1. Business Continuity and
Preparedness Through Social Media
Tim Bonno
Tim Bonno Consulting
Read my blog at: www.timbonno.wordpress.com
Follow me on Twitter
Tim Bonno tjb0000@swbell.net LinkedIn: www.linkedin.com/in/timbonno 1
4. And e-mail …
• The number of worldwide email
accounts is expected to increase from
an installed base of 3.1 billion in 2011 to
nearly 4.1 billion by year-end 2015. This
represents an average annual growth
rate of 7% over the next four years.
• The majority of email users are located
in Asia Pacific. Asia Pacific is the most
populous region in the world and
currently accounts for 49% of
worldwide email users. Europe
accounts for about 22% of worldwide
email users, while North America has
about 14% of worldwide email users.
• In 2011, the typical corporate email
user sends and receives about 105
email messages per day.
“Email Statistics Report” - THE RADICATI GROUP, 2011-2015
Tim Bonno tjb0000@swbell.net LinkedIn: www.linkedin.com/in/timbonno 4
5. And Instant Messaging (IM) …
• IM is continuing to grow in popularity.
• In 2011, the number of worldwide IM accounts was
estimated to be nearly 2.6 billion.
• This figure is expected to grow to over 3.8 billion by
year-end 2015.
• This represents an average annual growth rate of
11%.
Tim Bonno tjb0000@swbell.net LinkedIn: www.linkedin.com/in/timbonno 5
6. And Now We Have
Smart Phones & Social Media …
Tim Bonno tjb0000@swbell.net LinkedIn: www.linkedin.com/in/timbonno 6
7. Elements of Social Media
• Message boards
• Photo sharing
• Podcasts
• Really Simple Syndication (RSS)
• Video sharing
• Wikis
• Blogs
• Social networks
• Micro-blogging sites
• Mapping and geotagging (a.k.a.location services).
Tim Bonno tjb0000@swbell.net LinkedIn: www.linkedin.com/in/timbonno 7
8. What is “Social Media”?
• A “1: many” relationship
• Regular media
• Social media
Tim Bonno tjb0000@swbell.net LinkedIn: www.linkedin.com/in/timbonno 8
Web-based Mobile technologies
Communication
Interactive dialogue
9. Social Media Impact -
Global
• Social Networking is showing rapid growth with both
consumer and corporate users.
• In 2011, the total number of worldwide social
networking accounts, including both consumer and
corporate accounts, is nearly 2.4 billion.
o Facebook alone has an estimated 845 million
monthly active users
• This figure (2.4B) is expected to grow to nearly 3.9
billion by year-end 2015.
Tim Bonno tjb0000@swbell.net LinkedIn: www.linkedin.com/in/timbonno 9
10. Social Media Impact - US
• 65% of adult internet users now say they use a social
networking site like MySpace, Facebook or LinkedIn,
up from 61% one year ago.
• Frequency of social networking site usage among
young adult internet users under age 30 was stable
over the last year – 61% compared with 60% one
year ago.
• Among the Boomer-aged segment of internet users
ages 50-64, social networking site usage on a
typical day grew a significant 60% (from 20% to
32%).
“65% of online adults use social networking sites” – Pew Research
Tim Bonno tjb0000@swbell.net LinkedIn: www.linkedin.com/in/timbonno 10
11. Top 10 Sectors by Share of
U.S. Internet Time (Source:Nielsen NetView – June 2009-June 2010)
Top 10 Sectors by Share of U.S. Internet Time
RANK Category
Share of Time
June 2010
Share of Time
June 2009
% Change in
Share of Time
1 Social Networks 22.7% 15.8% 43%
2 Online Games 10.2% 9.3% 10%
3 E-mail 8.3% 11.5% -28%
4 Portals 4.4% 5.5% -19%
5 Instant Messaging 4.0% 4.7% -15%
6 Videos/Movies** 3.9% 3.5% 12%
7 Search 3.5% 3.4% 1%
8 Software Manufacturers 3.3% 3.3% 0%
9
Multi-category
Entertainment
2.8% 3.0% -7%
10 Classifieds/Auctions 2.7% 2.7% -2%
Other* 34.3% 37.3% -8%
Tim Bonno tjb0000@swbell.net LinkedIn: www.linkedin.com/in/timbonno 11
12. Staggering Stats From
Facebook's IPO
• There are 845M monthly active users on Facebook
• 483 M return to the site daily
• 360M users are active 6 out of 7 days
• These users upload more than 250M photos to the
site EACH DAY
• As of December 31, 2011 there have been more
than 100B … yes 100B … friend connections
• In 2010, Facebook made $606M (88% increase year
over year)
• That makes each Facebook profile worth about
$43.79
Tim Bonno tjb0000@swbell.net LinkedIn: www.linkedin.com/in/timbonno 12
13. If all US Internet time were condensed into one-hour, how much
time would be spent in the most heavily used sectors?
Tim Bonno tjb0000@swbell.net LinkedIn: www.linkedin.com/in/timbonno 13
14. U.S. monthly time spent on most heavily
used Internet sectors (millions of hours)
Tim Bonno tjb0000@swbell.net LinkedIn: www.linkedin.com/in/timbonno 14
16. How We’ve Used Social
Media In Emergencies
• Mumbai Terrorist attacks - Twitter users on the ground sent out
vital information including emergency phone numbers and the
location of hospitals that needed blood donations
• The Australian Country Fire Authority - used Twitter to send out
information on the fires, how to donate money and blood, and
where to seek emergency help
• Red River flooding (ND and MN) - 2600 people were getting
updates delivered on FEMA’s Twitter
• FDA recall of salmonella-tainted pistachio products - 3000 people
found out through the agency’s Twitter feed
• Japan earthquake/tsunami - Ushahidi was used to create the
largest crisis map to date with over 8,000 reports received via
social media about shelters, food stores, cell phone charging
centers and road closures.
• Joplin tornado - a hospital administrator tasked one woman —
who had little more than a Facebook account — to track down
1,100 hospital employees who were missing. A few days later, all
1,100 had been located through the Internet.
Tim Bonno tjb0000@swbell.net LinkedIn: www.linkedin.com/in/timbonno 16
17. Timely Delivery
• In a recent FBI RFI, the bureau claimed that “social
media” networks have been trumping police,
firefighters and news media when it comes to
communicating news of developing incidents and
protests.
• They also stated "Social media is rivaling 911 services
in crisis response and reporting,"
Tim Bonno tjb0000@swbell.net LinkedIn: www.linkedin.com/in/timbonno 17
18. Data Crush
• Fusion centers face challenges when it
comes to employing social media analysis,
which together with the gathering of data
comprises social media analytics.
o Upside - ability to quickly react and deal with an issue. In effect,
social media analytics offer crowdsourcing of law enforcement or
disaster intelligence.
o Downside - uncovering information can be hit or miss and
verifying it can be manually intensive.
• The need for technical solutions to social
media analytics
Tim Bonno tjb0000@swbell.net LinkedIn: www.linkedin.com/in/timbonno 18
19. How much data?
• According to Wordpress, its system powers over 68
million blogs worldwide, with 500,000 new posts and
400,000 new comments generated on an average day.
• Facebook reported it has more than 800 million active
users, who upload more than 250 million photos daily.
• YouTube stated that 100 million people “like,” share or
comment on something on the site every week.
• Twitter’s chief executive officer revealed that the social
network had over 100 million active users worldwide,
and the company said it was processing 250 million
Tweets a day.
Tim Bonno tjb0000@swbell.net LinkedIn: www.linkedin.com/in/timbonno 19
20. The Challenge
Social media is constantly changing and constantly moving.
How do we stay ahead of the game, instead of always being
behind it?
• Part of the challenge lies in the nature of social media itself: As
a self-generated means of communication, social media is an
excellent resource for real-time information on disasters. But
the sheer volume of news and events created immediately
after an event poses a huge challenge for emergency
responders trying to monitor the aftermath.
• The instantaneous nature of social media had built up
enormous expectations for a speedy government response.
• The real strength of social media, it seems, lies in preparation
for these events; like warnings and information, including
evacuation notices, weather updates and lists of resources.
Tim Bonno tjb0000@swbell.net LinkedIn: www.linkedin.com/in/timbonno 20
21. The Dark Side
• Flash mob attacks
• Closing of San Francisco Metro wireless
communications
• The Occupy Movement
Tim Bonno tjb0000@swbell.net LinkedIn: www.linkedin.com/in/timbonno 21
22. Caution
• The evolution of social media has led to faster
spread of messages and the ability to minimize
harm done to an organization in a crisis scenario.
• Social media also has the potential to ruin a
company’s reputation or expedite the spread of
harmful corporate rumors.
Tim Bonno tjb0000@swbell.net LinkedIn: www.linkedin.com/in/timbonno 22
24. Insurance
• Specialist social media and cyber insurance policies have been
developed by insurers to help businesses and individuals protect
themselves from an ever-evolving range of risks.
• While a growing number of risk professionals acknowledge information
security and other cyber risks as serious concerns, only about one-third of
organizations (35.1 %) currently purchase insurance as part of their cyber
risk management strategy.
• Investment in prevention rather than insurance
• Limited markets
• Broker disconnects
• Lack of coverage clarity
• Lack of information to make informed decisions
• Too expensive
• Application process is difficult
• Deductibles are too high
• Difficult to quantify
• Policy coverage is too limited
Tim Bonno tjb0000@swbell.net LinkedIn: www.linkedin.com/in/timbonno 24
25. Types of cyber risk
coverage
• Specialized cyber risk
coverage is available
primarily as a stand-
alone policy. Each
policy is tailored to the
specific needs of a
company, depending
on the technology
being used and the
level of risk involved.
Both first- and third-
party coverages are
available.
• Loss/Corruption of Data
• Business Interruption
• Liability
• Cyber Extortion
• Crisis Management
• Criminal Rewards
• Data Breach
• Identity Theft
• Social
Media/Networking
Tim Bonno tjb0000@swbell.net LinkedIn: www.linkedin.com/in/timbonno 25
26. Planning is Important
• When it comes to social media, and cyber risks in
general, insurance is only one tool in the risk
management box.
• Preparing a disaster plan ahead of time that can
be activated in the event of a cyber attack or data
breach, having a sound social media policy in
place and training employees are just some of the
other steps companies can take to help mitigate
and reduce the risks.
Tim Bonno tjb0000@swbell.net LinkedIn: www.linkedin.com/in/timbonno 26
27. You Need A Policy
While social media is being embraced in the corporate world,
the pace at which it is developing is such that organizations’
policies and procedures are struggling to keep up.
o 65% of employers actively encourage the use of social
media for work related activities.
o 21% of employers have taken disciplinary proceedings
because of information an employee displayed on a social
media site about another individual
o 31% have taken disciplinary proceedings because of
information posted about their organization.
o Only 25 % of businesses have a stand-alone, dedicated
social media policy
o 43 % had a social media policy which existed alongside
another, such as an IT or HR policy
Tim Bonno tjb0000@swbell.net LinkedIn: www.linkedin.com/in/timbonno 27
28. Considerations
• Organizations should only use social media tools that
can contribute to the success of their social media
campaigns.
• They should only use tools they have the time to plan
and execute the use of.
• Organizations should have a plan for their messages and
make those messages clear and coherent.
• Delegate social media tasks only to people in the
organization who are aware of the organization’s
communication strategies.
• Social media should not be treated as a “low-level task”.
• Social media is more than a "new" place to
communicate during a disaster/emergency, it really is
"THE" place to communicate
Tim Bonno tjb0000@swbell.net LinkedIn: www.linkedin.com/in/timbonno 28
29. References
• “After disasters, social media struggles to keep up
with expectations”
• SOCIAL MEDIA, LIABILITY AND INSURANCE –
Insurance Information Institute, December 2011
• Best Practices: The Use of Social Media Throughout
Emergency & Disaster Relief; Erica Goldfine, April 28,
201
• Email Statistics Report, 2011-2015; THE RADICATI
GROUP, INC.
Tim Bonno tjb0000@swbell.net LinkedIn: www.linkedin.com/in/timbonno 29
30. How To Contact Me
Through social media, of course!
Tim Bonno
E-mail: tjb0000@swbell.net
LinkedIn:
www.linkedin.com/in/timbonno
Blog:
www.timbonno.wordpress.com
follow me on Twitter
Tim Bonno tjb0000@swbell.net LinkedIn: www.linkedin.com/in/timbonno 30
Hinweis der Redaktion
In 2001, during the 9/11 attacks in the United States, cell phones were the then-new technology
In the 2004, during the Indian Ocean tsunami, people made use of SMS, or text messaging, during the. SMS and cell
phone service mark the beginning of communication technology use by victims of a disaster
during the disaster and its subsequent relief efforts disaster.
In 2005, during
Hurricane Katrina, social media became even more prevalent in facilitating disaster relief. Through the use of social media during Hurricane Katrina, collective
online knowledge was able to help find missing persons, as well as locate emergency housing,
and coordinate volunteers participating in disaster relief
Similar uses of social media occurred during and after the shootings at the Virginia Tech campus in 2007
NIXEL ( www.nixle.com )
Nixle provides communities throughout the country with news and information that is both proximate and personally relevant. Nixle’s mission is to enable government agencies, small to medium size businesses and enterprise-level organizations to communicate in a secure way and exchange multimedia content over a trusted mobile platform. Their product line supports secure enterprise grade communications for both public and private messaging.
Their technology is critical in creating new communication paths that have never existed before. They’ve set out to enable highly granular, location-specific information to be immediately available to users, depending on their physical location at any given time. Nixel makes this information instantly available over, SMS, mobile application, email, and web.
Social Networking sites:
They are characterized by a user’s ability to create a public profile which contains
demographic and personal information, and is made visible based upon personal privacy settings.
Social networking sites display a list of who users are connected to
within the site. Social networking sites also give users the ability to
observe their connections and the connections of others on the site.
These sites are about the facilitation of relationships, relationships that existed before the
connection on the site as well as relationships that were created through the social networking.
Mapping:
Another important type of social media is mapping or location services. Ushahidi,
OpenStreetMap, and Google Map Maker are some of the tools used to map crises and disasters
Think of regular media as a one-way street where you can read a newspaper or listen to a report on television, but you have very limited ability to give your thoughts on the matter.
Social media, on the other hand, is a two-way street that gives you the ability to communicate too.
Facebook alone has an estimated 845 million monthly active users at the end of December 2011
Social media can provide an EOC with huge quantities of data about an unfolding event. They keys are that the data is analyzed, in near real time, and that analysis is accurate and presented to the right people (decision makers) who can act on it quickly. Social media analytics, text analytics and sentiment analysis are all very applicable in an EOC. For instance, if Twitter, Facebook, etc., were monitored and analyzed, including geocoded Twitter data, it is possible that the levee breaks in Katrina may have been pinpointed very quickly, accurately, and allowed for improved response and evacuation times. Accurately modeling the feeds from such sources can assist in proactive management of an unfolding event. The key is integrating data from all sources, cleansing it, displaying it and accurately modeling the impacts of the data.
Social networking sites can gather information in a central location as well as serve as a resource to understand the magnitude of a disaster during the disaster or emergency
Each mapping platform is different; Ushahidi collects information from a group of people in order to map crisis information, creating an “interactive mapping project”. OpenStreetMap uses existing satellite imagery to create a digital map that can be edited by anyone around the world.
Mapping tools and other collaborative social media resources can help disaster responders by providing information like hospital location, other volunteers’ locations and efforts, and can facilitate the coordination of resource distribution. Digital maps also help volunteers known what roads are inaccessible or the best ways to reach areas of need
The Red Cross tweets Location of shelters and how to care for pets during the emergency
Dramatic scenes of the US Airways plane that crashed into the Hudson River were first scene on Twitter
When a gunman opened fire in the Soldier Readiness Center, Twitter was able to provide news and updates to the public as well as soldiers around the world!
Followed by television and local radio, the internet is the third most popular way for people to gather emergency information with 18 percent of both the general and the online population specifically using Facebook for that purpose
Nearly a fourth (24 percent) of the general population and a third (31 percent) of the online population would use social media to let loved ones know they are safe;
Four of five (80 percent) of the general and 69 percent of the online populations surveyed believe that national emergency response organizations should regularly monitor social media sites in order to respond promptly.
For those who would post a request for help through social media, 39 percent of those polled online and 35 of those polled via telephone said they would expect help to arrive in less than one hour.
FBI seeks social media monitoring tool
Agency issues RFI for tool that can use social network data to identify, assess potential threats to U.S. - http://www.computerworld.com/s/article/9224235/FBI_seeks_social_media_monitoring_tool
Like any other new technology, social media brings enormous opportunities and benefits. The ability to communicate and interact instantaneously on a global scale 24/7 enables businesses to reach their customers directly and individuals to voice opinions on any topic they see fit.
Yet as the opportunity to tweet, message, share and “like” grows, so do the risks.
Advertising Liability: Businesses have a legal responsibility to ensure that their advertising is truthful and not deceptive. The Federal Trade Communication Act and various state laws that prohibit false or deceptive advertising apply to online ads too. The FTC has also revised its endorsement guidelines to include advertising via social media, requiring bloggers and advertisers to disclose any “material connections” with each other. So if an advertiser pays a blogger or gives a blogger something of value to mention a product, that relationship must be disclosed.
Cyberstalking: Many states have enacted cyberstalking or cyberharassment laws. Some states include language addressing electronic communications in general harassment statutes, while others have created stand-alone cyberharassment statutes. Growing concerns about protecting children from online bullying or harassment have also led states to enact cyberbullying laws. Statutes and laws may cover a range of activities such as: threatening physical violence; hacking into computers and sending viruses; transmitting obscene or intentionally annoying emails; the willful and repeated use of cellphones, computers and other electronic communication devices to harass and threaten others.
Defamation: Defamation is the publication of false and defamatory statements that harm or injure the reputation of another person or company. Trade libel under common law or statute also applies to false statements that disparage another’s goods or services. Truth is a complete defense in a defamation case. Statements may be protected if they constitute only opinion and are not capable of being proven true or false.
Employers’ Liability: Employers increasingly are using social media to investigate potential and existing employees. For example, a 2010 Career Builder survey found that one-quarter (21 percent) of companies use social media sites to recruit and research potential employees. A company that fires an employee based on their social media interactions with other employees may find themselves in violation of the National Labor Relations Act (NRLA). The language of a company’s social media policy could be construed as overly broad and in violation of the NRLA. Another concern raised in the employment arena is improper solicitation. This occurs when an employee changes jobs and uses social media to contact former clients from their previous position. In some industries, non-solicitation agreements may be in place, but how these apply to social media may not be clear. This is an area where employers are likely to craft specific rules to protect their interests.13
Intellectual Property: Copyrighted video, audio, images and other works created by a third party should not be posted or reposted without permission. Employees who post content created by others should include proper attribution and limit the quotations to “fair uses” of copyrighted content.
Privacy Liability: Companies may have an obligation to protect the privacy of members of the public who join their social networking pages or provide personal information through social media sites. Privacy protections that may apply include: use (appropriation) of a person’s name, portrait or picture for advertising or commercial purposes without prior explicit consent; public disclosure of private or embarrassing facts about a person; statements portraying someone in a false light (similar to libel). Information may also be protected from disclosure by federal and state statutes, such as the Health Insurance Portability and Accountability Act (HIPAA) that provides for the privacy of medical records.
Security Breach Liability: An organization may be found liable if a breach arising from social media and online activities compromises the security of customer personal information or data. A company may also be found negligent if a breach resulted from a systems failure, for example. Increased regulation at both the Federal and state level related to information security and breach notification is expanding the legal avenues that may be pursued. Many states have enacted laws requiring companies to notify consumers of breaches of personal data. Federal laws, such as the HIPAA and the Gramm Leach Bliley Act have requirements to safeguard the privacy of personal information.
Trade Secrets: A company may face liability if its employees post competitors’ trade secrets and confidential information online. Businesses can also forfeit protection of their own confidential information if employees allow it to leak online.
Cyber-extortion is a crime involving an attack or threat of attack against an enterprise, coupled with a demand for money to avert or stop the attack.
Cyber-extortion can take many forms. Originally, denial of service (DoS) attacks were the most common method. In recent years, cybercriminals have developed ransomware that can be used to encrypt the victim's data. The attacker then demands money for the decryption key.
As the number of enterprises that rely on the Internet for their business has increased, opportunities for cyber-extortionists have exploded. The probability of identification, arrest, and prosecution is low because cyber-extortionists usually operate from countries other than those of their victims and use anonymous accounts and fake e-mail addresses.
The number of cyber-extortion cases around the globe could range in the low thousands each year. No statistics back that up, largely due to the fear companies have of revealing that their systems have been compromised. Companies aren't comfortable so far talking to the media about this. "It's indicative that the organization was compromised and could bring further attack. It could make customers uncomfortable using [the targeted companies'] technology,". That's a view voiced by most of the security professionals who have dealt with these cases, and it's one that remains unlikely to change in the near term, as the fear of bad PR increases.
Research highlights the need for a definitive social media policy which is regularly assessed and updated.