Social media security for business: Password best practices
(4 minute read)
Are your business’ social media accounts secure?
Using social media is an essential marketing tactic for all businesses and can help generate a great deal of brand awareness and even extra revenue. However, there are several precautionary measures you should be taking to ensure your accounts and passwords stay safe and your brand image remains uncompromised.
Here are our social media security best practices to help you maintain firm control of your business accounts at all times:
Limit staff access
If you need to allow multiple members of staff to login and contribute to your business social media accounts, make sure you have control over the level of access they have. Ideally, you should avoid granting full admin rights where possible. This is because you as the business owner could in theory be removed as an admin user by others, thereby losing control over your own company’s social accounts.
You should also ensure that you keep a very close eye on how many staff have page editing and page admin roles across Facebook and LinkedIn and monitor all activity, as any staff members who leave will need to be immediately removed from these roles without delay, especially if they leave on bad terms.
It may sound like paranoia, but ex-staff members bearing a grudge can wreak havoc on an unsecured company social media profile if they feel like it, so taking precautions is essential.
Implement good password hygiene
Social media passwords are to be taken just as seriously as all other business passwords to prevent unwanted access to your company’s assets. Here are a few password best practice tips to keep your social media accounts secure:
Length over complexity: Security best practice guidelines from experts state that complex passwords involving various numbers and characters like “Gr@ph!cDe$!gn4758!” can actually be counterproductive, as they get so complex that employees resort to writing them down, thus rendering the password pointless. Longer phrases including random words and spaces such as “friends hug inspired design” are more secure, harder to hack and easier for employees to retain, therefore these are the better option.
Different passwords across accounts: Never use the same password for more than one social media account or platform. This is because, if one password is compromised for any reason, all of your accounts become vulnerable to trespassers. Keep them all significantly different, and don’t be tempted to simply change one letter or tack on a few symbols as this doesn’t make them any more secure.
Don’t change passwords too frequently: What? Really? Believe it or not, this is actually the latest advice backed up by science. FTC Chief Technologist and computer science professor, Lorrie Cranor, reports that forcing frequent password changes actually results in less secure passwords due to the predictability of the changes. The only exception to this, of course, is if you know your accounts have been hacked or if an employee who has access to a shared password leaves the company.
What’s more, according to recent research out of Carleton University, even if we all put in the effort to make super secure new passwords each time, it only hampers attackers a tiny bit and not enough to offset the inconvenience to staff. However, this doesn’t mean you should never change your social media passwords. A good, strong password will serve perfectly well for 6 months to a year, so changing it at these intervals is just as secure, if not more so, than changing it every 4-6 weeks.
Multi-Factor Authentication: Using multi-factor (or two-factor) authentication for social media logins is one of the most secure ways to handle business accounts. It works by adding an additional layer of security on top of a password, requiring users to present another form of identification in addition to the password. With social media security this often involves entering a code that is texted to the user’s registered phone number. You can take this one step further with the use of advanced security tools, but we’ll come back to that later.
Don’t leave old accounts unmonitored
Idle, unmonitored accounts are especially vulnerable to hacking and hijacking, leaving your brand image and integrity open to attack. Idle accounts are targeted by hackers and used to issue spam and malware, which can severely damage your customers’ trust and undo all your hard work.
If you have old business social media accounts that you no longer use, make sure these are completely deactivated and deleted to prevent hijacking. You should also stay on top of monitoring your active social media accounts on a daily basis to keep an eye out for any unusual activity, as inactive accounts are not the only ones that get hacked. If you spot anything suspicious, change your password immediately and report the activity to the customer support services of the social platform in question.
Set up a company social media policy
Setting up a social media security policy for your business is the best way to ensure all employees are adopting best practices and using your social accounts properly. It could include information on how to:
Create a secure password and when to change passwords
Monitor and engage with social media brand mentions
Spot unusual behaviour on social media feeds
Avoid and effectively deal with incidents of spam, phishing attacks and errors
Avoid and deal with malicious software
Deal with a brand image crisis, trolling or mistakes on social media
Share on-brand and appropriate content
With this type of policy in place you can protect your company against most social media security breaches and brand crises.
Make use of helpful software
There are lots of password management tools on the market to help all businesses manage and protect their passwords, which is especially useful if your company is using multiple social networks in your marketing strategies.
1Password is one such helpful tool, which allows you to save your passwords in a secure place and access all of your accounts quickly and easily.
Remember how we mentioned you could go one step further than two-step authentication processes? 1Password uses a three-pronged encryption process including what they call a ‘secret key’ and a secure remote password on top of your master password, which is not stored anywhere except your mind. With all of this in place, your master password, and therefore your social media accounts, cannot be accessed, intercepted, reset or dodged.
Implementing these tips and security best practices are the best protection you can give your company’s social media accounts and passwords.
If you’re new to business social media and you’re not sure where to begin, give the team here at (hug) a shout. Our expert social media team is on hand to help you set up, monitor and protect your business social media accounts and ensure your passwords are kept under lock and key.
