- Social Media Security Requirements
- 5 Social Media Security Risks to Watch For
- Tips to Create a Social Media Policy
1. Create a social media policy
Before people can avoid making social media blunders, they need to know what things to watch out for. One of the most effective ways to do this is by creating a social media policy.
Social media policies can help to keep your brand safe while encouraging participation from your employees. While policies will vary from organization to organization, typically they’ll include best practices, safety and security guidelines, and procedures on training and enforcement.
Policies are especially useful for organizations that operate more than one social media account to stay coordinated.
Cambridge University is one such organization. With over 260 social media accounts bearing the university’s name, Cambridge created a social media policy to help protect their online reputation.
Viewing the policy as a “living document,” the university uses Hootsuite’s monitoring and insights features to keep employees informed of best-practices related to their various social networks.
Be sure to include clear guidelines on how to:
- Create a secure password
- Effectively monitor and engage with brand mentions
- Avoid spam, phishing attacks, and human error
- Avoid malware and related malicious software (spyware, ransomware, etc.)
- Proceed in the event of malware attacks
- Engage on social media following a corporate crisis
- Share on-brand and approved content
Check out our complete guide for more tips on writing social media policies.
2. Give your employees social media training
Next, bring your policy to life with in-person social media training. Doing so will give your employees the chance to ask questions about policy items they don’t understand. It will also bring to light any gaps in your policy that could become potential security threats.
Organizations like famed publisher Wiley, for example, regularly deliver in-house social media training to keep their social efforts streamlined and secure.
During the training, clearly highlight your company’s do’s and don’ts of sharing, how to use secure social media tools, and what phishing links or malicious accounts look like.
If your brand is worried about full-scale malware attacks, hacks, or bad press, weave crisis communications training into your policy and training—detailing what to do in the event of a hack or PR disaster on social.
3. Limit access to social media
You want to make sure that only the right people have publishing rights on your social media channels. This applies regardless of how many people contribute to message drafting and content creation.
Read-only settings, like those offered by Hootsuite, can help mitigate the risk of human error caused by employees who aren’t properly trained on the channels and tools.
If you’re using Hootsuite, you can easily set-up permission levels and a system of approval to follow the natural hierarchy of your organization. Staff members can be given limited permission to draft messages, which must then be fed into an approval queue for senior management to sign-off on before publishing.
Limited permissions also allow you to restrict employees to specific social accounts and capabilities.
Learn how to get even more out of Hootsuite with free social media trainingfrom Hootsuite Academy.
4. Put someone in charge
Too many cooks in the kitchen spoil the broth, or so the saying goes. Similarly in social media, one key person should lead the charge on all of your brand’s social media activities.
Having a key person acting as the eyes and ears of your social presence can go a long way towards mitigating your risks. This person should monitor your brand’s presence, listen for related conversations, be responsible for your social media security, and manage who has publishing access.
5. Invest in secure technology
With social media hacks on the rise, brands must take vigilant and innovative measures to keep their accounts—and their reputations—safe. One of the most effective ways to do this is by investing in secure technology.
Safeguard your passwords
Not so long ago, shared social media accounts meant shared passwords—which also meant more opportunities for crooks to get their hands on your information. These days, a slew of password management tools are available to keep your passwords safe.
Lastpass is a great example of a site that can generate and store complex passwords on your behalf. Two-factor authentication tools, like One Login, add an added security layer where users are required to use two devices (computer and mobile device) in a series of commands to access an account.
One social platform to rule them all
Secure social media management platforms, like Hootsuite, are another great way to keep your content secure. By using a single platform to manage all your networks, you can confidently keep control of who’s publishing and accessing your accounts.
Scan for threats
Arm yourself with security software, like ZeroFOX, that automatically scans for and sends alerts of any brand impersonations, scams, fraud, malware, viruses, and other cyber risks.
6. Monitor your social media channels
If a social media blunder happens, you’ll want to make sure you immediately hear about it. But to know what’s being said, you need to do more than keep an eye on each of your networks—you also need to know what to look for.
Monitoring tools, like Hootsuite, can help you confidently keep on top of what’s being said about you, across each of your networks, from a single dashboard.
For an even more comprehensive understanding of the conversation happening around your brand on social media, try an app like Brandwatch, which lets you monitor and analyze social mentions from more than 70 million sources.
7. Perform a regular audit
As you would with any other business function, be sure to perform regular audits of your social media security measures to make sure your efforts are up-to-date and that potential security gaps haven’t crept in. At least once every quarter, check on:
- Network privacy settings: Networks routinely update their privacy settings which will likely have an impact on your account.
- Access and publishing privileges: Perform a scan of who has access to and publishing rights on your social media management platform and sites and update as needed.
- Recent security threats: Perform a scan of reputable news outlets and security sources for an update on the latest social media threats in circulation.
Social media opens a world of opportunity for your business to grow and connect with customers. Arm yourself against threats and go forth knowing you’ve done everything in your power to protect your business.
Scams on social media skyrocketed by 150 percent across Facebook, Twitter, Instagram, and LinkedIn in 2016. And the number is likely to continue climbing as more cyber crooks see social as a fruitful target.
So, what are businesses to do? Pull away from social altogether? Well, no.
For most brands today, social media is critical to their marketing and customer service success. To pull away would mean risking important stakeholder engagement and market opportunity.
Instead, brands must ensure they’re educated about the risks and take steps to protect themselves.
In this post we’ll look at five of the most common social media security risks and offer tips on how to protect your organization from them.
5 social media security risks to business
1. Human error
From accidental tweets, to unknowing clicks on phishing links, human error is one of the most common social media security threats to brands today.
Back in 2014, a US Airways employee accidentally posted an X-rated image to the company’s Twitter feed. Dubbed ‘the worst tweet of all time’, the error brought on days of tough press coverage. While the company ultimately made it out unscathed, the situation highlighted just how quickly things can go wrong due to human error on social media.
2. Not paying attention on social media
Related to human error, not paying attention to your social media accounts can have serious consequences. Leaving your account unmonitored, for example, puts it at risk of being infected by a malicious virus that could spread to your followers.
Worse still, if that virus sends spammy messages from your account you could run the risk of losing followers who no longer see you as trustworthy.
3. Malicious apps and attacks
The internet is rife with malicious software—ranging from malware and spyware to adware and the evil ransomware variety (of which there were over 4,000 attacks every day in 2016).
One of the most sophisticated attacks to go down on social media in recent memory was that of the Locky app. Initially spread through email attachments, Locky directly targeted social networks through the circulation of corrupt jpegs(those sneaky Locky hackers found a way to embed malicious code into an image file).
When an unknowing user clicked and opened the image, Locky would immediately put a lock-down on all their computer files. A nasty little note would soon follow demanding the user make a payment (via the anonymous Tor network) in exchange for a key to unlock the user’s files.
4. Phishing scams
Like malicious apps, phishing scams use social media to trick people into handing over personal information (like banking details and passwords). Phishing attempts on social media soared by an astounding 500 percent in 2016—largely attributed to fraudulent customer support accounts targeting customers on Facebook, Twitter, Instagram, and LinkedIn.
One such example was the Facebook “fake friend” phishing attack that made the rounds in 2016. According to global cybersecurity watchdog, Kaspersky Lab, thousands of users received a Facebook message saying they’d been mentioned by a friend in a comment. When users clicked on the message, the scam would automatically download a malicious Chrome browser extension onto their computer.
Once installed, the malicious file would take hold of the user’s Facebook account—where it would then extract the user’s personal data and further spread the virus through that user’s friends.
5. Privacy settings
Privacy and protection on social media is extremely important. Yet many businesses continue to put their reputations at risk by not implementing strict privacy settings. As a result, hackers can easily take control of a brand’s social channels and wreak havoc at will— sending fraudulent posts to followers or making adjustments to a channel’s appearance.
Many major brands have fallen prey to social media hacks, including Burger King, whose Twitter account was hijacked and made to look like it was promoting McDonald’s.
The line between companies and their employees on social media is steadily blurring. Organizations today need a social media policy that at once helps keep the brand’s reputation intact while also encourages employee participation online.
In this guide, we’ll layout the benefits of having a social media policy and give you all the information you need to create your own. We’ll also offer up a few good examples of policies from recognizable brands that you can draw inspiration from.
Bonus: Get the step-by-step social media strategy guide with pro tips on how to grow your social media presence with Hootsuite.
What is a social media policy?
A social media policy outlines how an organization and its employees should conduct themselves online. This document helps to safeguard your brand’s reputation while also encouraging employees to responsibly share the company’s message.
Because social media moves fast, this policy should be considered a living document—ongoing updates will be necessary. But rest easy, it doesn’t need to be a 26-page opus (take a look at this simple two-pager from Adidas). The goal here is to provide employees with straightforward guidelines that are easy to follow.
Benefits of a social media policy
Whether your company is already well-established on social, or just beginning to build its presence online, all organizations should have a social media policy. Here are a few ways your business can benefit from establishing a social media policy.
Helps to protect your company’s reputation
By clearly explaining to your employees how best to represent the company online—including what they can and cannot share—you will mitigate threats to your brand reputation. To further help in this regard, a good social media policy will also explain what actions need to be taken in the event of a mistake is made or a company social handle comes under attack (by trolls or hackers).
Bonus: Register for our upcoming webinar, “Build and Protect Your Brand on Social Media,” to learn everything you need to know about online reputation management—from potential risks to mitigation tactics (and tools).
Defends against legal trouble and security risks
Social media policies can help safeguard your organization against potential legal troubles and security risks by outlining potential threats and ways to avoid them. Your policy should also explain what an employee must do if they should accidentally put the company’s reputation at risk, or if they fall prey to a malicious attack.
Empowers employees to share company messaging
Social media policies can also be enormously helpful when it comes to brand amplification. How? They tap into your biggest advocacy group: your employees. And company messaging is often considered more credible when it comes from actual people.
With clear guidelines, companies can help their employees understand how to use social media to promote the brand. To use your social media policy as an employee advocacy tool, the document should outline best practices for sharing company content on social as well as commenting on online.
An employee advocacy tool, like Hootsuite’s Amplify, makes it easy for your employees to share company messaging with pre-approved social media content. This reduces risks to your company and ensures everything is accurate and on-brand.
Creates consistency across channels
Use your social media policy to outline expectations surrounding brand voice and tone. Having a strong brand voice is beneficial to your business as it increases awareness, showcases personality, and helps users connect with your business.
If you have public facing employees, you also need to make sure they are aware of any brand standards regarding the appearance and tone of their social media accounts. For example, you may want your employee’s Twitter handles to include a reference to your brand.
At Hootsuite, we encourage employees who interact with the public on behalf of the company to create a Twitter handle using this naming convention: @Hoot[individual’s name]. This makes it easy for customers to identify Hootsuite employees and engage with them.
This part of your social media policy should also address proper use of images, video, and other media. If your business calls for images being shared on social media to remain consistent with brand voice, you need to outline these requirements in your policy.
What your social media policy should include
Before we dive into the specific sections, we suggest breaking your social media policy into two areas:
- Social media policy for the company’s official accounts.
- Social media policy for employees.
While there is overlap between the two areas, there are aspects of both that may require specific detail.
1. Rules and regulations
This section should outline your company’s expectations for appropriate employee behavior and conduct (on behalf of the company or personal) on social media. For example, restricting the use of profanities or controversial opinions when posting about the company.
A few specifics this section may dive into include:
- Brand guidelines: How to talk about your company and products
- Etiquette and engagement: Outline how you want employees to respond to mentions of your brand (positive and negative).
- Confidentiality: Defines what company information should not be shared on social media.
2. Roles and responsibilities
This section should outline who is responsible for specific social media governance tasks. You might want to create a table broken into two columns. The first column would define a specific social media responsibility—brand guidelines, for example—and the person responsible for governing that—likely the brand manager—would appear in the second column.
Other social media roles and responsibilities to assign might include:
- Message approval
- Customer service
- Social engagement
- Security and legal concerns
- Staff training
3. Potential legal risks
To help steer you clear of any legal blunders, your social media policy should provide clear guidelines for handling any areas of potential concern. Do your research and be sure to involve legal counsel.
A few topics that this section should cover are:
- Crediting sources: Specify how your team is to credit original sources if they are reposting or borrowing content from an external source (Image copyright, for example).
- Privacy and disclosure procedures: Define what is considered confidential and non-sharable (such as plans for a rebranding announcement).
- Employee disclaimers: Require employees to include a disclaimer when publicly commenting on content related to your business that identifies them as an employee. Typical disclaimers of this kind read something to the effect of, “views expressed are mine and don’t necessarily reflect those of my employer”. You may also suggest employees add such a disclaimer to any publicly accessible bio, such as Twitter or LinkedIn.
4. Security risks
From phishing scams to ransomware attacks, social media security risks are, unfortunately, all-too-common. Companies must be hyper-vigilant when it comes to protecting their online presence.
Social media policies can help safeguard against such risks by making employees aware of the threats, how to avoid them, and what to do should an attack occur.
Your policy should provide guidelines on how to:
- Create secure passwords
- Avoid phishing attacks, spam, scams, and other malicious threats
- How to respond in the event of a security breach or attack
5. Accountability
At the end-of-the-day, every employee is responsible for what they publish online. Remind your people to exercise caution and common sense whether they’re posting on behalf of the company or on their personal channels.
How to implement a social media policy
Seek input. This policy should be crafted with employee participation. Taking a team approach will help ensure all your bases are covered and that everyone buys into the program.
Focus on the big picture. Social media changes all the time. Don’t get too caught up on providing specifics on each channel use.
Don’t discourage use. Your social media policy should encourage employees to be active on social and champion your brand. Avoiding creating a document of DON’Ts.
Social media policy examples
Finally, here are a number of social media policies—from both the private and public sectors—that you can use to inform your own.
Corporate social media policy examples
- Adidas Group Social Media Guidelines: A concise two-page guide that clearly communicates the key points with a conversational tone.
- Best Buy Social Media Policy: This one-page document does a good job of clearly defining its expectations for online conduct. Like Adidas, Best Buy outlines the bulk of its policy in bullet form.
- Social Media Guidelines for AP Employees: A more comprehensive policy with great situational examples.
- Reuters’ Reporting from the Internet and Using Social Media: The “Is it a hoax?” section proves policies don’t need to be boring. You can create a document that uniquely reflects your brand voice.
- Greteman Group Social Media Policy: a good balance between etiquette expectations and employee empowerment —peppered with humor.
- Shift Communications Guidelines for Social Media Participation: Swift positions their policy as easily digestible top 10 list.
Government social media policy examples
- New York City Department of Education Social Media Guidelines: If you’re looking for a more formal social media policy, this one is a perfect example.
- Government of Canada Guideline on Official Use of Social Media: This federal government policy includes templates and guides.
Social media policy examples for the health care industry
- Mayo Clinic Employee Sharing Policy: Short and to-the-point, this policy touches on things such as disclosures and employee disclaimers. Without reinventing the wheel, it also provides links to organizational policies such as computer usage, patient confidentiality, and mutual respect.
- The Ohio State University Medical Center—Social Media Participation Guidelines: If you’re looking for a way to separate and define your organizational and personal use sections, this is a great example. The policy starts with a clear definition of both uses and goes into a detailed explanation of the procedures and policies that apply to each segment.
Social media policy examples for higher education
- California State University East Bay—Social Media Principals and Engagement Guidelines: Work in post-secondary? This policy starts off with a quick rundown of basic social media principles followed by a more exhaustive explanation of its guidelines.
- Tufts University: Like Ohio State, Tufts provides separate policies for social media activities that fall under its official banner and the personal activities of its employees. The former is quite extensive and covers everything from best practices to individual responsibility.