The four pillars of good social media governance

 

As a former journalist, I am a big believer in the principle of “show, don’t tell.” So instead of writing a bunch of words about how much damage a cyber attack, hack or social media security breach can cost your brand, let me just show you.

Pillars - tweet collage.png

I could truly give you dozens of additional examples. Unfortunately, there are a bunch of ways that companies can find themselves in a situation like this. The most common:

-Cyber criminals actively target their accounts and hack in

-The passwords are easily guessable, like “password123”

-The platform itself (Twitter, Facebook, etc) has a security breach and criminals get their hands on confidential passwords

-The company’s own social media manager makes a mistake and accidentally tweets something from the company account instead of his/her personal account (see KitchenAid example above). For the record, this is very easy to do if you are logged into both accounts.

-A third-party tool that is connected to your social media account gets hacked and the criminals gain access through the tool

-Someone leaves the passwords lying around (not kidding, it happens)

-Or, the passwords are not stored and managed securely, and a bad actor gets their hands on an unprotected spreadsheet or PDF containing all the passwords

Even though these types of events have sadly become very commonplace, and even though “Our Twitter account got hacked” is a generally acceptable excuse, there is no underscoring how much damage these types of events can do to your brand. 

So how do you prevent your company from being the next one in the news for some terrible social media incident? 

Bad news first: You can’t 100% prevent it. Cyber criminals are persistent, and they are good at what they do. There’s also the real factor of human error. There is no way to create a completely foolproof environment to protect from these things. But…

The good news: You can dramatically reduce the chances that your company is the chosen one. Just like criminals who wander around neighborhoods and look for unlocked cars to loot, cyber criminals prefer their targets to have little to no security. It makes it easier for them. If you have put in place good process and security, you make yourself a less-likely target. It’s that simple.

The answer (shocker for those of you who know me): Governance!

Though I could literally write a book about this, here are the four pillars of good social media governance.

1.     Own all your stuff. I cannot stress this one enough. Your company should be in control of all your social media accounts, all of your ad accounts, all of your related accounts like Gmail, Bitly, etc. You should provision access to others. Your agency should not own anything. No one should be provisioning you with access to your own accounts.

2.     Know who has access at all times. It’s a pain in the butt, especially if you are operating social for a large enterprise and have hundreds of accounts and users to track. But knowing who has access at any given time is really important. What if your company issued a terrible tweet and you had to figure out who did it?

3.     Manage your passwords. Not properly managing your passwords is probably one of the easiest ways to get in trouble. If your company is still managing passwords in a spreadsheet or a password-protected PDF, that is not secure. If you don’t have protocols for changing the passwords every X months, that is not secure. Ideally you should have a password management tool to help you add even another layer of security. And don’t forget passwords to all those Gmail accounts, Bitly accounts and other tools used in the course of managing social media.

4.     Prepare for the “hit by a bus” scenario. Fill in the blanks: “If _____ (person on our team) got hit by a bus, we would be in trouble because they are the only one who knows how to do _____ (task) or how ____ (system) works or where the _____ (passwords) are.” If you were able to easily fill in the blanks multiple ways, you are not ready for hit by a bus. Build in redundancy. Cross-train your team. Make sure important things are stored in a place where more than one person can access them. I guarantee you that “We don’t know where the Twitter password is” is not an answer that will impress your C-suite in the middle of a crisis.

I could go on. There’s a lot that goes into a true proper governance model. And, if your company is a large one with lots of social accounts, it does take real time and real resources. If you would like to read more, please check out the Governance section of my website. Or, of course, contact me if you want to learn more or would like help securing your company’s social.