/// Inside HMV’s Twitter Disaster: What went wrong (and how to keep your company safe)
At 9:45 a.m. on a recent Thursday morning, HMV – the global entertainment retailer with 7,000 employees and more than $1.5 billion in annual revenue – was rudely introduced to the power of social media. An angry employee, one of several hundred let go by the company that day during a round of mass layoffs, decided to vent her frustrations – on HMV’s official Twitter account.
“We’re tweeting live from HR where we’re all being fired! Exciting!! #hmvXFactorFiring,” went the first tweet, blasted to the company’s more than 70,000 Twitter followers around the globe via @HMVtweets. Things quickly got worse. In the course of seven subsequent Tweets, the employee – 21-year-old online marketing and social media planner Poppy Rose Cleere – aired the company’s dirty laundry to the world: the “mass execution” of loyal workers; gross mismanagement at the head office; unpaid, illegal interns. She even got in a jab at her own social-media-challenged boss: “Just overheard our Marketing Director (he’s staying, folks) ask ‘How do I shut down Twitter?’” she tweeted.
By the time the director finally regained control of HMV’s hijacked account and deleted the offending messages, the damage had already been done. The tweets had gone viral – shared thousands of times all over the world in a matter of minutes. The blogosphere was the first to take notice, running breathless posts about the rogue Twitter account. By the next morning, HMV’s “live-tweeted firing” had made headlines in nearly every major newspaper on both sides of the Atlantic. For the company – newly entered into bankruptcy protection and struggling to regain market share from online retailers – the PR debacle could not hardly have come at a more inopportune time.
The worst part: None of it had to happen.
The Social Media Security Gap
For years, robust software tools known as social media management systems have been around to manage and protect companies’ social media assets (Full Disclosure: My company, HootSuite, is one of them). In fact, not using a social media management system in 2013 is roughly equivalent to not bothering to protect your email with a password. But HMV is hardly alone in failing to safeguard its social media accounts. Many of the planet’s largest companies, in fact, remain just as vulnerable.
They can hardly be blamed. Nearly overnight, social media has gone from dorm room toy to boardroom tool. Just a few years ago, only the most progressive companies dabbled with Twitter and Facebook, mainly as a soft, community-building channel. Today, 73 percent of Fortune 500 companies have a Twitter account and social media is a staple of corporate strategy, forecast to unlock some $1.3 trillion in value in the years ahead.
Corporate protocol simply hasn’t kept pace with these changes. As the HMV fiasco shows, major enterprises are still delegating social media responsibilities to interns. Even companies with dedicated social media teams rarely have the proper tools or policies in place. Passwords to company accounts – which may be followed by thousands, even millions, of users – are routinely handed out to entry-level employees. Meanwhile, updates are posted without any fixed workflow or approval system.
It’s worth noting, for instance, that the Twitter following at large consumer brands often exceeds the daily circulation of major newspapers (Organic grocer Whole Foods has more than 3 million followers; the NBA has nearly 7 million). Delegating that kind of authority to junior employees – with little or no checks or balances in place – is inviting disaster. HMV’s rogue tweeter, Cleere, pointed out as much. “I hoped that today’s actions would finally show them [senior management] the true power and importance of Social Media,” she tweeted afterward on her own account, @poppy_powers, “and I hope they’re finally listening.”
3 Tips to Keep Your Company Social Media Safe
So, for companies who suddenly are listening – and concerned – what now? Getting rid of social media altogether is hardly an option (I work with 79 of the world’s Fortune 100 companies and none of them are prepared to give up the competitive advantage of social media – Even conservative financial institutions like Goldman Sachs now tweet to their clientele). Instead, the key is to mitigate social media risks in the office. And the right technology can play a big role. Here’s a look at simple steps to avert an HMV-scale social media disaster:
Centralize social media channels: Audits of large enterprises like HMV routinely turn up dozens of ad hoc social media accounts, started by interns or community managers in multiple departments (often without official permission), each with their own managers, passwords and followings. A critical first step is consolidating these accounts into a single social media management system. HootSuite, for example, brings all social channels – Twitter, Facebook, LinkedIn, etc – into one interface for monitoring and oversight. This also allows for better tracking of the results of social media campaigns. Had HMV’s social channels been centrally monitored, the offending tweets may never have had a chance to go viral.
Control access through limited permissions: As HMV’s Twitter crisis makes clear, letting employees have all-access passes to a company’s social media accounts carries big risks. A safer solution is to give junior employees limited permission to draft messages, which can then be fed into an approval queue for senior management to sign off on before publishing. As little as a year ago, it was nearly impossible to find a social media management tool with this critical feature. My team built one, enabling companies to assign discrete permission levels on an employee-by-employee basis. This simple functionality could have averted disaster for HMV.
Get a handle on passwords: Equally critical is having a master switch for turning on and off employees’ access to different social media accounts. Case in point: While HMV’s marketing manager struggled to “shut down” Twitter, a half-dozen additional incriminating tweets were fired out. The solution: single sign-on technology. Incorporated into enterprise-grade social media tools, single sign-on enables employees to log into social media accounts with the same username and password used for their company email account. Access can be turned on or off by a central administrator, who holds the real “keys” to the company’s social profiles.
Of course, technology is only as good as the people using it. Employees are in desperate need of social media training: on everything from the nuts and bolts of Tweeting and posting to how to leverage social media for business strategy. And, more often than not, resistance still comes from the top – senior executives who think Twitter is just a distraction for sharing snapshots of lunch, not a tool for courting clients and building customer base.
As HMV’s rogue tweeter – who began the company’s social media initiative as an intern just two years ago – points out, awareness remains half the battle. “Since my internship started, I worked tirelessly to educate the business of the importance of Social Media – not as a short-term commercial tool, but as a tool to build and strengthen the customer relationship, and to gain invaluable real-time feedback from the consumers that have kept us going for over 91 years,” Cleere tweeted from her personal account. “While many colleagues understood and supported this, it was the more senior members of staff who never seemed to grasp its importance.”
Chances are, they do now – at least the ones who still have jobs after this month’s social media meltdown.