Just as social media can help agencies cultivate the trust of their constituents, a security incident on social can undermine that trust. Potential threats include misinformation, spam comments, imposter accounts and scams targeting constituents (see Figure 5).
Hootsuite recommends the following tips to mitigate the risks:
1. Create a social media policy.
A social media policy, developed and enforced from the top down, will help protect you from both security threats and PR trouble. Keep it simple and easy to follow, with key elements like:
- Guidelines that explain how to talk about your agency on social
- Assigned departments or team members that are responsible for each social media account
- Guidelines on how to create an effective password and how often to change passwords
- A designated person to notify and instructions for responding to social media security concerns
2. Train your staff on social media security issues.
Once you have a social media policy in place, make sure your team understands it. Training is also an opportunity to update the team on the latest social media threats they should be aware of.
3. Limit access to increase social media data security.
Treat account passwords as the security assets that they are. That means limiting the number of people who can manage your accounts, and requiring everyone who does to have a unique password.
4. Set up a system of approvals for social posts.
You might have multiple people who draft messages for different platforms, but you should have a much smaller number who actually post them. With a platform like Hootsuite, you can set up highly efficient, permissions-based workflows.
5. Put someone in charge.
Assigning a key person as the eyes and ears of your social presence can go a long way toward mitigating risks. This person should:
- Own your social media policy
- Monitor your agency’s social presence
- Determine who has publishing access
- Be a key player in the development of your social media strategy
6. Set up an early warning system.
Assign someone to check that all the posts on your accounts are legitimate. That includes the ones you use every day and the ones you’ve registered but never used at all. It’s also important this person monitors for any imposter accounts.
Photo credit: Patrick Tomasso on Unsplash