As Social Media Manager for your client, you hold the “keys to the kingdom”, at least in terms of their online reputation and social messaging. Those keys are very important – how do you protect them? That’s what we are going to talk about.
First of all, let’s make it clear that the security we are talking about here concerns risks to a business reputation and marketing efforts, specifically with regards to controlling and safeguarding access to their social media accounts. Discussion of risk in the social media realm often centers around personal use and related privacy issues; while those are legitimate issues for private users, our primary concern is for business use.
Similarly, we are not covering curation or moderation of content. While this is also relevant to the client’s online reputation, that is a question of content management and is more related to the client’s social media, marketing, and branding strategy than it is to security.
The following are time-tested Social Media Security Best Practices. While the applicability of individual points may vary a bit depending on the size of the organization and scope of social media activities, the following checklist is a comprehensive starting point that will ensure a secure online presence.
- If not already done, inventory all social media accounts.
- The results should be harmonized with the online strategy, e.g. eliminate duplicates, add accounts where needed, focus your efforts where they will be most effective, etc.
- Centralize account control and responsibility for maintaining social media accounts under the Social Media Manager.
- Define roles and responsibilities for the Social Media Manager – what can they do and where does the client retain control?
- Establish codes of conduct and acceptable use policies for all social media content contributors. For example, is political commentary allowed? It can be relevant, as some account attacks are politically motivated.
- Provide education and training on the above for all content contributors and community managers (a role sometimes defined in larger organizations with multiple contributors, often filled by the Social Media Manager).
- All social media accounts should be in a business name, registered via a business email (on the business domain), and not a personal account (private name, private email, etc.).
- Have a backup person named and given access to the account, if possible.
- For social media that distinguish between business and private account types, make sure to use the business account (e.g. Facebook business page instead of a personal profile).
- There should be an access termination and/or turnover plan for changes in personnel, both voluntary and involuntary.
- Carefully control passwords!
- Have a unique password for each social media account.
- Use strong passwords (follow the usual guidelines, or better yet, use strong, unique passwords generated by password management tools).
- Use a password management system.
- In a corporate setting, maintain and control SM passwords using the same procedures and systems as with other important credentials (many larger businesses use a centralized credential control system, which automates many of the features above).
- In a smaller business, use something like LastPass or similar.
- Consider using 2 Factor Authentication (2FA) where possible (e.g. Facebook, Twitter and LinkedIn offer 2FA).
- Consider using an account aggregator.
- Third party platforms are available that can create secure logins to manage multiple social media accounts, their users, and the publishing of content (e.g. Hootsuite, buffer, Sprout Social). This can provide a single sign on capability for centralized management of accounts. Of course, a single sign on is a single point of entry to all accounts if those credentials are not properly protected!
- Review account settings (such as privacy/sharing) and match them to your objective. Even though this mostly affects privacy, they can also have security implications (e.g. do you accept invitations from 3rd party applications?).
- Keep up with changes to options and settings as they evolve.
Third party extensions
- Be careful about installing 3rd party extensions on browsers and / or using mobile applications that link with social media accounts. Vet them thoroughly before using them, making sure to understand all access privileges they require and their reputation in the community.
- Monitor social accounts regularly so you know quickly if there is a problem.
- Anticipate likely scenarios and have a response plan.
- When a problem does arise, respond quickly.
If you follow the above best practices, you can sleep well nights knowing that the accounts under your control are secure, allowing you to focus on the content and messaging. Being a social media professional means never having to say you’re sorry for a hacked account!
About the author: Randy Earl is a Senior Business Analyst at AtlanticBT and enjoys helping clients leverage technology to enhance their business. Feel free to connect with Randy on LinedIn: https://www.linkedin.com/in/randyearl.