How & Why To Do A Social Media Security Audit
Do you know exactly how many people across your business have access to your social media accounts?
Did you once give the password to someone in Sales to Tweet about an event they went to? Did they put Twitter on their personal phone so they could do it?
Do they still even work there?!
In my experience, most of us who work in digital and social marketing spend little time giving thought to these kinds of questions.
And that’s not our fault:
We have to manage a lot. Our focus is on audience growth, brand advocacy, community management, engagement rates, CTR, lead gen, ROI……….metrics, metrics, metrics.
As Management thinker Peter Drucker is often quoted as saying; “you can’t manage what you can’t measure.”
But, from time to time it’s vital we ‘take stock’ to make sure that all our beautifully & carefully curated social presences are not hacked, giving you a PR and brand perception headache.
But that’s just part of the story:
Hacking is making big headlines these day, take the example of Mark Zuckerburg having his Facebook account hacked. And we’d have all thought he’d be pretty solid on his security, given his profession and status.
The truth is:
You don’t have to be well known to get hacked on social media. It can easily happen to anyone.
But you can limit your risk, by making sure you complete a regular social media security audit. Checking what people, apps and devices have access to your social accounts.
There are many steps involved when doing a quick social media security audit, so we have put together a quick guide to help you conduct your first (or second and third etc.) one more effectively.
Not sure where to start? To help you navigate the template, we also put together this 6-step guide on how to execute a social media audit.
Complete a 30 Minute Social Media Security Audit in These 7 Steps
Step 1: Create a Social Media Security Audit Spreadsheet
Creating this as a spreadsheet will allow you to have a working home for your audit. Plus, it means that you and everyone on your team can keep it current.
As we go on you’ll be adding columns, but let’s first start with 3 columns.
For the social network, the profile URL and who ‘owns’ it. The ‘owner’ of the account may seem a bit odd, if all your team use it, but it’s an important way to confirm who is responsible for managing the content and relying to messages.
Step 2: Identify all your social accounts
Using the search in each of the social networks and Google, stick in your brand name and see what comes up.
This will allow you to see if any imposters are using your brand name. A common one for hackers is to mimic a customer service account of a company.
If you identify any, you can then ask them to shut down the account or contact the social network to intervene.
If you’ve not long started in a new job, you may find your new company has more social profiles than you and they know.
I was once interviewed for a role to manage the social presence for a small brand and a quick search identified over 50 social profiles for them!
It’s easier done than you think. Start a Facebook page for a specific project, project ends and people move on and everyone forgets about it.
Each of those forgotten accounts is a possible way for someone to hijack your brand presence.
Step 3: Identify everyone who may have access to your social accounts
This one may require a bit of detective work. It’s important to capture exactly who should have access to your social accounts and keep a list. This ensures you can know that only these people have current access.
Don’t worry if you cannot identify everyone who might have access, you can remedy this in step 6.
Step 4: Identify apps that have access to your social accounts
Someone could gain access to your accounts, without the need to break your direct password.
Most of us will use multiple apps that, for one or another reason, request access to our social accounts. This is where many of us trip up.
List all the affiliated apps you can see having access to each of your accounts and deactivate those that you don’t use.
For Twitter this is easy, you can see it in the apps tabs in your settings page. Facebook has the info here.
Step 5: Identify whose devices have access to your social media
List the devices you and your team use to manage your social media accounts and who owns each of them.
This will help you keep track of who is using work and/or personal devices to manage your social media accounts. This will better secure your accounts as you will know if you need to alter passwords should someone lose a device, or a colleague moves on the new role.
Step 6: Set up password change reminders and centralise passwords
If you must complete one step, this is it. This part of the process will help you make sure that your social media profiles are more secure.
Whoever may possibly still have access to your social accounts, you essentially reset this by simply changing all your passwords.
Use the last two columns in your social media security audit to note the date that you last changed the password on each account. The just set a ‘best practice’ on how often you should change them going forward.
Centralising the ownership of the passwords for each profile can also better protect them.
Having one department i.e. IT own the key to all the passwords for the social media profiles. Then use a password managing tool to share access on a need-to-use basis.
This is far more secure than storing them in a spreadsheet. Never store them in this audit template.
Step 7: Create an on-going process and practices
Once you’ve done the previous steps and completed your audit, it’s time to create internal processes on how you will manage better securing your social accounts going forward.
Take note of:
- The decision process to create new social profiles and recording their creation.
- How access, temporary or otherwise to your social media accounts is given and recorded.
- Devices you will allow to be used to manage your profiles.
- The processes you want to set in relation to frequency of updating your password.
Ultimately, no social account is entirely hack proof, as all the recent high profile reports have shown. If someone really wants to get into your accounts, they will.
But some common sense steps can go a long way.
Use the information you’ve discovered through your social media security audit to build best practices and processes to better secure your social media accounts.