Facebook has a lot to offer businesses, but you need to be aware of the hazards too
The social media giant has some great features for businesses, but there are potential hazards too. Davey Winder finds out how to protect your data and your brand
“Being on Facebook means people can learn about your business and buy from you right where they’re already hanging out”
Facebook is an essential tool for businesses of all sizes. It’s a great way to communicate with your customers with a personal feel that you can’t get from a corporate website. It can provide calls to action, ads and promotions, a messaging service and a showcase for products and services, with the potential to reach nearly three billion users across the platform – without them having to step outside of a familiar service.
At the same time, creating and operating a Facebook presence brings potential hazards you might not be aware of. Last year, for example, a bug in Facebook’s code temporarily exposed the accounts of the admins behind Facebook business pages. Private details detail of the official Banksy page, as well as a host of global political figures, were posted online. Facebook quickly y fixed that bug, but incidents like this s raise the question of just how private e and secure your business page actually ually is. First, the good news: industry experts agree that Facebook is overall a net positive for businesses. usinesses. “The privacy concerns that hat apply to individuals don’t really apply to businesses,” explained Paul Bischoff Bischoff, privacy advocate at Comparitech. Unlike individual users, he argues, businesses want exposure and, for the most part, sharing more information is always better.
Natalie Howells, group head of marketing at business growth agency SpiderGroup, agrees. “Being on Facebook means people can learn about your business and buy from you right where they’re already hanging out,” she said. “The privacy issues are, naturally, a concern to business users, but they’re outweighed by the significant advantages of reaching people where they already are.”
“As long as a business is aware of the potential privacy concerns – and, of course, the privacy of their userbase,” said Steven Jupp, CEO at business intelligence outfit High Impact Office, “the benefits certainly outweigh any privacy issues.”
What could go wrong?
There’s a clear consensus: your business ought to be on Facebook. At the same time, it’s important to be aware of what the issues are, and what you’re entrusting to Facebook when starting your business page.
“There are obviously many details that Facebook will collect during sign-up and daily operation,” Jupp said. “A business is effectively signing away anything they are publishing within their page or shop. But in the light ight of things, they would very likely do o the same on their own website.”
“Businesses don’t need to give up any ny information that they don’t want to when creating a page,” added Bischoff. “And they only need to give up financial information if they want to run ads or boost posts.”
A bigger privacy concern is Facebook Messenger.
“If you use Messenger to communicate with customers, Facebook can access those messages,” Bischoff pointed out. Facebook has said that chats sent through Messenger aren’t used for advertising, but elsewhere it’s made clear that these communications aren’t private: “As with other parts of Facebook, we collect information from Messenger primarily to provide the service, improve the product experience, and keep people safe and secure.”
Then there’s the small matter of giving Facebook a non-exclusive, transferable, sub-licensable, royaltyfree worldwide licence to publish
your content. This isn’t as dramatic as it may sound: Howells pointed out to us that the licence only applies until you remove your content. “However, removed content may still be stored in Facebook’s backup files, and this could be a deal-breaker for some businesses,” she said.
According to Camilla Winlo, director of consultancy at data protection and privacy specialists DQM GRC, privacy issues can often arise from a lack of understanding of the relevant data-protection guidelines. The ICO’s guidance on direct marketing advises businesses to collect individual contact preferences for email, SMS, post and telephone marketing, but doesn’t explicitly specify social media as a channel. Consequently, warned Wilco, “many businesses don’t collect social media preferences, and assume they are covered by consent to marketing by email or SMS, or not necessary at all”. The ICO has issued separate guidance on social media marketing but Wilco says that, in her experience, many marketers are not aware of it and don’t comply with it.
Another question to consider is what information you might be unwittingly giving away in the course of operating your Facebook page.
One potential source of data leaks is Facebook’s Business Manager tool (recently re-branded as Business Suite). As Steven Jupp explained,
“the Business Suite allows a company to ‘bind’ its CRM, WhatsApp and Instagram accounts to its page”. The benefits of this are obvious, but “Facebook can see the conversations and the data stream between the page and the connected apps – and an attacker could too, as this continues with any apps that the page may bind to, or that a company may develop itself on the Facebook platform.”
Nor is it easy to audit exactly what information Facebook is holding that could be relevant to your business, as it accumulates data in two different ways. “First, they collect data in an explicit and obvious manner,” said Winlo. “For example, I might add my phone number in the relevant field in my personal profile. But secondly, they can collect data in a less obvious way. For example, a business might upload my email address and my phone number to Facebook so they can advertise to me.”
While Facebook has improved its transparency over the years, Winlo said it’s still “very difficult to truly understand what information it collects and processes, and what the risks associated with that might be”.
The situation gets even more complicated when staff connect their personal accounts to the business. “Staff cannot be required to connect their personal accounts, but they may choose to, in order to help customers to identify and connect with or locate them,” said Winlo. “This may enable Facebook to draw conclusion s about the business, based on what it knows about the staff.”
Bischoff advised caution when it comes to tagging employees or customers in posts or photos, so as not to expose them to unnecessary attention. “Be sure to ask employees before tagging them,” Bischoff said.
The more the merrier
According to Paul Ducklin, principal research scientist at Sophos, for most firms with a presence on Facebook the biggest risk arises from giving too much access to too many people. “If you aren’t careful, you’ll end up with literally dozens of people, at all levels of responsibility and experience in the company, wired up to your company account 24 hours a day,” Ducklin said.