The impact on your brand could be catastrophic. And while this isn’t how TV, print, or most digital advertising platforms work, the risk is very real on social media.
Repeatedly called out as one of the biggest threats to cyber security in 2015, social media continues to play a larger and larger role inside businesses of all shapes and sizes.
The irony of the situation? The very features that makes social media effective for communicating to large audiences also make it highly susceptible to breaches in security. The single sign-on between personal and business profiles, accessibility across the Web and devices, and simple integration with enterprise systems are just a few of the major risk factors for a security-conscious brand.
Need a more tangible example? In a recent article, Buzzfeed exposed several vulnerabilities leaving the government open to cyber-attacks. One of these was the fact that “the government has thousands of social media accounts and thousands of public servants managing them.”
For many large brands, this probably sounds pretty familiar. Brands, whether they have one or one thousands social accounts, are placing passwords and trust in the hands of internal and external managers who possess the ability to create content and manage ads.
What’s government’s solution to this widespread distribution of power? First, strategists launched a publicly available authentication tool that allows anyone to validate the legitimacy of an account. Second, they created an Internal portal loaded with documentation and best practices on Internet security.
Brands can employ a similar strategy by requiring all administrators to use third-party software that provides one point of access for all social activity. With the right technology in place, this approach allows large corporations to centralize log-ins for all of their social channels, while building in additional permissions levels, external authentication steps, and more. And finally, Integration with HR systems can automatically remove employee access the moment their employment status changes.
I understand that not every brand has the resources available to invest in highly secure social media software. So here are a few simple steps that companies can and should be taking to prevent attacks on their own social soil:
First and foremost, take passwords seriously. For any internal systems, establish a technical requirement for password length and style. From there, enforce a strict 90-day password refresh policy across all channels. Fun fact: an eight-character password with numbers, symbols and mixed-case letters has 30,000 times as many possible combos as an eight-character password that includes only lower-case letters.
But why stop there? You can also require employees to use password management tools so they can safely share and remember unique and complex passwords for each social account or software they log on to. Since most password management tools are available free of cost, there’s no need to worry about these systems affecting your bottom line.
From an operations standpoint, work with HR to create organized training that educates your team on social media security. Dedicate someone on your social team to act as a liaison with IT to get up to speed on the latest threats in social media and then inform the rest of your social team on best practices. Humans are the weak link in security -- only one bad click on a fake Starbucks coupon could take down your whole operation.
Lastly, understand that neither technology nor people are bulletproof. Develop a cyber-attack response plan, and hold practice sessions. What would happen if someone hacked your corporate Facebook page and started posting some seriously off-brand content? What's the plan, who's doing what, who do you need to loop in internally? It’s crucial to have a chain of communication and action plan.
As social media’s role advances into the realm of primary communications channel like television or email, social media security will become a top-down priority. Managers will have to mandate that all employees work to keep customers, company, and employees themselves safe. With the convergence of organic and paid content roles, what was once solely a messaging risk is increasingly a financial risk.
Not a pretty picture.
You may not be able to stop your employees from surfing cat videos all day, but with a little thought and effort, you can prevent them from tarnishing your multimillion- dollar Facebook presence -- or worse, landing your business in court, in a matter of moments.