In The Network’s online survey last month, we asked you which compliance initiatives you would consider a priority in 2014. While there are many compliance issues at hand – code of conduct refresh, social media compliance, gifts & entertainment training, anti-corruption/FCPA compliance, third-party vendor risk management, etc. – more than one in three respondents (35%) identified social media compliance as a key priority for 2014. This should come as no surprise as social media training and policies are still relatively new challenges to the compliance industry. There are very real risks that arise from employees being unaware of proper social media protocol and etiquette, and organizations need to make a vested interest in social media training and policies to mitigate those risks.

Grant Thornton conducted a survey on social media risks last fall and discovered that employers are most concerned with damages to brand reputation, disclosure of proprietary/confidential information, corporate identity theft, and legal/regulatory and compliance violations. The survey revealed that despite their concerns, only 36% of the 111 companies who responded offer social media training to their employees. This is a scary number when you consider the damage that can be done to corporations through social channels.

Think back a year to when HMV, the British entertainment retailer, failed to change the login credentials for their social platforms in the midst of a massive layoff. The result? Real-time tweets like the following: “Mass execution of loyal employees who love the brand” and “We’re tweeting live from HR where we’re all being fired! Exciting!” Having social media policies and training in place would lay ground rules for situations like this. As Forbes contributor Jeanne Meister points out, “if you want to retain control of your online image, remember to change passwords, and restrict access to social pages before you let go of the employees who run those accounts.”

So what do you have to worry about when it comes to social? As is evident in the previous example, companies need to be cognizant of damages to brand reputation and the disclosure of sensitive information. But, what about corporate identity theft? What does that look like? Just Google “Kyle Kinane v. Pace Picante Salsa.” It turns out that the whole Twitter disaster that started when Pace supposedly liked one of Kinane’s old tweets bashing their brand was completely fake, but that doesn’t mean the company went without damage.  Pace Picante Salsa experienced firsthand what it’s like to have your corporate identity stolen. The lesson here is you cannot avoid social media risk, by avoiding social media!

Avoiding social media risk is no longer an option, so companies must face it head on. Start by making sure your company has a presence on social media, so you don’t become a victim of corporate identity theft. Next, outline your social media policies. If you aren’t sure where to start, use the transparency rule; specifically, iterate to your employees that they should not be posting anything on the company’s behalf that they would not be comfortable with fellow employees reading.(Similarly, if posting on their own behalf, they should not be posting anything that they wouldn’t be comfortable with their grandmother seeing.)

You’ll also want to make sure you have social media training in place to support your policies, to educate your employees and help protect both them and your organization. Training is a valuable resource that can clarify for employees both acceptable and unacceptable online behavior. It doesn’t stop your employees from using social media, but it does show them how their online presence can cause undue havoc.