Social media sites are popular targets when it comes to hacking. LinkedIn was targeted last year, with details of over 100 million users put up for sale on the dark web. Even Facebook founder Mark Zuckerberg had his accounts compromised. In fact, almost two-thirds of U.S. adults believe their social media accounts have been hacked, according to a study by the University of Phoenix. And many Fortune 100 brands experience at least one attack on their social media channels each business day, sometimes with disastrous effects.
You might think your business is safe. After all, why would anyone want to hack your accounts? The thing is, hackers often don’t do what they do for money or to hit big names. It has become almost like a sport for them and we are all targets.
Hacked social media accounts can be inconvenient and annoying for anyone, but for a business it can be devastating and ruin the brand’s credibility. In March, hackers managed to access the Twitter account for McDonald’s and send out a derogatory post aimed at President Trump. But McDonald’s is a well established, multinational brand and they could gain control of their account quickly. Could your business do the same? Here are six steps to help keep your company’s social media accounts secure.
Practice Good Password Hygiene
A strong password is the first step in good social media security. Make sure you change your social media passwords regularly and ensure each password is a meaningless string of letters, numbers and special characters. Wherever possible, use two-factor authentication. This means you need more than just a password to access an account. Each time you log in, the site will send a unique passcode to a mobile number registered to the account. If you have several people monitoring your social channels, this may be inconvenient. However, there are always ways around it. For example, you could use third-party apps such as Hootsuite or Sprout Social, which allow you to easily manage access rights for individuals.
All employees should receive some basic training in social media security. More than 60% of enterprises allow their staff to use personal devices to access corporate data, so it is important that your staff knows what to look out for, both on their own accounts and on company pages. If a member of your team has their account hacked, the hacker may well target their place of work first, posting unsavory messages on your company’s social channels.
Produce a Social Media Policy
A formal social media policy means that everyone can be aware of the standards and expectations. This doesn’t need to be a lengthy document but should include details of what is considered good practice. Among many other things, it could specify that all devices used to access the organization’s social media accounts are password-protected and are locked when not in use. It could also explicitly state that passwords should not be written down or passed around among employees (unless authorized to do so) and should be changed every 90 days.
Choose carefully which staff members have access to your social media accounts. You could also consider using third-party management tools that allow you to give them access to social accounts without having password access. Always keep a log of exactly who has access to which accounts and ensure it is audited and updated regularly.
Passwords should be changed whenever staff members leave, even if they leave on good terms. Employees are often the weakest link when it comes to social media security. One infamous example: In 2013, UK staff at entertainment retailer HMV found themselves being laid off and the company’s Twitter account quickly hit the news when Tweets started appearing declaring, “We’re all being fired!” The tweets were, of course, later deleted, but nothing is ever completely removed from the Internet and screenshots abound of tweets that look bad for the brand.
Check Access Rights for External Tools
There are hundreds of tools available that help you to schedule and manage your social media accounts. But you can’t be complacent once these tools are set up. It’s important to regularly audit which apps have access to your accounts. If you no longer use a certain app or don’t recognize its name, revoke access, to help keep your account secure.
Make It a Role Within the Company
Rather than giving access to everyone on the team and then waste time trying to monitor it, consider hiring a social media manager to take care of your channels. They should not only update your accounts regularly but also monitor your brand’s presence online and look out for any signs of a problem.