Step 7: Collaborate and Establish Your Vision and Objectives
Identify and Rank the Risks
This section draws from the previous steps and guides you into developing a simple risk matrix so that you and your community can identify and rank the risks an SMEM program may introduce or the current risks it may impact.
Collaboration is key when you begin defining the risks (problems) that you seek to mitigate, and it starts with leadership from the SM and EM managers. Taking a unified approach to leading this effort will allow your community to feel comfortable, knowing all sides will be heard and understood. This approach also leverages the strengths of each discipline; the long-established EM practices provide structure and organization for planning, response, and recovery, and the use of SM extends the communication reach to the public and responders and provides better situational awareness. As you champion this effort and move along the path to better integration of these disciplines, you will need to broaden the traditional risk assessments to include potential SM risks within your crisis communications plan (CCP). This includes areas such as cybersecurity and privacy matters.
Social Media Risks
Beyond the life/safety risks typically considered during EM planning, you will need to consider a number of unique risks brought by SM. For example, although response to a given incident may be concluded with no property loss or injury, the response can still be viewed as a failure if SM reveals that the airport operator (or another stakeholder) has treated the customer poorly. This has been clearly seen through several events in which a minor issue such as a disruptive passenger creates an SM crisis for an air carrier and airport operator.
It is important to note that in this era of SM proliferation, any mishandling of an event can lead to negative SM coverage—whether or not you choose to implement an SMEM program. The difference is that an airport operator with an SM presence can mitigate the poor coverage by positively engaging with those affected by the situation. Especially when done publicly, effective engagement can not only help to mitigate the negative coverage, but it can also generate positive coverage for how the situation was handled.
When assessing risks, stakeholders need to identify the problems that SM can create, determine the airport’s vulnerability to the problems/risks, and assess the associated impacts. The following are some examples of risks associated with SM:
- Brand/Reputation: reputation and brand risk are leading concerns for corporate executives. An SM crisis event can negatively impact the stock prices of commercial operations and erode confidence. It is important to understand that corporate partners—especially airlines—place a high premium on their brands and have mature, well-established SM programs. In building your SMEM program, you will need to gain their trust and establish policies that protect their reputation.
- Loss of Trust: loss of confidence can also mean a loss in trust. An improperly handled SM response may reduce your influence through SM as users and others in the community avoid your SM channels.
- Financial: negative perceptions from SM presence/interaction may result in loss of revenue.
- Information Security and Privacy: there is a risk of inadvertently sharing information that may be protected, such as private information from users or information protected through the Health Insurance Portability and Accountability Act (HIPAA).
- Operational (e.g., misinformation, reconnaissance, etc.): although it may be rare, SM can be used by those with malicious intent to try to insert bad information to hinder response or divert suspicion. In emergency response efforts, a balance needs to be struck between the following notions:
- Wrong information can be worse than no information
- Slightly inaccurate information can be better than no information
- Cyberattack/Malware: there is a potential security risk from hackers attempting to gain access to your account for user information or when SM is used as a path for introducing malware or for phishing.
At this point, review the risks with your community. Just as you would for a life/safety risk, rank (prioritize) the risks associated with SM and develop mitigation strategies to reduce your risk. Then, inform your whole community of the risks through your planning and training and incorporate them into your drills and exercises as you practice your plans.