How businesses can protect themselves from incendiary online posts

Not too long ago, a local short-term insurer found itself in the middle of a racial social media storm that was entirely fabricated to damage the brand.

On face value, it looked like an employee of the brand sent a racist email to fellow team members. A screen grab was taken of the email and then ‘leaked’ via social media channels.

In reality, a client whose claim was rejected set up a fake email account, sent himself the incendiary email and then leaked it on social media. We were able to forensically track down the perpetrator, who officially apologised, and the brand was cleared across various media channels of any wrong-doing. Unfortunately, however, with the multiple tools and platforms available, examples like this are increasingly common.

The multiple ways brands can be attacked online

In our work, we see this far more than you could imagine in various different forms. For example, a disgruntled employee who sets up an anonymous account and pretends to be a ‘whistleblower,’ revealing a company’s supposedly nefarious actions. This could take the form of emails to the public protector or various media channels, or posts on social media accounts that quickly get shared.

Another common tactic is to set up a fake social media account pretending to be an official business account, and then posting comments designed to ignite public outcry. Similarly, a fake account could be set up to troll a business’s Facebook page or Twitter account.

Social media and various electronic and digital communication platforms, from email through to tools such as Microsoft Teams and Slack have created endless ways to communicate between employees and customers, but they’re also giving disgruntled employees and customers endless ways to do damage to brands.

I’ve unpacked ways that a brand can be attacked, but what of employees who are associated with a brand who behave poorly on social media?

Last year, a Joburg-based driver got into an altercation with a mini-bus taxi on her way to work. She took a photo and posted it to social media, accompanied by highly-charged racial comments.

By the time she got to work that morning, she was fired. The post was shared by increasingly angry social media users until someone figured out where she worked, and then started taking her company to task. To be clear – this individual wasn’t representing the brand she worked for when she made her post, and she wasn’t speaking on behalf of the business. None of this mattered.

This was not a unique story. When it comes to social media, posts can go viral within minutes. Users have also learnt that the best way to punish someone is to go directly to their employers and put pressure on the brand. This new reality has completely changed the way that businesses should approach these channels.

5 Ways businesses can protect themselves

The good news is that while businesses cannot control what their employees do or say online or predict if a disgruntled employee will target the brand online, there are a number of protections businesses can put in place.

  1. Maintain social media profiles. Even in this day and age, there are organisations that either do not have social media profiles or do not regularly (and by that we mean continuous, real-time monitoring) maintain the profiles that they do have. If a business is in control of their own profile, it is much harder for someone to set up a fake account or troll the account. It also means that if something out of the ordinary does occur, the business can immediately take action – this includes if an employee posts inappropriate content that is linked to the business.
  2. Investigate the instant a red flag is raised. People delete posts, profiles, email accounts and emails. The sooner a business investigates, the higher the chances that the perpetrator will be uncovered. In the first story I shared at the beginning of this article, finding the perpetrator was incredibly important to the brand’s ability to prove the email was fake.
  3. Do not delete any content. Whether it’s a post that is damaging to our business or our children have received something via Whatsapp or their social profiles that we want to protect them from, our first instinct is often to delete. This effectively destroys the evidence, making it far harder to find the perpetrator. Fight that instinct and bring in a professional as soon as possible.
  4. Take the law into account. There are two key elements to this. First, businesses should ensure that they have strong social media policies in place so that employees are aware when they contravene them. Many businesses have policies that relate to their official social media accounts, but not to what employees do privately. Public pressure to fire someone does not give a business legal grounds to do so, and without these policies companies may end up guilty of destructive dismissals.The second element is legislation, and this does relate to public business accounts. The Cyber Act includes an entire section dedicated to harmful communication. A company that likes or shares a ‘harmful’ post (this includes falsehoods, anything that instigates violence or demonstrates violence) is as guilty as if they wrote it themselves and can be prosecuted. Employees who manage social media should therefore have a very clear set of guidelines to follow.
  1. Focus on perception. When it comes to any communication, from an email to a Facebook post, how it is perceived is as important – if not more so – than what was actually meant. Trying to claw back a post that has gone viral because it was taken out of context is almost impossible. Instead, businesses should view any content from every possible angle that it could be perceived.