Social Media For Business: Passwords and Security Best Practice Guide 

Are your business’ social media accounts secure?

Using social media is an essential marketing tactic for all businesses and can help generate a great deal of brand awareness as well as drive and increase in revenue. However, there are several precautionary measures you should be taking to ensure your accounts and passwords stay safe and your brand image remains uncompromised.

Here are our top business social media best practice tips to help you maintain firm control of your accounts at all times:


Limit Staff Access

If you need to allow multiple members of staff to login and contribute to your business social media accounts, make sure you have control over the level of access they have. Ideally you should avoid granting full admin rights where possible. This is because you as the business owner could in theory be removed as an admin user by others, thereby losing control over your own company’s social accounts.

You should also ensure that you keep a very close eye on how many staff have page editing and page admin roles across Facebook and LinkedIn and monitor all activity, as any staff members who leave will need to be immediately removed from these roles without delay, especially if they leave on bad terms.

It may sound like paranoia, but ex staff members bearing a grudge can wreak havoc on an unsecured company social media profile if they feel like it, so taking precautions is essential. 


Implement Good Password Hygiene

Social media passwords are to be taken just as seriously as all other business passwords to prevent unwanted access to your company’s assets. Here are a few password best practice tips to keep your business social media accounts secure:

  • Length over complexity: New security best practice guidelines from security experts state that complex passwords involving various numbers and characters like “Gr@ph!cDe$!gn4758!” can actually be counterproductive, as they get so complex that employees resort to writing them down, thus rendering the password pointless. Longer phrases including random words and spaces such as “friends hug inspired design” are more secure, harder to hack and easier for employees to retain, therefore these are the better option.
     
  • Different Passwords Across Accounts: Never use the same password for more than one social media account or platform. This is because, if one password is compromised for any reason, all of your accounts become vulnerable to trespassers. Keep them all significantly different, and don’t be tempted to simply change one letter or tack on a few symbols as this doesn’t make them any more secure.
     
  • Don’t Change Passwords Too Frequently: What? Really? Believe it or not, this is actually the latest advice backed up by science. FTC Chief Technologist and computer science professor, Lorrie Cranor, reports that forcing frequent password changes actually results in less secure passwords due to the predictability of the changes. The only exception to this, of course, is if you know your accounts have been hacked or if an employee who has access to a shared password leaves the company.

    What’s more, according to recent research out of Carleton University, even if we all put in the effort to make super secure new passwords each time, it only hampers attackers a tiny bit and not enough to offset the inconvenience to staff. However, this doesn’t mean you should never change your social media passwords. A good, strong password will serve perfectly well for 6 months to a year, so changing it at these intervals is just as secure, if not more so, than changing it every 4-6 weeks.
     
  • Multi-Factor Authentication: Using multi-factor (or two-factor) authentication for social media logins is one of the most secure ways to handle business accounts. It works by adding an additional layer of security on top of a password, requiring users to present another form of identification in addition to the password. With social media security this often involves entering a code that is texted to the user’s registered phone number. You can take this one step further with the use of advanced security tools, but we’ll come back to that later. 

Don’t Leave Old Accounts Unmonitored

Idle, unmonitored accounts are especially vulnerable to hacking and hijacking, leaving your brand image and integrity open to attack. Idle accounts are targeted by hackers and used to issue spam and malware, which can severely damage your customers’ trust and undo all your hard work.

If you have old business social media accounts that you no longer use, make sure these are completely deactivated and deleted to prevent hijacking. You should also stay on top of monitoring your active social media accounts on a daily basis to keep an eye out for any unusual activity, as inactive accounts are not the only ones that get hacked. If you spot anything suspicious, change your password immediately and report the activity to the customer support services of the social platform in question.


Set Up a Company Social Media Policy

Setting up a social media policy for your business is the best way to ensure all employees are using your social accounts properly and adopting best practices. It could include information on how to:

  • Create a secure password and when to change passwords

  • Monitor and engage with social media brand mentions
  • Spot unusual behaviour on social media feeds
  • Avoid and effectively deal with incidents of spam, phishing attacks and errors
  • Avoid and deal with malicious software
  • Deal with a brand image crisis, trolling or mistakes on social media
  • Share on-brand and appropriate content

With this type of policy in place you can protect your company against most social media security breaches and brand crises.


Make Use of Helpful Software

There are lots of password management tools on the market to help all businesses manage and protect their passwords, which is especially useful if your company is using multiple social networks in your marketing strategies.

1Password is one such helpful tool, which allows you to save your passwords in a secure place and access all of your accounts quickly and easily. Remember how we mentioned you could go one step further than two-step authentication processes? 1Password uses a three-pronged encryption process including what they call a ‘secret key’ and a secure remote password on top of your master password, which is not stored anywhere except your mind (or written down if you need to). With all of this in place, your master password, and therefore your social media accounts, cannot be accessed, intercepted, reset or dodged.

Implementing these tips and best practices are the best protection you can give your company’s social media accounts and passwords.