Participating in social media is a necessity for businesses of all sizes -- and so is making sure your practices meet ethical and regulatory standards.

Whether you are a small medical company dealing with private data, or a small financial company having to navigate the regulatory rules surrounding social media, there’s no way around it: interacting via social networks is getting increasingly complex.

“People are sharing private information like email addresses, phone numbers and sometimes even account numbers,” says Ray Kruck, co-founder and chief commercial officer at Nexgate, the data management company. “There is a need for compliance for any size business.”

For non-financial small businesses there may not be a universal guide on compliance guidelines for social media, but if the company wants to interact, maintain and find new customers via the Internet, they better have standards in place.

According to Kruck, the first thing a small business needs to do is put a process in place to monitor content, flag any inappropriate conversations and react to it in a timely manner. After all, you don’t want to find out that a customer has numerous emails, tweets, or Facebook comments about a faulty product two weeks later.

“You want the community managers running your Facebook page or a customer service rep to be able to quickly respond to questions,” says Kruck, noting there is technology available that will catch any inappropriate content in real time as soon as it lands on the company’s Facebook page or Twitter account.

In addition to quickly learning when the social media conversation goes bad, experts say small businesses need a notification system in place for security breaches and hack attacks. Twitter, for one, has been in the news lately due to a series of high profile compromises, which underscores the need to protect a business’ social media accounts. According to Kruck, small businesses need to commit to changing passwords frequently and creating ones that are hard to breach. Yes, it’s annoying to constantly remember a password that not only has numbers and letters but also special characters, but creating complex ones will provide an extra layer of security.

Kruck says companies should also have technology in place that monitors social media accounts and can quickly identify any abnormal behavior. For instance, if someone changes the title of the account it could be a sign that an unauthorized user has been tampering with it.

“Having visibility is very important because social media is very dynamic and very viral,” says Kruck. “Once you engage on social, things can go wrong very quickly.”

Small financial firms face more structured compliance pressures, given the guidelines put forth by the Financial Industry Regulatory Authority (FINRA).  Regardless of if the business is a three-man shop or 100 strong, the company must follow the guidelines or face fines. Basically FINRA requests financial firms file any material conversations about a stock or investment that was conducted over the Internet. But it doesn’t require the business to file conversations or tweets when there’s a general mention of a fund or family of funds, statements that aren’t related to the performance of the fund and/or a response to questions on social media that doesn’t include information about the investment performance.

“Small financial service firms are facing the same regulatory pressure as large ones in terms of how the brand engages and shares information over the social media channel,” says Kruck. 

While a small business can stay on top of the regular bulletins FINRA puts out about social media compliance, there is technology available that will do it for you. The technology can also create proof and an audit trail for if and when the company is ever in the crossfire of regulators.

“Regulatory auditors in many cases are looking for evidence of best practices,” says Kruck. “Most of the time they will cut first offenders some slack if they can prove they have polices and procedures to monitor this data.”