Regardless of the company we work for or the industry it is in, we’re all privy to information that’s just not acceptable to blog/tweet/post. The Colonel’s secret recipe, for example, is locked up in a safe in Kentucky; you’re not going to find it on Gourmet Magazine’s blog.
With all the benefits social media brings to companies wanting to get closer to their consumers (and employees), it also provides a means for the wrong information to get distributed to the wrong people. Everyone’s listening.
So the question I pose is: where do you draw the line?
Here’s an example of the point I’m trying to make:
Let’s say I’m a chef working in KFC’s test kitchen. While I may not have access to the secret recipe, I certainly would have insider information as to what types of meals/ptoducts are in R&D. This type of information is probably sensitive & competitive, intended to give the Colonel a competitive advantage in the marketplace. At least, that’s how it’s supposed to work.
Now, as a chef who is up on his social media, I’ve got the following accounts: Twitter, WordPress, YouTube. I’ve also got an online resume that states my employer’s name, my title, and a job description that reveals enough to identify me as a key player in the KFC kitchen. I figure that I can get an edge on the competition by using social media to get closer to my consumer. Makes total sense. So, I blog and Tweet about some of the recipes I’m working on in an attempt to solicit feedback. Maybe I even record a video of me cooking dinner at home that’s got nothing to do with work. I’m a bit of a ham. No big deal, right?
Enter social engineering.
What some would say that I have created, as a chef with a palette for social media, is a big sign that says ‘I have competitive intelligence. Right here. Me.’ My online-ness tells them where I work, maybe where I live, maybe where I shop, maybe even the coffee shops and bars I frequent. Some would argue that I, even with the best interest of KFC at heart (and maybe a little big of an ego), have unknowingly made myself a target and a liability.
Yes, it sounds a little far fetched, maybe something out of a spy movie, but things like this absolutely happen. I’ve used KFC and the fast food industry only as an example. There are other industries where the information is much more sensitive and people are willing to pay a high price for it.
Let’s return to the KFC example, though. In terms of national security, the secret recipe means nothing. But what about all of the brand equity stored in the phrase, even the idea, of ‘the colonel’s secret recipe’ ? It has taken years to build that type of equity. Think of the damage that would be done if it wasn’t a secret anymore. Sure, the chicken would probably taste the same (and you’d be able to get it at any restaurant) but the mystique would be gone. The brand would be in need of serious repair.
Please note that I am only playing devil’s advocate here. However, there are some who are in favor of removing online job postings, online resumes and implementing harsh penalties for using social media for anything other than purely social purposes. They feel any participation in the online discussion that even hints at ‘work’ is a major liability. They are extremist, but they exist; at the very core of their argument, they do have a point.
So, back to the question. Where do you draw the line?
I have some ideas here and would love to synthesize any comments into Part II of this post. Then we can move on from the security topic for now, which I would like very much.