While social media can work really well for marketing your small business, and is great for communicating with customers, it can also create unwanted security issues.
Someone with access to your accounts can post anything they choose. This could be very damaging to your reputation, and could potentially reveal confidential business information or sensitive customer information to the world.
Sometimes social media crises happen by accident, or because policies and procedures are missing (or misunderstood), but disgruntled staff, ex-employees or external attackers can cause you significant problems.
Tips and tasks for social media security
Your social media accounts can be important assets for your business, and should be protected.
1. Control access to your accounts
Who has the ability to publish posts on your social media accounts? If you haven’t changed the passwords after your social media manager left, then they could still log in and publish something inappropriate.
- Ensure that passwords are changed regularly, and whenever people with access leave your organisation.
- Minimise the number of people with publishing rights to the accounts. Although you could ask multiple people to create content for publication, whether this is imagery, text or video, not everyone needs to be able to publish it.
- And a related question: if your social media manager left, would you still be able to access your social media accounts? Make sure you don’t get locked out of your own accounts.
2. Control account creation and ownership
Do you have a list of all your business social media accounts, including those that you don’t use, but that you set up just in case? If not, it’s worth creating one for future reference.
You may need to conduct an audit of accounts to track down any that have been created in the past. People in different departments may have set up accounts without you knowing. Usually this happens with the best of intentions, as they want to promote a product, communicate with customers or build relationships with their colleagues. But if the person who controls this account leaves, it can become an orphan account and can quickly become out of date, or vulnerable to attack—and it represents your business.
Set up an approval system for the creation of accounts in the future, ensuring that they are brand compliant and have an owner assigned. Add details of this system to your set of policies and procedures.
All these accounts will need to be secured and monitored regularly.
3. Secure the accounts
Enable two-factor authentication wherever possible for your social media accounts.
If you are asked to set up security questions, make sure they are hard to guess. Otherwise, if someone got access to your email address, they may be able to reset the password and deny you access to your accounts. Remember that the answers to these security questions don’t need to be true, just memorable.
4. Check third party connections
Check the third-party apps that each of your social media accounts has been connected to, and remove any that are no longer needed or used. Some of these apps may have inappropriate and unnecessary access to your data.
5. Audit and monitor your accounts
Review the privacy settings on all your business social media accounts. Things change, and auditing your accounts regularly will help you ensure your privacy settings are correct.
Monitor your social media feeds, just in case someone has gained access and is posting inappropriate material while impersonating you. The quicker you spot that something is wrong, the better.
6. Set up a post approval system
Have you got a system in place to approve posts before they are published?
Many companies have experienced a social media crisis by posting something inappropriate, something that hasn’t been carefully thought through, or by posting something to the business channel instead of their personal account. Having a second set of eyes reviewing posts just to check everything is OK will help reduce this risk, and also that of deliberate over-sharing of private information.
7. Provide staff training, policies and guidelines
Remind staff that answering social media polls and quizzes can mean revealing personal information that could be used to gain access to accounts, especially if the same passwords are used repeatedly.
- Create a social media policy, covering passwords and how to avoid common pitfalls (such as posting to the wrong account).
- Create social media brand guidelines, to outline what is, and what isn’t appropriate for public disclosure.
- Provide regular training and awareness sessions to ensure that staff understand social media security threats, scams and phishing attacks as well as your policies and guidelines.
8. Protect your devices
A lost phone without password protection, but which is logged in to social media is as good as an open door for an attacker.
- Log out of your social media accounts whenever you leave your computer or mobile device unattended.
- Protect your devices by implementing strong cyber security practices.
Getting started
Got 10 minutes today?
- Check who has access to your social media accounts at the moment.
- Ensure that none of your previous employees still have access by changing passwords.
30 minutes?
- Remind your staff about the risks that social media can pose to your company.
- Consider a system for approving posts before they are published.
60 minutes or more?
- Review the third-party apps that your accounts are connected to, and remove any unnecessary ones.
- Create a list of all your social media accounts, for all channels, and make sure those are secure, including those you do not currently use, and tracking down any unauthorised accounts that might be out there.
If you’d like some help with cyber security, contact the Click and Protect team for advice and support, either via our website form, or by calling us direct on 0113 733 6230
