3 Social Media Governance Essentials

Sue Serna loves dinosaurs but is not one - here at the Christmas Market in Paris December 2019

Brandle has some amazing customers and we are fortunate to be able to work with top-tier professionals at global companies. These social media governance professionals not only stay on top of changes with each social network, they also must stay on top of what is happening with their brands across the company and across the web. It's a difficult job that balances strategic thinking, risk management practices, marketing trade-offs and extreme detail (all while keeping an eye to any crisis that may arise).

One of our most advanced social media governance professionals is Sue Serna, global Social Media Lead at Cargill. In January, Sue wrote an excellent LinkedIn post titled:

"Don't be a dinosaur! 3 social media governance must-dos for companies of any size."

3 Social Media Governance Essentials by Sue Serna

...The conversation got me thinking… regardless of the size of your business, there are some basic social media governance principles that every business should consider. If you have not yet thought through some of these things, you probably are opening your company to unnecessary risk. You are also basically operating like a dinosaur in modern times. (OK, full disclosure, I had trouble finding an image for this post, so dinosaur reference it is!) So whether you’re a single-location mom and pop enterprise or a huge global corporation, maybe these governance tips will help.

Here are my top three:

1. Who owns your stuff?
If I had to highlight the one most important principle of social media governance, it would be this: you need to own all of your own stuff. That may seem simple but you’d be amazed at how many companies allow their agency partner or a business partner to own their social media accounts and/or their paid social media ad accounts. This is a massive mistake for a coupe of key reasons.
First, if you don’t own it, you don’t control it. Companies (including ours) have had cases where a partner “held their account hostage” if business dealings went awry. If you don’t have control of your accounts, you don’t have control of your brand. Now, that doesn’t mean that you can’t outsource the managing of your accounts to an outside party. But you or your company should always be the owner of the accounts and then you grant the agency or partner access – not the other way around.

Second, especially for platforms like Facebook, it is very much a “pay to play” game. Your level of service from the platform is entirely dependent on how much you spend. For Facebook and many other major platforms, you have to spend a certain amount to even be assigned an account rep. So if you don’t own your accounts but you are funding your ad spend, someone else is getting credit and you are not. That doesn’t seem fair, does it? Get credit for the money you are pumping into your social media activity. It should benefit you or your company – not anyone else.

Finally, if you don’t own the accounts, you don’t own your data. If your agency owns the account and you switch agencies, say goodbye to your historic data. The agency is under no obligation to give it to you before you sever ties. If you own the account, this is not a problem. You revoke access for your old agency, add access for your new agency and have a continuous data set that you own.

2. Know who has access.
Very similar to owning all of your own stuff, another key component of governance is that you must understand without a shadow of a doubt who has access to all of your stuff. Owning it all is the first step. But once you own it, if you just let anyone have access, you haven’t done yourself any favors.
I insist on knowing each individual person who has access to our accounts, whether they be a Cargill employee, an agency employee or a vendor. I am also not a fan of permitting blanket access for our agency partners because they often have a rotating door of personnel. Under that model, it’s very possible that we could have no idea who is actually touching our accounts. I would much prefer to give each individual person on the team access. It’s more work for my team, but it is also way more secure. There are lots of reasons that someone justifiably needs access to your accounts. But you need to know at all times who has access.
This is extremely important if you are ever sued over something posted on social media. If you don’t have clear line of sight, getting an answer to “Which individual pressed the button and posted that?” can be very difficult. If you are a large enough enterprise or have a big enough budget, you could investigate a social media management system to help with this type of record keeping. Most large companies including ours use one of these tools (the two largest in the space are Khoros and Sprinklr).

In addition, you need to keep up with personnel changeover. It does you no good to know the list of individuals who have access if your list is entirely out of date. While no one likes negative thinking, this is really crucial when you think about scenarios like a disgruntled employee leaving the company under bad terms. If that employee has access to your accounts and chooses to “go rogue,” you could have a serious brand reputation issue on hand. Remember also that many platforms like Twitter and Instagram have a simple “username or email and password” combination for logging in. That means that anyone with the login and password can access the full administrative settings panel and could (theoretically) change the password and lock you out of your own account. Don’t think it happens? Google it.

3. Manage your passwords
It hurts my head sometimes when people don’t understand the importance of actively managing their passwords. Your password is the literal key to your brand’s reputation on social media. More than that, it may be the key to your brand’s entire online reputation when you consider how much social media now plays into things like SEO and Google search results. You have all seen the horror stories of companies that have had their accounts hacked. This has happened to some very major brands. If you think it can’t happen to you, it’s time for a reality check. A couple of really fundamental best practices for social media password management:

• Only people who truly need to know the password should know the password.
• Do not share passwords via text message, email or other formats that are easily able to be forwarded or shared. (This one is hard and I will admit that sometimes we are forced to do this, but really you should try to avoid this.)
• If you are willing to spring for it, invest in an actual password management tool (LastPass and Keeper Security are my two favorites). Employing one of these tools eliminates the issue in the point above regarding securely sharing passwords.
• Any time anyone who knows the current password leaves the company or your agency/partner’s team, change the password immediately. This requires you to a) know when someone is leaving and b) be diligent enough to change the password on the day of their departure.
• Do not ever use passwords that are easy to guess – so passwords that are like Cargill123 or “brandnamepassword” should be prohibited. Also, do not use passwords that you use elsewhere in your personal life. Do NOT use the same password everywhere.
• If you are the only person who knows the passwords, that’s a bad practice too. What if you get hit by a bus?
• Even if you are the only person who knows the passwords, you should still change them regularly for security. The major platforms are prone to large security breaches. The longer you are on social media, the more likely your odds of being impacted by at least one such event.

Final thoughts: Social media governance has become a super complicated landscape. My prediction is that it will only continue to grow in scale and complexity. This is largely because of a few key factors:

• The number of platforms has expanded (Snapchat, Tik Tok and VSCO being the latest examples) and will continue to grow in coming years.
• The proliferation of paid social media means that you not only have to govern your social media channels and access to them, but you also have to govern the paid side of the house – ad accounts, access to ad accounts, payment methods, etc. If your operation is large enough, we are now starting to see social governance tools emerge to help with this type of work. I am a very big fan of a tool called Brandle that helps us tremendously in management and tracking of both our channels and our paid side of the house. (I should write a whole separate post about governance of paid sometime.)
• The number of people using social media across all platforms just keeps growing (the number of companies using social media therefore also continues to grow).
• Privacy concerns and things like the Cambridge Analytical privacy scandal are all impacting how closely the platforms are controlling the data they share – which makes governing within the new rules ever more complicated.
• Regulations like GDPR in Europe and CCPA in California add another layer of complexity – but an important one that can come with hefty fines (tens of millions of dollars in the case of GDPR). Therefore governance becomes a very high priority to ensure compliance.

So – in short, if you do not have a handle on who owns your stuff, who has access to your stuff and your passwords, you have some homework to do!

Obligatory note: I am not paid or compensated in any way for promoting any of the tools mentioned by name in this post. (In fact we pay some of them to use their tools!)

Thanks, Sue, for being a great customer and consummate professional!