As a college student in the 2010s, I was provided with a real-life crash course on social media security. If I left my phone unattended in a friend’s dorm room or at a party, there was a 90% chance I’d return to find my Facebook account had posted something like “I’m a big poop face” or Katy Perry lyrics, depending on who had hi-jacked my phone.
Working in a marketing agency, you can usually rely on a certain level of professionalism to prevent any embarrassing posts. But just like leaving your phone unattended in a room full of your “friends” in the 2010s was a security risk, so is providing access to your business’s social media accounts.
While rare, it is possible a social media manager may leave your company on bad terms and use your company’s social media to call your employees a bunch of poop-faces. Or you may have an employee who runs your social media account planning on leaving and you want to create an exit strategy. Whatever it may be, we have plenty of experience managing social media accounts at Hivehouse Digital and can impart some well-earned wisdom for retaining ownership of your company’s social media accounts.
Best Practices for Retaining Ownership
Cybersecurity best practices always start with a plan. Your company should have a cybersecurity plan in place, and retaining ownership of social media should be a part of it.
If you’re giving your company’s social media passwords to an in-house social media manager, freelancer, or agency, you need to set guidelines and make sure procedures are followed.
While each company’s plan will be different depending on the tools and employees available, there are some basic measures you can take to make sure your social media accounts stay internal.
You’re probably well aware you need to create complex passwords that look like Elon Musk’s kid’s name to achieve maximum security. That’s one and done though, changing your password regularly takes some extra discipline.
Cybersecurity experts at McAfee recommend changing your passwords every three months. Ugh. Just as needy as my Brita filter that’s been blinking red all year. As painful as it may be to consistently update your passwords, a disgruntled employee or a cybersecurity breach from passwords left in limbo will be even more painful.
In addition, you should be changing all associated social media passwords as soon as someone with access leaves your company. This is the sort of task that easily gets lost in the shuffle of hiring a replacement or day-to-day activities, but really should be incorporated into your company’s offboarding process.
One of the reasons changing passwords frequently is a pain is that there are JUST SO MANY. Passwords for every app, passwords for email, passwords for your thermostat, it’s endless.
Single sign-on allows you to use one login for multiple applications. You may have encountered websites or apps that let you create a login with your Apple or Google account, that’s an example of an SSO.
If your company is hiring someone external to manage your social media, it might be more prudent to provide them with an SSO, rather than handing over all of your individual passwords for each app.
Marketing platforms like HubSpot or Hootsuite can be used in a similar way. Rather than a social media manager logging into Twitter, FaceBook, or Instagram individually, they can just log into HubSpot and post, edit, and analyze metrics from there.
Not only do apps like HubSpot improve the security of your social media, but it also makes workflows more efficient. Think you can use the same post for LinkedIn and Facebook? HubSpot makes that a breeze, plus a bunch of other features that are way too numerous to mention here.
Keep a document that keeps track of who has access to which accounts and review it regularly. It may not seem necessary at a smaller company but your business might expand quicker than anticipated, or you might have to rely on your social media savvy Account Executive to fill in for a sick Social Media Manager one day.
Also, stay organized and be clear with employee roles – someone writing copy doesn’t necessarily need access to the social media accounts in order to perform their tasks. Make sure each employee that interacts with your company’s social media has a clear directive on what they should and shouldn’t do.
We’re diving into legal matters here, but ask your attorney or legal team about ensuring that your employment agreements protect your social media accounts from being owned or taken over by employees.
For more info about social media litigation matters, check out this blog by Aaron Hall (an actual attorney) that dives into previous cases and how they turned out for the involved parties.
One of the best ways to ensure that a company social media account-employee relationship doesn’t go awry is to cultivate a company culture that creates trust. A happy employee is less likely to try any nefarious activities when leaving the company. But even with a fantastic group of employees, following best practices and staying vigilant will only be a positive, especially when there are also external threats to your company’s social media. Like phishing or your college dormmate stealing your phone.
Leave a Reply