They’ve almost become a regular occurrence – it seems a week doesn’t go by without a security breach of a high-profile brand’s social media account. Remember the Associated Press and Burger King Twitter hacks? The damage to a brand’s reputation can be nearly catastrophic, and may take significant resources – human and financial – to overcome so taking steps to secure social media is important. The benefits of using social media as a part of your company’s marketing and communications activities certainly outweigh the risks. Fortunately, there are ways to protect your organization. While practicing good online hygiene won’t guarantee your brand won’t be the next victim, you can reduce the risk.
The basics for safe and secure browsing
- Choose strong passwords and never, ever share them.
- On the topic of passwords, change them often. Setting a regular schedule for changing your passwords, say, the first Monday of every month, can help keep your organization’s passwords fresh and secure.
- Who doesn’t check their social media accounts while at the local café? However, public wifi can be less secure as it is often unencrypted, putting you and your company’s social accounts at risk. There are some good tips from Kaspersky Lab on accessing the Internet by public wifi.
- Always make sure your antivirus software on your computer is up-to-date, and install updates when necessary.
Special tips for secure social media
- Controlling permissions for your employees who manage your social accounts can limit your risk of password leaks and the chance of misappropriate messages being sent out. For example, Facebook has five levels of account access, from administrator to analyst, each with access only to the function they need to do their job.
- A social media policy that spells out the behaviour you expect from your community managers provides them with guidelines around what they can and cannot say when representing your brand online. It doesn’t have to be complicated and it doesn’t have to be overly strict or prescriptive. There are many policy templates online – a little research will identify something similar to your needs.
- Many social media tools offer two-step verification (including Twitter, Facebook and Google+), a useful function to provide an extra level of security to your accounts. Two-step verification is a process of using a two-stage process to verify a login on a social account. For example, when enabled on Facebook, login requires a password and a security code (sent to you by text) to login from a previously unused IP address.
- Phishing attempts are becoming increasingly common and complex, so it’s important to make sure your employees know about phishing and how to avoid becoming a victim of this form of social engineering. CIRA’s Cyber-Security Consumer Tip Sheet, has information on how to avoid becoming a victim of phishing.
- If you use mobile devices to access your social media accounts, ensure that these devices are password protected. That way, if they are lost or stolen, your accounts are safe. For information about how to protect your mobile device, check out the Protect your Data initiative.
- Some social media tools offer the option to be notified when an account is accessed from a device that has not been approved. This allows you to quickly detect suspicious activity on your account, a possibility if one of your page manager’s accounts has been compromised. Ensuring all of your community managers enable this feature adds an extra level of security.
- Using a social media manager like Hootsuite or Tweetdeck allows you to limit your employees’ to the original account login details while still allowing them to post to various social accounts.
- A 2013 study by Infosecurity Europe found that 41 per cent of information security professionals surveyed believe that rogue employees are the greatest security threat to an organization. When an employee that has access to your company’s social media accounts leaves your organization, delete their access and change the passwords immediately.
- Limit the number of third party applications that have access to your accounts. While many of these services can be very useful, providing metrics and helpful add-ons, they also present a security risk. If you must use a third party app, revoke its access to your account when you are finished using it by following these instructions for Twitter and Facebook.
By implementing these tips, you can ensure your brand is protected while still being able to reap the benefits social media offers. Do you have any tips for companies using social media?