Policies first

How to prepare a cybersecure social media policy for your company

5 Minutes reading

Social media platforms can benefit your brand in many aspects, but when misused, they may actually represent a digital safety issue. It always pays off to keep digital security in mind. To get the best out of social media use, prepare a social media policy that can help you maintain your cybersecurity at a high level while you promote your brand online. Here are some tips.

1. Designate the people in charge of the profiles

Your social media policy should define who has the right to post on your social media or sign in to your profiles. The amount of employees with such privileges should be small to limit the people with access to sensitive information and prevent the possibility of a security breach. As for the employees who cannot post on your business accounts, you can use the policy to provide them with suggestions on how to engage with your brand’s profiles online.

Employee taking over social media: the story of a small bar   

Unexpected situations may be encountered by companies of any size. An English pub called House of Wolf faced a social media crisis when a former employee hijacked the pub’s profiles and used it to shame the bar publicly for not paying him. He also added a ransom note on the brand’s website: “This will remain on the HOW website until you pay me. Please uphold your agreement and pay up. Thank you, J x.” A well-prepared social media policy with an added crisis plan may have helped the House of Wolf to either prevent the situation or manage it more quickly.


Source: Immediate Future, 2014

2. Require multi-factor authentication and strong passwords

First and foremost, your social media policy should specify the basic security measures demanded for the brand to function online. It should discuss how to properly set secure passwords for any existent or new domains. The employees in charge of the accounts should also use multi-factor authentication to sign in to the platforms. In combination, multi-factor authentication and strong passwords can help prevent cybercriminals from getting into your profile, stealing sensitive data, and taking over your profiles.

3. Don’t leave any abandoned accounts behind

When a social media site is abandoned without being deleted, it can be taken over by cybercriminals. They can use the uncontrolled profiles to share damaging information (including explicit content, undeleted private data, or the contents of old conversations) or to impersonate your brand and share malware through online communication. Accordingly, keep an eye out for fake accounts trying to use your name to scam people.

Battle the cybercriminals’ attempts by deleting any old or unused accounts. Ideally, try to maintain a single profile on one social media, focus on its growth, and try to get verified. This makes it more complicated for threat actors to impersonate your company.

4. When switching between accounts, check twice

The people who take care of your brand’s social sites most likely have their own personal profiles as well. There is a vast difference between what is suitable for sharing on a brand’s account and on a personal one, and the same applies to the user’s behaviour on the platform – observing unknown profiles, following them, and opening their posts may be less problematic for an individual, but can be rather risky when done by a brand. When the person in charge of the brand’s site is switching between their personal and work profiles, they should always check twice before posting or proceeding to browse to protect both your brand’s reputation and your cybersecurity.

5. Consider the content you share

Part of your social media policy should focus on what type of content you want to post. First, think about the reasons why you decided to create social media profiles for your brand. Then personalise the guidelines accordingly. You should avoid posting any information that is sensitive and can damage the cybersecurity of your company, staff, or even customers, such as pictures capturing your employees (without their consent), indefinite business plans, security details, or private documents.

6. Be aware of possible scams

Apart from the previously mentioned issue of criminals taking over your old or abandoned profiles, the social media policy may also consider other common hacking issues. For instance, hackers may attempt to impersonate influencers or celebrities and contact your brand on their behalf, asking for collaboration or free products. Your social media policy should thus provide guidelines on how to cooperate with influencers and verify their identity. It may also determine your brand’s approach to spam comments under your posts, which could lure your followers – including your employees – to click on dangerous links.  

7. Regular check-ups are essential

Finally, your social media policy ought to remain up to date and react to the contemporary threats. The policy should specify which aspects need to be regularly updated. These include, for instance, social media privacy controls, as social networks may upgrade their settings or offer new options of protection – or the list of employees who can publish on your sites (so that there are no people who have access they no longer need). To make sure you are not overlooking any possible threats, cooperate with your IT team and consider organising regular trainings for your administrators to make sure they know how to react in case of encountering any cyber dangers.