Ten ways to keep your social media accounts safe

Keeping your social media accounts safe is a real worry for organisations large and small. But whether you are a team of three or three hundred there are some key steps you can take to keep your social media accounts secure.

Good social media governance is about making sure that you:

  • Protect your accounts from being hacked
  • Are able to access your accounts no matter where you are
  • Safeguard your organisation’s online reputation

Keeping your social media accounts safe

1. Use strong passwords

A minimum of 12 characters is recommended. The NCSC recommends the ‘three random words’ technique to create a password that is easy to remember, and both long and strong enough. It could also be made up of a random mix of numbers, upper case and lowercase letters and special characters, but that can be harder to remember and so should be stored in a password manager. Find out more about setting up a strong password

2. Where possible, use two-factor authentication.

This is an extra level of security to double-check whether the person accessing the account has authorisation. There are a number of way to do this, for example with a hardware ‘key’ or app on a mobile device. SMS is offered by some services but the least secure option and should be avoided if possible.

3.  Make sure that more than one person has access.

You don’t want too many people having access, but you need a minimum of three people who have log in details or admin permissions to make sure that you don’t get locked out while someone is on annual leave or during a crisis that develops out of hours. Social media platforms are hard to get in touch with and don’t easily hand over access to accounts.  You should have at least three admins for your Facebook Page and LinkedIn Company Page in case one of them loses access to their personal account or leaves your organisation. Only admins can add other admins to the page.  To reset passwords or regain access if there are any security issues you’ll need to be able to log in to the platforms directly rather than through social media management tools. 

4. Check linked email address and phone numbers

Which email addresses and phone numbers are linked to the logins for your social media accounts? (particularly Twitter and Instagram) and are they still current? If you need to reset the password or have problems with access, it’s much easier to resolve if you know which contact details are linked to each account.

5. Keep a record of who has access

Who has access to which channels? Have a clear process for removing access when someone leaves their role. Check who has access to your accounts via social media tools such as Hootsuite and what level of permission they have. Review this monthly. 

6. Use a password manager

A password manager such as Last Pass is useful to make sure that you don’t forget login details. A password manager also allows you to share access to accounts without sharing the password.

7. Have a clear process

Create a robust process for anyone who wants to set up new social media accounts within your organisation. It should include a process for how they access accounts and how passwords are organised.

8. Schedule a regular review

this could be more or less frequent depending on the size of your team and organisation.  Look at who has access to your accounts, where the accounts are logged in (Twitter and Instagram), and which tools have access to each of your accounts. Be alert to any suspicious activity and unusual logins. 

9. Don’t forget about the inactive and inaccessible accounts

Keep an inventory that includes all of your social media account information such as:  

  • How many different accounts there are, and on which channels.
  • Who has access to each of these channels.
  • Which channels are connected to each other.
  • Which social media management tools you use.
  • Accounts that no one is using.
  • Accounts that you cannot access. 

10. Understand the help process for each of the social media channels

This is important just in case you have any issues with your accounts. Make sure you are clear about what they consider to be problem content such as spam, misinformation or impersonation and what is considered parody or another acceptable content under the channel’s Terms of Use. 

Large companies, big public sector organisations, and high budget advertisers will often get a named representative they can call on for help. Smaller organisations will have to rely on the generic help process which isn’t always the fastest.  Look out for three dots in the top right-hand corner of Facebook and Instagram posts and the small arrow in the top right-hand corner of Twitter and LinkedIn posts to find the reporting options on each channel.

Helpful Links

How to report a Facebook Page

Report a Twitter account for impersonation (note there is a separate link within this page to report trademark misuse).

How to report Instagram content

Reporting LinkedIn content and their categories for reporting. 

 

How could we help you?

If you have any questions about keeping your social media accounts safe please get in touch: [email protected]