In November 2022, retailer Balenciaga launched an ad showing children holding teddy bears that appeared to be wearing what looked like bondage gear. This enraged social media users. As a result, Balenciaga lost 100,000 Instagram followers and saw a decline in sales.Initially, Balenciaga denied responsibility and even levied a lawsuit against its production company, but that didnt quell the backlash. So, the company changed course by issuing an apology and announcing that it would use new content validation techniques to prevent an incident like this from occurring again.Balenciagais one of many companies that have faced a brand crisis in social media. Companies including Kelloggs, Delta Airlines, United Airlines, Dove, and KFC have all faced such crises.When brand-damaging incidents on social media occur, those who deal with them include executive management, marketing, and even the board. But since social media is an online technology, does that mean IT has a role to play as well?The answer is unclear in many companies. Often, IT isnt part of the frontline response group, but that doesnt mean that your IT team shouldnt be involved.How IT Should Get InvolvedMitigating a social media brand attack falls under the category of disaster recovery, which means that there should be a step-by-step sequence of responsive actions that are documented in a DR plan. In addition, there is the question of risk management and avoidance. If a risk policy is defined and documented, preemptive steps can be taken that reduce the chances of a brand attack being levied.Related:IT has a role in both scenarios.Risk ManagementVetting Software and vendor.When marketing launches e-commerce and informational websites, it also enlists outside firms to monitor Internet activity concerning the company's online assets, and to report on any unusual or potentially damaging online activities. The goal is to preempt incidents like brand damage, and the monitoring software does this by listening for potentially damaging posts and then reporting them.HR departments also use third-party software for internet monitoring. They use it to check the social media activities and posts of potential job hires and employees.In both cases, IT can help in vetting the vendors of these services before marketing or HR enters into contractual agreements. This can be a value-add because technology vendor vetting is not a well-developed practice in either marketing or HR, and it is possible that they may contract with vendors that cannot meet their goals, or that fall short of corporate security, privacy and governance requirements.Related:Validate Content. As a best practice, IT can encourage marketing to secure content validation software that can vet internally developed messaging before the company publishes it online.Employee message monitoring. The monitoring and surveillance of employee messaging and internet activities while employees are at work is a common and accepted corporate practice today. This right to monitor employee communication and internet activity extends to remote employees who are not in a corporate office.Should there be IT involvement in this seemingly personnel-focused matter? Yes, because in many cases, it is IT that is called upon to select and administer the communications monitoring software and to issue monthly activity reports to user departments and management. Even if IT doesnt do this, its still in ITs best interest to stay involved. Thatsbecause of ITs significant role in corporate governance, and the necessity of weighing policy against employees personal privacy rights.In more than one case, it was IT that first asked the question of whether employees had been informed upfront that their communications and internet activities would be monitored by the company, and if there was a written policy to that effect that employees were required to acknowledge and sign as a condition of employment.Related:Attack Response and MitigationSecurity breaches. Its possible for a bad actor to pass malware into an e-commerce website through a message to the site. Or they could post a fake website of the company that fraudulently resembles the real one.In both cases, IT should be involved with the security and monitoring of corporate online assets to ensure that the assets are free from cyberattacks and fakes. If unusual activities are detected from IT monitoring and management software, they should be promptly reported to management, marketing and other important stakeholders.If a security breach occurs, the DR response should be swift. Threat mitigation and elimination procedures should be written into the corporate DR plan.Failover. When corporate e-commerce sites are taken over, or they are being pummeled by cyberattacks that are disabling the sites functions, a failover plan to an alternate e-commerce site should be executed. It should work in the same way that a physical retail store fails over to a generator when local power service fails.In this way, a smooth failover allows the e-commerce site to keep working, and it reduces the number of social media posts that complain about the company, the site or the brand. Failover is an IT operation, and IT should take the lead by crafting the technical processes of the failover, testing them, and making sure that they work.SummarySocial media crisis management is everybodys business, but all too often, IT gets overlooked. Yet, because social media is an online activity that involves technology, it is almost guaranteed that IT will be called upon to get involved when a brand attack occurs. Consequently, its in CIOs best interests to stay ahead of the issue by assuming an active role in brand protection and defense.Brand protection is more than protection and acts as a source of sustainable competitive advantage, according to De La Rue, a banknote printing firm.It is a multifaceted approach that requires ongoing diligence and adaptability in the face of evolving threats.