Policies first

How to prepare a cybersecure social media policy for your company

5 minutes reading

Social media platforms can benefit your brand in many ways, but when misused, they may represent a digital safety issue. It always pays off to keep digital security in mind. To get the best out of social media use, prepare a social media policy that can help you maintain your cybersecurity at a high level while you promote your brand online. Here are some tips.

1. Designate the people in charge of the profiles

Your social media policy should define who has the right to post on your social media or sign in to your profiles. The number of employees with such privileges should be small to limit the people with access to sensitive information and prevent the possibility of a security breach. As for the employees who cannot post on your business accounts, you can use the policy to provide them with suggestions on engaging with your brand’s profiles online.

Employee taking over social media: the story of a small bar   

Unexpected situations may be encountered by companies of any size. An English pub called House of Wolf faced a social media crisis when a former employee hijacked the pub’s profiles and used it to shame the bar publicly for not paying him. He also added a ransom note on the brand’s website: “This will remain on the HOW website until you pay me. Please uphold your agreement and pay up. Thank you, J x.” A well-prepared social media policy with an added crisis plan may have helped the House of Wolf to either prevent the situation or manage it more quickly.


Source: Immediate Future, 2014

2. Require multi-factor authentication and strong passwords

First and foremost, your social media policy should specify the basic security measures demanded the brand to function online. It should discuss properly setting secure passwords for any existing or new domains. The employees in charge of the accounts should also use multi-factor authentication to sign in to the platforms. Multi-factor authentication and strong passwords can help prevent cybercriminals from getting into your profile, stealing sensitive data, and taking over your profiles

3. Don’t leave any abandoned accounts behind

When a social media site is abandoned without being deleted, cybercriminals can take over it. They can use uncontrolled profiles to share damaging information (including explicit content, undeleted private data, or the contents of old conversations) or to impersonate your brand and share malware through online communication. Accordingly, keep an eye out for fake accounts trying to use your name to scam people.

Battle the cybercriminals’ attempts by deleting any old or unused accounts. Ideally, try to maintain a single profile on one social media, focus on its growth, and try to get verified. This makes it more complicated for threat actors to impersonate your company.

4. When switching between accounts, check twice

The people who take care of your brand’s social sites most likely have their profiles. There is a vast difference between what is suitable for sharing on a brand’s account and a personal one. The same applies to the user’s behaviour on the platform – observing unknown profiles, following them, and opening their posts may be less problematic for an individual but risky when done by a brand. When the person in charge of the brand’s site is switching between their personal and work profiles, they should always check twice before posting or proceeding to browse to protect your brand’s reputation and cybersecurity.

5. Consider the content you share

Your social media policy should focus on what type of content you want to post. First, consider why you decided to create social media profiles for your brand. Then personalise the guidelines accordingly. You should avoid posting sensitive information that can damage the cybersecurity of your company, staff, or even customers, such as pictures capturing your employees (without their consent), tentative business plans, security details, or private documents.

6. Be aware of possible scams

Apart from the previously mentioned issue of criminals taking over your old or abandoned profiles, the social media policy may also consider other common hacking issues. For instance, hackers may attempt to impersonate influencers or celebrities and contact your brand on their behalf, asking for collaboration or free products. Your social media policy should thus provide guidelines on cooperating with influencers and verifying their identity. It may also determine your brand’s approach to spam comments under your posts, which could lure your followers – including your employees – to click on dangerous links.    

7. Regular check-ups are essential

Finally, your social media policy ought to remain up to date and react to contemporary threats. The policy should specify which aspects need to be regularly updated. These include, for instance, social media privacy controls, as social networks may upgrade their settings or offer new options of protection – or the list of employees who can publish on your sites (so that there are no people who have the access they no longer need). To ensure you are not overlooking any possible threats, cooperate with your IT team and consider organizing regular training for your administrators to ensure they know how to react in case of cyber dangers.

Keep reading