Back to Blog

Five Keys to Managing Risk Within Electronic Communications


In today’s business environment where consumer trust means everything to a company’s success, it’s not enough for your organization to manage risk after the fact. You must spot it as soon it happens to prevent it from spiraling out of control and damaging your brand.

While some companies now actively measure and try to manage risk, many still lack best practices and technology solutions to deal with potentially damaging electronic communications shared with colleagues, clients, prospects, business partners, and more.

As new communication technologies are launched and preferences are built for applications and tools like text messaging that foster quick and easy conversations, businesses struggle to keep on top of approved business practices with employee communications. Today, the many complexities surrounding smart phones and text communications for business present an enormous challenge for organizations.

These can only be solved with clear policies and a technology foundation that allows for capture and supervision. Supervising your company’s electronic communications data can help you realize more effective risk detection, mitigation, and management in the long run.

In fact, if you follow the five principles below, you can dramatically decrease the number of times your company faces serious risks resulting from the ungoverned use of electronic communications.

For electronic communications, it’s best to have the following in place:

1. A Sound Data Governance Framework

A key marker of a company that manages risk well is one that has a smart data-governance foundation in place, including control over electronic communications data.

A governance structure addresses the objectives, guiding principles, and action plans that demonstrate how your company will manage risk. It also identifies the key decision-makers within the organization who will meet regularly to discuss risk-related challenges and carry out action steps. A governance framework should state who supervises and manages electronic communications risk for regulatory, legal, and marketing purposes. It should also address the following questions:

  • Who are the key decision-makers in your organization regarding response to potential problems found in your company’s email, social media, text messages, and website?
  • Does your company have working groups or committees that can address ongoing areas of concern in electronic communications?
  • Which behaviors and statements require escalation to key decision makers? How quickly should issues be escalated?
  • When you identify an area of risk, are your key decision-makers aware of the causes of the problem? How are those causes addressed in the long term?
  • Is there a system to help continually improve risk identification and escalation in different communications channels, including social media and text messaging?

2. A Culture of Risk Awareness and Compliance

While your company likely has key decision-makers who are responsible for risk management, your governance structure should allow other employees to speak up when they notice unusual, worrisome, or unexpected activities and events related to your business. Everyone is on the front line of risk prevention in the digital age.

This type of culture is influenced strongly by decision-makers, including the CEO and Chief Risk Officer (CRO). Senior decision-makers who spend time educating their legal, compliance, HR, marketing, and other departments about risk will positively affect this process.

Companies that handle governance and supervision of electronic communications well don’t view supervision as obligation where they need to check the box to stay out of trouble. Instead, they see an opportunity to foster better business insights and decision-making. The rule of thumb is: Use every opportunity available to obtain value from key data, to evaluate business risks and opportunities.

3. A Constant Drive for Efficiency

Risk departments and CROs face the task of performing effective risk management with limited resources and staff. A constantly changing regulatory, technology, and business environment makes these restrictions seem especially challenging.

Companies that handle uncertainty in stride tend to manage their risk, regulatory, and legal requirements effectively over the long term. If the risk department has a tight budget, collaboration and sharing of risk-detection resources with other departments can be a big help. For instance, the compliance team might extend the archiving platform it uses for regulatory purposes to the legal team, for use with early case assessment or eDiscovery in the event of an investigation or litigation.

For your light reading list: The Chief Risk Officer and the Dreadful, Horrid, Inefficient Very Bad Day.

4. Innovative Technology that Supports Risk Detection

While a risk department may use various technology tools to analyze data for risk detection, much of the root cause of operational, financial, compliance, and legal risk starts with people. Whether an individual or group takes malicious or unintentional action that results in risk to the company, the trail of error is often found in communications shared via email, social media, text messaging, instant messaging, corporate website content, and so on.

Many companies now look to comprehensive archiving and monitoring of their employees’ electronic communications to spot risk and mitigate it before it becomes a big problem. Since your compliance department may already have a requirement to retain and supervise electronic communications, it makes sense to broaden the use of archiving and monitoring for other business requirements such as developing use policies, staff training and support of legal and HR litigation.

5. A Commitment to Constant Improvement

The final key element is a commitment to undergo continual analysis of systems and processes. This is a long-term undertaking, but it’s one that’s vital to long-term improvement and success. Evaluate your answers to the following questions on a regular basis:

  • Where has your company fallen short of its goals for risk management?
  • How many high-profile risk problems or crises has your company encountered within the past year? In the past six months? Where and when do they occur?
  • When risk affects the business, how quickly does the company react? Was the response quick, or not quick enough? Was the action plan well thought out? Do you have systems and technology in place to effectively handle risk?

With these key principles in place, your company will be on the path to managing risk.

For more information about how a comprehensive archiving platform can help your company manage risk, visit our content security and risk mitigation section online.



Smarsh® delivers a comprehensive and integrated suite of information archiving applications and services that help companies protect themselves and manage risk. Its centralized platform provides a unified compliance and e-discovery workflow across the entire range of digital communications, including email, social media, websites, instant messaging, mobile text messaging and voice.

Founded in 2001, Smarsh helps more than 20,000 organizations meet regulatory compliance, e-discovery and record retention requirements. The company is headquartered in Portland, Oregon, with offices in New York City, Boston, Raleigh, N.C. and London.

For more information, visit, follow @SmarshInc on Twitter or like Smarsh on Facebook at