Protecting company reputation from employee risk.

In today’s transparent and immediate online world, there are a huge amount of channels for a company to consider and manage when trying to protect its reputation. With 70% of consumers surveyed for a Weber Shandwick report stating that they would avoid buying a product if they don’t like the company behind it; a company’s reputation is more important than ever to its bottom-line and ultimately, its future success.

A number of factors can contribute to a company’s reputation online such as; online reviews, online search results, news sources, the company’s website and much more. Some factors can be controlled and managed, but some risks to reputation are much harder to mitigate.

In Deloitte’s 2014 global survey on reputation risk, it was revealed that over half of the high-level executives surveyed believed that their biggest risk to company reputation came from its internal staff.

Weber Shandwick’s CEO Reputation report revealed that for a company to be highly regarded, CEOs must have a visible public profile and that the CEO’s reputation directly impacts on the company’s reputation. To a lesser extent, this is true for other senior staff members of a company’s management team. This means that if there is some kind of scandal involving a senior member of staff in a high-profile brand, generally, the news goes public and can have a big effect on the reputation of that company.

Mostly, these crises are hard to foresee and they often only affect the very high-profile brands that are in the public eye, but there are a number of other issues with employees that can affect a business’ reputation and those risks are much easier to minimise and control.

A company’s staff can be its biggest and most influential brand ambassadors. There’s a huge amount of transparency nowadays with how a company treats its employees and plenty of channels and platforms for employees to let off steam, so it’s essential that companies have processes in place to manage this.

For example, let’s look at the struggle Amazon is now facing following The New York Times article in August 2015 about how it treats its employees. The article detailed situations where employees were crying at their desks, with some being treated cruelly following family tragedies.


It received over 5,800 comments in the first week of the article going live, the most  comments a New York Times article has ever received. The publicity the story sparked led to a lot more press stories on other influential news websites, meaning the first page of Google’s search results for Amazon is now tarnished with negative press links. Not only this, but Amazon’s reputation as a good employer has no doubt been shattered in the short term, only time will tell how this impacts on the company long term.

This guide sets out the practical steps that employers can take to help minimise the risk to company reputation posed from its employees, and how to deal with any threats when they might arise.

Online security

The first and easiest step to take to protecting your company reputation from employee risk online is making sure you have security procedures and processes in place to protect sensitive information and ensure your employees aren’t putting your data at risk.


Firstly, identify what your sensitive information is – what data would pose a risk to your business should it fall into the wrong hands? This is usually financial information, server access information, client and costing lists and HR files.

Secondly, work out who actually needs access to this information – try to make it as few people as possible. Use a well-known password management system which stores passwords in the cloud, such as LastPass, this system will encourage you to update passwords frequently and create strong passwords which can’t be guessed, plus, you can share passwords with only those who need them.

A system like this will help you keep track of exactly who has access to what.


Work it into your HR processes to ensure all passwords are changed once an employee has left, regardless of what they had access to or how junior or senior they are. With a cloud-based password system, it’s really quick and simple to change the passwords and share them back to who needs access to them.

Lastly, make sure that you have all passwords for employees computers / laptops and their work email accounts, it’s important that the company can access anyone’s account should they need to.

Perhaps the most well-known case study of not following best practice for password access is the incident with HMV and one of its employees live tweeting the layoff of 60 employees.

Forbes reported in 2013 that whilst HMV was letting go of 60 employees (of 190 let go overall) at once; Community Manager, Poppy Rose, live tweeted the whole event to HMV’s 62k followers.

HMV Twitter Sacking

Within one day, HMV’s Twitter following had risen to 73k followers – but for the wrong reasons! Had HMV realised that Poppy Rose had access to their Twitter account before they made her redundant, they would have changed the password and avoided the whole incident being played to the world online – and the subsequent negative press that followed.


With so much sensitive information on your network, it’s important to make sure that no one can access it externally – take measures to implement the below and safeguard your private information:

  • Use a firewall: A firewall can prevent hackers accessing your staff computers.
  • Run antivirus software: Viruses can make their way onto computers through emails, downloads, CDs and more, an antivirus software will protect against this.
  • Set up a wireless security key: A wireless security key will ensure that no one outside of your network can access your wireless connection, and potentially your files. Use the password tips above to ensure the password for this is changed regularly.
  • Set up a VPN: A VPN not only means that employees can access their work files remotely (such as at home or at an external meeting) but it protects the company’s files by encrypting internet traffic, so if an employee is using a public or untrusted WiFi (any WiFi other than your company’s) it means no one else on that WiFi can see their files.


Invest in an anti-spam software for your company email accounts to block spam, identify viruses and protect your intellectual property.

Give a training session to your staff on how they can keep safe online and how to safeguard company data, this could cover:

  • How to spot spam emails: If spam emails do get through, let your staff know what to look out for to spot them and inform them that they should never click on unknown links.
  • Archived emails: Archived emails can pose a threat as there’s potentially a lot of private information stored in them, teach staff to regularly clear their inbox and let them know what information should and should not be shared over email, especially when emailing externally.
  • Monitoring emails: It’s not essential to monitor employees emails, but if you are, you have to let employees know that they’re being monitored and why. Data protection law sets out the circumstances and the way in which monitoring should be carried out, so ensure you follow these guidelines to avoid illegally monitoring.

Social media

In the past 8-10 years, the influence and growth of social media has created a HR dilemma for companies and a divide in approach as to what’s acceptable and what’s not.

Generally, the more informal and relaxed a company is, the less likely it is they will have a stringent social media policy in place which is enforced. Whilst this will undoubtedly be welcomed by employees and contributes to a relaxed culture, it can open a company up to risk.

On the other end of the scale, some companies set strict guidelines on what employees can and cannot post on social media. Due to the very nature of social media as a platform for free speech – sometimes, this doesn’t go down well with employees.

The key is striking the balance between the two – setting enough rules to protect your company’s reputation and indeed, protecting your other employees, but not too many that the culture and morale of your team is compromised.

The social media threat

There has been a number of well-publicised cases of the risk posed by employees on social media. In September 2015, 27-year-old Barrister Charlotte Proudman tweeted a LinkedIn message exchange between herself and 57-year-old solicitor, Alexander Carter-Silk, in which he commented on how she looked in her profile picture.

Alexander Carter-Silk LinkedIn Message

Both parties came under fire in the press – married father-of-two Alexander Carter-Silk for sending the message in the first place; and Charlotte Proudman for choosing to publically shame him.

That the message was sent on LinkedIn – a professional and business-related social media platform – was a silly mistake by Carter-Silk. On LinkedIn, he is an ambassador of his company, the very nature of the networking site is to develop professional contacts and market yourself for career purposes.

Subsequently, his firm – Brown Rudnick – had to issue an apology statement. To have risked his own and company’s reputation like this was indeed a mistake and demonstrates the importance of educating your staff – senior as well as junior – on the pitfalls of social media and what each platform should be used for.

For Charlotte Proudman, her decision to publicly ‘out’ Carter-Silk on Twitter has hugely affected her professional reputation – with some law firms even publicly stating that they would never employ her. Had she thought twice about the impact one single tweet could have on her personal and professional life, she might not have posted it.

A company social media policy

Regardless of whether you trust all of your employees to use their common sense and own judgement on what is wrong or right to post online, you shouldn’t take the chance. By creating a social media policy for the company, you are minimising the risk of an employee threatening your company’s reputation.

And it’s not just setting the rules – it’s ensuring that they are well circulated, that the employees understand them and that you are in a position to monitor and enforce action if the rules are breached.

It’s important to remember that social media profiles are owned by the person, not the company, they are personal profiles that employees have set up in their own time. So, whilst you can set guidelines in place for what they say about the company and how they interact with other employees and any connections they’ve made through the company (clients, suppliers etc.); it’s important not to go overboard and infringe on their personal lives.

It’s not just employees posting about the company either – if they’re posting offensive messages online for all to see and they’re associated with your company (your company name might be in their profile, perhaps) then they are putting your company at risk.

Consider your stance on some of the following when putting together your guidelines:

  • Speaking about the company indirectly: Even if an employee doesn’t name your company in a social media post, would you be happy if they spoke about you in a negative way indirectly? For example, using the hashtag – #ihatemyjob – this could affect morale if they’re friends with other colleagues, and could even get picked up by the press if your company is high profile. Let employees know in the guidelines that it’s unacceptable to talk about the company in a negative way like this – even indirectly.
  • Speaking about clients or customers: In July 2012, two care home workers were suspended for posting a picture on Facebook in which they mocked patients. The picture caught attention on Facebook and gathered momentum, before being passed to a local newspaper, which led to the police, social services and the Care Quality Commission getting involved. The care home came under review and had to release statements to the press and relatives of its patients; demonstrating the impact of one tasteless and ill-judged photo posted on Facebook. Let your employees know that under no circumstances should they be posting offensive or negative information about clients or customers.
  • Posting offensive content: In 2013, former IAC Communications Director, Justine Sacco, was sacked after posting a tweet which said “Going to Africa. Hope I don’t get AIDS. Just kidding. I’m white!” Sacco posted the tweet before boarding a plane to South Africa. By the time she had landed, the tweet had gone viral on Twitter and been picked up by Buzzfeed. With her job title and company on her Twitter profile, the company’s name was soon everywhere in relation to this story – potentially putting the company’s reputation at risk. A social media policy should cover what content would be classed as offensive and potentially damaging to the company.

Justine Sacco Offensive Tweet

  • Posting private company information: A top salesman at Lacoste was fired in 2013 for posting a picture of his pay check on Instagram. Without really thinking twice before posting the picture, the ex-employee claimed that he was just trying to demonstrate the high cost of living in New York, only to be told when he got to work that he was being fired for infringing the company’s confidentiality agreement. This demonstrates the importance of educating your staff on what data is private and should not be shared and what the consequences will be if they do.

The policy can be as formal or informal as you like, fitting with your company culture but it must be clear on what is and isn’t acceptable and what the consequences of not following it are, it’s a good idea to give examples on each point to demonstrate exactly what it means.

The policy should also include what employees should do if they spot a potential issue and who they should escalate it to. By having a crisis plan in place, you can jump on a threat as quickly as possible.

Enforcing a social media policy

Of course, it’s not feasible to monitor every single employee’s online post, but what you can do is set up alerts for your company name so that you’re alerted whenever your company is mentioned online.

By educating employees on the social media policy, they’ll be aware that they should escalate another employee’s online activity if it’s deemed to be unacceptable.

Don’t create a social media policy and never do anything else with it, make sure it’s updated regularly and circulated each time and that every new employee receives training on it.

It’s also important that if this is implemented, you have the resource and processes in place to monitor and act on any breach. Not only is it bad for morale if one violation is dealt with and the member of staff disciplined, when another issue has gone under the radar; but it’s also putting your company at risk if defamatory content goes unnoticed; you might not pick up on it but someone else might.

It’s important not to overdo the monitoring, too – don’t spend hours scouring your employees’ tweets and don’t panic over small issues.

Here are our tips for monitoring:

  • Alerts: Set up Google Alerts for mentions of your company name online.
  • Twitter list: Create a list in Twitter of the company’s employees, that way it’s quick to go through and spot-check from time to time.
  • Not everything’s an issue: Don’t stress over small issues – if an employee has posted a negative Facebook post about the company or their job, remember that individual Facebook posts don’t rank so they’re unlikely to be seen by the masses, simply take the employee to one side and sort out whatever issue they’re having and ask them to delete the post.
  • Focus on tweets: On the other hand, individual tweets do rank – so it’s a good idea to keep an eye on tweets, but if you do see something negative and the person only has 20 or so followers, it’s unlikely that the issue will escalate and be seen by many people.
  • Prioritise: You can’t monitor everything! Not every negative post will be an issue, only pick up on the ones that genuinely pose a risk to your company’s reputation.

Company culture

In a Weber Shandwick report, 45% of consumers said that how a company treats its employees was a topic they most discussed about a company online. These findings demonstrate the relationship between internal and external reputation, and the transparency of a company’s internal processes.

The good news is, to an extent you can control how your staff feel about you, making them your biggest brand ambassadors.

The culture of a company is all down to your staff; it comes from their attitude to work and to others and their feelings towards the company as much as it does from the skills they bring with them. Often, you might employ a candidate based on how well their personality fits with the rest of the team – which in time shapes a particular culture amongst staff.

Their work attitude and feelings towards your company are in most part down to how they’re treated by the company and the job itself.

How to shape company culture

As with your customers; if you keep them satisfied and provide a good service, they’ll have little to complain about.

Company culture ties into every area of your business; take steps to ensure that your employees are happy in their role. Here are a few things you can put in place to improve company culture and reduce the risk of negative employee content online:

  • Reviews: Make sure that every employee has a regular scheduled review, this gives the opportunity for the employees to air any concerns or grievances they might have and gives you a chance to rectify them. By giving employees an outlet, you’re minimising the risk of them searching for another outlet to air their opinions online. Bad comments on forums and social media start offline; so take steps to deal with them at this stage. Be fair and honest with employees if they are doing something wrong, don’t ignore or sidestep the issue.
  • Internal processes: Don’t overload your staff – put processes in place to ensure that there are no issues with resourcing and that certain people aren’t being lumbered with more work than others. One of the main reasons for job dissatisfaction is having too much work to do, it can lead to stress and other illnesses which will lower staff morale and actually reduce company efficiency.
  • Benefits: You don’t have to be treating your staff like royalty to create a positive morale, but equally you should provide a few extras to improve morale and ultimately, efficiency, as well as providing a good hook for recruitment. Just a few things, such as free tea and coffee and scheduled staff socials will help to make your staff feel well looked after.
  • HR processes: Even if your company is too small to have a dedicated HR specialist or department, make sure that your employees know what steps they can take if they have a HR issue. Have disciplinary and grievance procedures in place, so that employees are clear who they need to go to and that support is in place should they have an issue; as well as knowing what is expected of them.
  • Equality: Nothing impacts on morale more than seeing a colleague being treated differently to you. Treat all employees completely equally – it’s ok to have a relaxed and informal environment, but don’t let one person work from home if you wouldn’t let someone else.

Outside of work

There’ll be times where staff will meet outside of work but for work purposes. For example, entertaining clients, attending an awards ceremony for the company, or even staff socials. During these times, sometimes the lines are blurred between what’s acceptable behaviour and what’s not.

Some people might think they can act more relaxed and informal around other members of staff and their superiors and if there’s alcohol involved, any behaviour is only amplified.

It’s advisable to set guidelines in place for these kinds of situations which instruct employees how they’re expected to behave and the consequences of what might happen if they don’t follow them.

For example, you might want to ask that employees don’t drink alcohol when they’re entertaining clients. If the employee is representing the company in that situation, then they must act responsibly and by the guidelines set by the company.

By setting guidelines and making sure all employees have read and understand them; you’re avoiding a situation whereby an employee could offend someone or misrepresent the company. If you don’t set the limits, employees don’t know where they are.

Similarly, any policy, guidelines or training needs to make it clear that actions outside of work will be treated seriously if they affect work. For example, there have been many occasions where an employee has been caught out by a photograph or ‘tag’ on Facebook doing something inconsistent with their excuse to be absent from work; or even found to be running their own business using their employer’s mobile phone or equipment.

HR issues

Situations will arise in nearly all companies which if handled incorrectly, could put your company’s reputation at risk. Planning ahead can help to mitigate or avoid issues.

Employees leaving

It’s important to ensure that your company handles the situation in the right way if an employee give notice or if they’re dismissed or made redundant. Fairness and compassion, as well as offering reasonable termination payments and help seeking new employment all go a long way towards employees still thinking well of you, even if they have been dismissed.

It’s inevitable that some people will leave your organisation so it’s really important that employers don’t show any bitterness or treat the employee any differently during their notice period. You have more to lose as a company if you exchange bad words and the ex-employee then goes on to bad-mouth you online as well as offline.

Letting people go, whether it’s a dismissal or making them redundant is never easy. Not only do you need to follow the right process to ensure legal fairness, but you also have to be ‘human’ with your staff and treat them as individuals that you care about. This is particularly key in a redundancy situation; it’s important to think about the effect on those leaving as it is on those that remain employed. There will inevitably be friendships broken that remain active on social media so it’s important to take all reasonable steps to ensure they’re positive.

Whatever the situation, make sure that there is a clear procedure in place that all employees are aware of, and follow it. Company morale will suffer if employees feel like procedure hasn’t been followed and employees have been unfairly treated.

As soon as you can after the employee has left, make sure you communicate to the rest of the team what has happened and the reasons why. Again, company morale will suffer if they feel like something secretive and underhand has gone on that they’re not aware of.  Make it clear what messages are being circulated to other relevant parties, such as clients and customers.


Have you thought about advertising or screening potential new recruits on Facebook, LinkedIn or other social media sites?

This can be a great way to attract and vet staff, however, it can lead to accusations of discrimination if you only attract candidates who are like the people you currently employ. Similarly, if you make judgements based on the online profiles of some, but not all candidates, this can also be unfair. Discrimination based on age is clear to see as it’s likely that younger recruits have an online profile, albeit that it may not make them attractive prospects as serious reliable employees.

Employers could face an employment tribunal if they base a decision not to interview or offer a job to someone based on a judgement they made through looking at the candidate’s social media profile and then discriminating against them because of a characteristic judged from their profile.

Time wasting

Ultimately, an employee who is spending time at work that is not for the benefit of the employer is wasting time. As they’re getting paid for this time, it could be considered to be time theft.

Clear guidance about when social media and the internet can be used and for what purposes, helps to minimise misunderstanding and conflict at work. It is then clear if staff have breached the policies and disciplinary action can be taken.


If there is bad feeling when someone has left, there’s the danger that they vent their frustrations and opinions online; this can then affect the quality of candidates that will apply for vacant posts in the business. Review sites and forums are popping up that publish a lot of negative content about employers which are difficult for them to challenge or remove.

Glassdoor is a review website for employees to review their current or former employers. Naturally, as with most review sites, many reviews are negative as people are using it to vent their frustrations. Online users visit the site to research potential employers – so it can affect a company’s online reputation and the quality of candidates it receives. With it being a high-ranking website, companies are struggling with what to do about negative content about their company.

What to do about negative reviews:

  • Take the issue offline: Rather than getting into a heated discussion back and forth online (which will only highlight the negative review further) contact the disgruntled employee directly and try to resolve whatever issue they’re upset about. If you do resolve the issue, you can always set up a free account with Glassdoor and just leave a simple “I’m glad we’ve now resolved this issue” comment to show other users you’ve dealt with the complaint.
  • Respond to all reviews: A brief, polite response to each review about your company will show that you care what employees think of your company and that you’re keen to try and resolve an issue wherever there is one.
  • Report defamatory reviews: Most legitimate review sites have a process for users to report content if it’s defamatory about a person or company.
  • Encourage positive reviews: You can gently ask your current employees to leave a Glassdoor review if you’re confident that it’ll be positive. This will help to work against the negative review(s).

Protecting company reputation from employee risk – conclusion

In summary, it’s essential for companies to have clear, well-communicated and enforced policies in place that unmistakeably set out what’s acceptable behaviour and what isn’t, and what the consequences of not following company policy might be. By covering all bases of employee risk, you’re minimising the chances of your company reputation being brought into disrepute.

Don’t overreact – this isn’t about spending hours trawling through your employee’s social media accounts, it’s about knowing how to spot a potential threat and dealing with it. Ask yourself what real damage the issue could do to your company, and decide whether it’s worth action or not. In most cases, it’s worth just reiterating company policy to the employee in question and sorting out whatever issues they might be having.

Remember that all online issues start offline – so in most cases, there are fixes to be made internally which can avoid online issues occurring.

Take a look at some of the helpful links below for further reading and help if you’re looking to deal with a potential reputation risk.

Helpful links:

Previous Article Sky News interviews Igniyte on Volkswagen scandal impact October 1, 2015 Next Article City AM covers Igniyte's office Christmas party etiquette research November 30, 2015