Security is a vital element of every business. You wouldn’t leave your office door wide open overnight, nor would you leave important documents lying around, yet a lot of companies seem to fall at the first hurdle when it comes to keeping their online presence secure.
It may not seem as important as other parts of your business, but your social media platforms are your virtual shop windows. To have those compromised could drastically impact your reputation.
Update your social media passwords
A lot of us are guilty of using the same password for every login we have, and it’s likely that password hasn’t been updated in a while!
Whoever has the key responsibility for a social media page which requires a login, such as Twitter or Instagram, should update the password regularly. We’d recommend changing it at least every three months and making sure the password is different to one you’ve used before, or one you’re currently using on another platform.
Sites like https://www.passwordmonster.com/ can judge the strength of your passwords, which may come in handy when you’re having to get creative with logins!
If employees’ personal accounts are connected to a business page, for example on Facebook or LinkedIn, it may be worth encouraging them to change their passwords regularly too.
Who really needs access?
Typically, the more people who have access to your social media accounts, the more likely it is for security risks to occur.
Be mindful when it comes to giving social media access to your team members. For example, it might not be best practice to hand your accounts over to someone who just started that day.
Consider their position in the workplace, whether they need access, and how long they’ve been at the company. If you’ve hired someone who should really have access to your platforms, make sure they understand your IT policies - typically we’d recommend waiting until after they’ve passed their probation to completely hand anything over.
Not everyone will need admin access, either. Some team members should only be able to share content, while others should only publish ads, and so on. This prevents people making big changes to your page or removing other users from it.
Your reputation is at stake when it comes to your social media presence, and it only takes one post to damage it. Whether it’s inaccuracies in your content, breaching client NDAs, or unhappy employees sharing their thoughts, it’s your reputation on the line.
If it’s happened to you in the past, please know you’re not alone.
Consider your offboarding process
When an employee lets you know they will be moving on to pastures new, it is important to consider whether your social media pages could be impacted.
Unfortunately, not everyone leaves their job on good terms with the company. If you’ve got a disgruntled ex-employee and they’ve still got access to your social platforms, you’re leaving your online presence in a vulnerable position. We’ve seen it before and sadly we think we’ll see it again.
Sometimes ex-employees post inappropriate content on a business’ social media, and sometimes they refuse to hand over your accounts if they’re the only person with access to them.
It’s not always disgruntled ex-employees, either. Some employees can leave on great terms with the company and are the only people with access to certain social media pages. If those pages are left untouched for a while, when they’re looked at again no one knows who created the page and can give them access or send over the logins.
We’ve had numerous clients find their social media platforms in existence but they’ve had to start new ones because nobody in the company knows who set them up!
To avoid either of these things happening, we’d always suggest at least two members of staff have admin access to your company’s pages and your platform logins are in secure documents kept on encrypted databases.
As part of your company’s digital offboarding process, the staff member who is leaving should be removed from all platforms and passwords should be changed.
It may sound excessive to update your passwords every quarter or whenever someone leaves to ensure only certain employees have access to your social media accounts, but it’s definitely better to be safe than sorry. Like we mentioned earlier, you wouldn’t leave your office door open overnight…
You can still go the extra mile and run random security checks on your social media pages as well. You can never be too secure!
If you’ve not done so already, double-check your social media policy - or create one, if you haven’t already. It should clearly state your expectations of employees and how social media usage is included in their onboarding and offboarding processes. This document needs to be detailed and seen by all team members.
Last but certainly not least… education is key!
Online security has been a hot topic for years now, and still people fall victim to scams on the web.
If an employee’s personal profile is connected to your business page, it could put that page in danger. Teaching your teams to recognise and avoid these scams can protect your business from being at risk of them, too.
So, how do we handle clients’ social media access?
Whenever we are given access to a client’s social media page, we ensure at least one member of the client’s team has complete access over the platform so the control always lies with them. We never change things without permission and, in most cases, only specific team members are given admin access, while others have limited access.
Passwords also lie with our clients so they keep that control. We will remind them about updating their passwords and that responsibility is theirs so we don’t accidentally lock anyone out.
If you are looking for guidance or support on social media platforms, access and what they can do, our Two Hour Takeovers may be of interest - we can spend two hours with you, checking your social media platforms and who has access and where. We might even find you have historic platforms which you didn’t even realise existed (which happens a lot!).
If you’re interested please get in touch at firstname.lastname@example.org and we can organise a time to suit you and your team.