Corporate social media concerns have progressed past the question of ROI as a marketing discipline and have landed squarely in the Risk Officers lap as a security concern. In fact, social media security is a serious risk for every corporation. Since 2011, cyber criminals have found a home on social media where they perpetuate fraud. During the past six months, CIO Insight states that cyber criminals have increased 70% (and it does not appear to be slowing down). CIO Insights also states that worldwide security breach costs will grow from $3 Billion in 2015 to $6 Trillion in 2021. That's a lot of crime, and a lot of damage to your company!
To protect brands and reputation, companies must now ensure that their social media accounts are not gateways that expose them to costly threats. this means that you need to keep vigilant watch for cyber risks, including:
- Ransomware attacks (such as the recent Wanna Cry)
- Hijacking or hacking accounts
- Phishing or impersonating brands to gain an audience
- Stealing passwords to gain access to an account associate with a brand or a person
- Giving access to shared user data through social platforms
With all these threats lurking, it can be difficult to manage and monitor risks and protect your company (and even your customers) from potential damage. Instead of waiting for an alarm bell to sound, businesses should be proactive and implement a social media governance plan that keeps their business, data and reputation safe. Here are seven social media security best practices to make the security section of your governance plan the best it can be:
Social Media Security Best Practice #1: Discover All Points of Presence (POPs)
The first step in keeping your corporate social media governed is to determine which accounts, pages, channels, boards, etc. appear to be associated with your business. Because counterfeit accounts can pop up at any time, you have to be aware of where your business is being represented on social media in order to assess whether a brand account is valid. Once you discover all of the POPs for your business, you will have a bird’s eye view of the accounts and areas that you must actively keep secure. After this first audit, be sure to have an ongoing audit program in place to find newly created rogue or fraudulent accounts.
Social Media Security Best Practice #2: Assess all POPs
It can often come as a surprise to a company when they figure out just how many places their brand is represented on the internet. Once you’ve determined where all of your business’ POPs are located, it is time to decide which ones should be managed and which ones should be shut down. When assessing POPs be sure to look for:
- Accounts that your company does not have access to (due to lost credentials)
- Accounts that are using your brand in an inflammatory way
- Duplicate accounts for locations or sub-brands
- Fraudulent accounts
- Accounts that mislead a consumer to believe that is is representing your brand
Social Media Security Best Practice #3: Create Inventory System for POPs
Creating an inventory system for all of your POPs gives your company a consistent and reliable way to keep track of each one. It also gives you an opportunity to group POPs together by social media channel, location, sub-brand, etc. so that they are easier to sort and assign to a manager (discussed below). An inventory method also ensures that when you check up on your company’s POPs after this initial assessment, you can identify new accounts and track any changes that differ from your existing inventory.
Social Media Security Best Practice #4: Assign Responsibility for POPs to Team Members
Now that all your POPs are in one place, it comes time to divide responsibility for them among your team members. Depending on the number of POPs you have, it may be overwhelming for one person to monitor everything. Therefore, dividing the responsibility makes sure that each one is getting the right amount of attention to ensure top security. The team members should be trained on governance and risk protocols and be responsible for elevating any risk occurrences per protocol.
Social Media Security Best Practice #5: Think About Access and Control of POPs
One thing that is often overlooked is the access and control of POPs. Once the responsibility is divided up, don’t assume that the manager is the only one that needs control. In a best case scenario, if the current manager leaves the company, you should be sure that someone else has the credentials and the training to run the account smoothly. In a worst case scenario, if the current manager leaves the company with a trail of destruction, you should be sure that they can be removed swiftly from any POP and account posting can take place as usual.
Access also becomes a major factor when a new POP needs to be created. Think about who will have access, what their access levels will be and who will be responsible for management. Then, decide what the password system and security protocol for accounts will be (such as forbidding social login to new accounts). Thinking about these components beforehand and creating a risk mitigation plan before you need one will ensure there are no lapses in security.
Social Media Security Best Practice #6: Evaluate the Compliance of POPs
Another important part to social media security is checking the compliance of all POPs to see if they are up to brand, corporate, and regulatory standards. If they do not meet this criteria, you should either fix the account so that it is compliant or shutdown the account as a whole. If you do not have social media compliance guide to check your POPs against, create a guide sheet that lists the requirements (legal, corporate and brand) for each approved social platform. To get some ideas, review our Social Media Governance Plan e-book.
Social Media Security Best Practice #7: Secure the Tool Chain for each POP
The last best practice is getting the right tools in place for POP management and monitoring and make sure you list the access of each tool per POP on your Inventory list. Connected tools are certainly an avenue that weakens the security of each account. By knowing your tool chain, and limiting access to your business needs, you will have less concern about cyber threats entering via an attached tool. Whether you need to manage content or compliance, or analyze data and sentiment, think about your required business tools that attach to your POPs and ensure they are secure.
If you have a large social media inventory that needs to be consistently monitored and managed, check out our whitepaper “Enterprise Social Media Account Management”. It highlights 7 critical steps that every enterprise needs to take in order to manage their distributed brand presence. Plus you’ll learn more about audits, how to manage access, compliance criteria and more!