch with present and past employees. Posting relevant articles, press releases, public company information, and get feedback. Connecting and finding opportunities by creating and joining groups of interest. Threats / Risks Customer’s or Disgruntled employees can create groups to defame a company & disperse sensitive Information. Passing over a possible good candidate based on profile information, pictures, & other postings. The competition can also monitor You.

65. Opportunities / Threats Opportunities Links to articles related to professional seminars, conferences, & traditional media. Connecting with potential clients, influencers and leads. Instant customer service issues & monitoring of public relations issues. Threats / Risks Some links to articles may be spam and malware for computer. Could be pressured by the competition or other 3rd parties to engage in company vs. company discussions. Without presence you risk losing customer’s by not being able to solve the issue.

66. Guilty of one of these security oversights? 7 Deadly Sins of Social Networking Security Over Sharing Company Activities Mixing personal with professional Engaging in Tweet (or other social network) Rage Believing he/she who dies with the most connections wins Password Sloth Trigger Finger Endangering yourself and others CSOonline.com http://www.csoonline.com/article/496314/Seven_Deadly_Sins_of_Social_Networking_Security

68. Maybe the company is developing a new car that runs on curbside trashCSOonline.com http://www.csoonline.com/article/496314/Seven_Deadly_Sins_of_Social_Networking_Security

69. 2. Mixing personal with professional 7 Deadly Sins of Social Networking Security Know objectives of why you are on social networks. Remember to post carefully your words are now public across the internet. What you share with your family and friends may not be considered appropriate with business contacts an example would be pictures. Some folks separate facebook for friends and business contacts with linkedin.com. Some folks who work in media have to get people’s interest and need to be on as many social networks as possible in order to promote business. CSOonline.com http://www.csoonline.com/article/496314/Seven_Deadly_Sins_of_Social_Networking_Security

70. 3. Engaging in Tweet (or Facebook/LinkedIn/Myspace) rage: 7 Deadly Sins of Social Networking Security Rants look childish and immature. May be looking at your rant for years. Would be the equivalent as sending an angry email. Too Fat to Fly Southwest? Kevin Smith Hollywood Writer & Director Movies: Jersey Girl (2004), Fan Boy (2009), and others. http://www.csoonline.com/article/496314/Seven_Deadly_Sins_of_Social_Networking_Security

71. 4. Believing he/she who dies with the most connections wins: 7 Deadly Sins of Social Networking Security Some folks such as people on Linkedin who are all about the number of people they are connected too, not who or how they know you. Their friends could connect with you very easily. Verify person’s account, don’t add them unless you know them. Ask why they want to connect & research who they are. If you can’t identify 1 person on their list, might not want to connect or send them to LinkedIn Jail. CSOonline.com http://www.csoonline.com/article/496314/Seven_Deadly_Sins_of_Social_Networking_Security

72. 5. Password Sloth 7 Deadly Sins of Social Networking Security Don’t use same password for all social networks, banking, or work accounts. Someone is likely to figure the information out and get your information. "Using the same password on several sites is like trusting the weakest link in a chain to carry the same weight. Every site has vulnerabilities, plan for them to be exploited." CSOonline.com http://www.csoonline.com/article/496314/Seven_Deadly_Sins_of_Social_Networking_Security

73. 6. Trigger Finger 7 Deadly Sins of Social Networking Security Clicking all links and applications. Bad guys could send you links to give your pc/laptop malware. 7. Endangering yourself and others Posting birthday information, too much detail on family and friends , they could become the target of an identity thief or even a kidnapper. CSOonline.com http://www.csoonline.com/article/496314/Seven_Deadly_Sins_of_Social_Networking_Security

74. 9 or 10 Ways to Stumble in SM Gaming the System Putting on a Puppet Show Flogging Playing Coy Forgetting your Users Acting like you own the place Looking down your nose Letting it slide Pitching without looking:

76. Virgil Griffith's Wikipedia Scanner could make your life a PR misery.

77. Brainchild of Cal Tech computation and neural-systems graduate student.

78. Searchable database ties millions of anonymous Wikipedia edits to organizations where edits apparently originated, by cross-referencing the edits with data on who owns the associated block of internet IP addresses.

81. but in reality the creation of a marketing firm.

82. The blog was designed to become a meme, spreading virally across the Internet, and in a way it did.

83. but not the way anyone at Sony would have wanted.

85. Camping overnight in Wal-Mart parking lots and telling stories about the wonderful people they met.

86. Remarkable number of whom had glowing things to say about Wal-Mart.None of this was untrue; the couple was genuine, the RV was an RV, and nobody's disputing the stories people were telling. But what the blog didn't mention – anywhere whole thing was paid for by Wal-Mart itself from airfares to the RV itself. The blog was outed, the story hit the mainstream media, and both Wal-Mart and their PR firm, Edelman, were left looking very much like they'd tried to pull something sleazy.

88. Many organizational blogs written in market-ese and utterly failing to engage visitors.

89. The flip side of the nothing-but-spin blog is the nothing-but-nothing blog.

90. CEO letting us Know how neat his trip was.

91. Opportunity to offer:

92. Insights

93. Passion

94. Some thought leadership

96. Looking Down Your Nose Your selection of quality goods is so impressive; your blogger engagement strategy... not so much. In January 2008, a blogger asked Target to explain one of their ads, which she felt was sexually exploitive. Target's PR department replied by email: "Unfortunately we are unable to respond to your inquiry because Target does not participate with nontraditional media outlets.” That garnered them a bunch of ill-will in the blogging world... and some bad press in one of those more traditional media outlets that Target prizes so highly.

97. Letting it Slide Setting up a blog or other social web presence is the easy part. The real work comes in doing the gardening: Seeding new content Nurturing the shoots of new community When necessary, weeding out abuses. Canadian politician Paul Martin launched a blog that went months without new posts The Blog became an embarrassment. You don't have to search too far to find blogs and forums that have become playgrounds for comment spam.

98. Pitching Without Looking Engaging with bloggers? Good idea Firing off impersonal pitches with no idea who you're talking to? Bad idea Blogs are highly personal endeavors Only a few earn income for their creators The rest are labors of love. Treat them that way. Suggestion - Read a blog for at least a week, then join its commenting community, and then try pitching the author – in a personal way that relates directly to the blog's focus.

100. Respect your audience and the community you're engaging understand that this can be hard work

101. Dedicate resources accordingly

103. blogs

104. wikis

105. Social networks

106. Virtual worlds,

108. Twitter

109. Yelp

110. Wikipedia

111. LinkedIn

112. Facebook pages

113. or comment on online media stories

115. If writing about a competitor use

116. Real Name

117. Identify that you represent or work for an entity

119. True

122. Make sure your efforts to be transparent don't violate company's

123. Privacy

124. Confidentiality

127. do not disengage from the conversation abruptly.Feel free to ask the PR Director for advice and/or to disengage from the dialogue in a polite manner that reflects well on your Company.

129. make sure you behave diplomatically

130. have the facts straight

132. litigation

134. Even anonymous comments may be traced back to your or company’s IP address.

136. your privacy

137. Company’s confidential information

138. What you publish is widely accessible and will be around for a long time, so consider the content carefully.

139. Google has a long memory.NOTE: Mainstream media inquiries must be referred to the Director of Public Relations.

141. Organization creates a social media presence & nobody participates.

142. Others garner participation

143. but the conversations quickly veers off-topic or into belligerent shouting matches.

144. Others start off well, but can't sustain their momentum

146. staffing up to encourage participation and put out fires.

147. both knowing and pushing the limits of your organizational.

148. These can all help. But nothing works quite as well as knowing social media in your bones, and that means diving in yourself.

149. First Steps Build accounts, quickly start using various platforms to listen for your name, your competitor’s names, words that relate to your space. (Listening always comes first.) Add a picture. Your Audience wants to see you. Talk to people about THEIR interests, too. I know this doesn’t sell more, but it shows us you’re human. Point out interesting things in your space, not just about you. Share links to neat things in your community. Don’t get stuck in the apology loop. Be helpful instead. Be wary of always pimping your stuff. Your fans will love it. Others will tune out. Promote your employees’ outside-of-work stories.

150. Ideas On How To Handle SM Instead of answering the question, “What are you doing?”, answer the question, “What has your attention?” Have more than one person involved at the company. People can quit. People take vacations. It’s nice to have a variety. When promoting a blog post, ask a question or explain what’s coming next, instead of just dumping a link. Ask questions. SM is GREAT for getting opinions. Follow interesting people. If you find someone who uses SM in an interesting way, see who they interact with, and interact with them. When you DO talk about your stuff, make it useful. Give advice, blog posts, pictures, etc. Share the human side of your company. If you’re bothering to update, blog, or tweet it means you believe social media has value for human connections. Point us to pictures and other human things.

151. Some sanity for you You don’t have to read every update, blog, & tweet. You don’t have to reply to every message directed to you (try to reply to some, but don’t feel guilty). Use direct messages for 1-to-1 conversations if you feel there’s no value to Twitter, blog, or a public update to hear the conversation. Use services like Twitter Search to make sure you see if someone’s talking about you. Try to participate where it makes sense. Third party clients like Tweetdeck and Twhirl make it a lot easier to manage Twitter. If you update or tweet all day while your coworkers are busy, you’re going to hear about it.

152. If you’re representing clients and billing hours, and tweeting all the time, you might hear about it. Learn quickly to use the URL shortening tools like TinyURL and all the variants. It helps tidy up your tweets. If someone says you’re using twitter wrong, forget it. It’s an opt out society. They can unfollow if they don’t like how you use it. Commenting on others’ tweets, and retweeting what others have posted is a great way to build community. Some sanity for you (continued)

153. The Negatives People Will Throw At You Social Media takes up time. SM takes you away from other productive work. Without a strategy, it’s just typing. There are other ways to do this. SM doesn’t replace customer service. Most SM platforms are buggy and not enterprise-ready. SM is just for technonerds. SM’s is effective for a few million people. (only) SM doesn’t replace direct email marketing. SM opens the company up to more criticism and griping.

154. Some Positives to Throw Back SM helps one organize great, instant meetups (tweetups). SM works swell as an opinion poll. SM can help direct people’s attention to good things. SM at events helps people build an instant “backchannel.” SM breaks news faster than other sources, often (especially if the news impacts online denizens). SM gives businesses a glimpse at what status messaging can do for an organization. SM brings great minds together, and gives you daily opportunities to learn (if you look for it, and/or if you follow the right folks). SM gives your critics a forum, but that means you can study them. SM helps with business development, if your prospects are online. SM can augment customer service. (but see above)

155. Contact us! Contact US! CIMA IT Solutions Corp. info@cimapr.net TWITTER : @infosecpr| @twitpuerto RaúlColón, CISA, CGEIT @ConsultantRC rcolon@cimapr.net