Social media has become the cornerstone for many businesses in terms of how they communicate with their customers. It has also become a huge target for cyber attacks, particularly with hackers stealing accounts, changing credentials, and sending messages on behalf of a company.
Because of the importance of these platforms as part of your customer’s lifecycle, how can businesses keep their profiles safe and protected? In today’s post, we cover process controls and tools that can be put in place to safeguard your content and brand.
Start by implementing administrative controls
While social media can sometimes feel like the wild west where anything goes, it’s important to start with policies that provide guidelines for what’s acceptable and what’s not.
To begin, clarify and document who within your organization has and should have access to each profile, including internal and external parties. When documented, this is known as a permissions matrix, noting not only who has access but what permissions they are allowed per platform. Use extreme caution to the number of individuals with “admin” level access.
Next, you’ll want to consider policies as they relate to content, including follower comments and responses. More specifically, you’ll want to note:
- What content is considered acceptable and aligns with your brand? For example, memes have become a common form of communication across the board but there are times when you’ll want to stick with original content.
- Who is responsible for posting content and how is that handled? Automatically with a third-party platform or team? Or manually?
- Who ultimately is responsible for interacting and responding to follower comments, questions, or concerns?
- What is the escalation process when user comments are leaning toward concern, frustration, or general feedback?
While it may feel tedious to document these processes, it’s imperative to have them in place, especially as your business grows and scales.
Always use company-owned assets to access accounts
Because the majority of us consume social media in our personal lives, it’s very tempting to manage and access our business profiles the same way we access our personal profiles. However, that can open up potential liabilities.
You’ll want the email address or phone number associated with your business accounts to be a company-owned email or phone number. This way, in the event your personal account was ever hacked or compromised, they will not have access to your business profiles unless they have access to the credentials for your company email or device.
Also, for your email, you’ll want to use a generic email address like “marketing@” or “sales@” vs. an individual address. This helps limit the number of access points for each platform.
Lastly, in the event the person or people responsible for posting or responding to content are out-out-of-office for whatever reason, this allows for other members with the same access to the company email to still maintain access to the social profile.
Use technical controls as an added layer of defense
A final line of defense is technical controls, which are settings that help keep you more secure. Multifactor Authentication, also known as MFA, requires users to provide two or more authentication factors to access an account.
In the case of your social profiles, this can be enabled under your settings and it will generally require the use of a third-party authenticator. Some common authenticator tools include:
In the end, find what’s best for your business and brand
As social media platforms continue to grow and evolve, playing a large role in any business today, having the proper controls in place is paramount.
There’s no out-of-the-box or one-size fits all solution that is full-proof, so your controls should be tailored to fit the needs of your specific business.
We understand first-hand that the IT and cybersecurity landscapes can be difficult and oftentimes, incredibly frustrating when you have to deal with it on your own. To learn more about how our people-centered IT experts can give you supreme cyber-confidence, contact us today.