As well as individuals, companies large and small can be the victims of lax social media security. Accounts have been hacked, changed and used to spread political and scatological messages. Brands have been besmirched, and customers and prospects lost.
While large international corporations and other major players may be able to recover from these kinds of attacks easily enough, for the small business they can (and have) proved fatal.
So how can you counter these threats?
Getting out of social media is not a solution. More and more people are using this kind of media to follow companies and brands, to talk about them, and to decide whether to buy their products or services. The role of social media in marketing is expanding continuously and is set to stay. In fact it looks set to eventually overtake more traditional sales tools.
The reality of the threats is that most of the breaches of security that have happened so far were due to the business owner or an employee falling for simple scams… by opening suspicious emails or clicking through to rogue websites without a moment’s hesitation.
Here are a few simple things you can do to protect yourself and your business.
Education and training
You or your staff may lack the caution needed to use networks securely. The only solution in these circumstances is education and training.
Structured social media educational programmes that deliver training on the use of special tools and how you can do so securely are available. These come in a variety of formats, from brief how-to manuals to webinars.
You can find programmes that fit for your business and financial resources through Google.
Malicious links are a common way in which accounts are compromised. Caution is best, especially if links lead to pages that ask for usernames and passwords.
Thus a fundamental part of these educational programmes is training in how to recognise a suspicious messages, emails or links that could act as a gateway into your systems for a hacker.
In addition to improving basic security, these programmes can also help improve the overall performance of social media campaigns. Indeed, many of them deliver training in the more advanced aspects of social media such as attracting new clients.
If you and a member of your staff are sharing social media activities, you are likely to be sharing accounts and passwords. The more accounts you have, the more the passwords that will be shared.
How can you keep these passwords secure?
The answer is… with great difficulty. Here’s what you need to do:
First, you should create strong (complex) passwords, rather than relying on simple, very common passwords such as 12345etc or password. Password generating tools are available.
Secondly, you must make sure that passwords are never stored on shared computers, on mobile phones or in emails, nor on post-it notes or other scraps of paper.
Complex passwords can be hard to remember, especially where several are in use. You can reduce the number of passwords your staff uses by ensuring that they sign into your firm’s accounts using the same username and password as they use for their company email account.
This has the additional advantage that, should an employee leave, their access to all company media can be disabled in an instant. A disgruntled employee can wreak havoc through your social media accounts if he or she still has access.
Centralising control over social media
Most people and businesses, even the very smallest firms, will have multiple accounts on many different networks, eg, Linked In, Twitter, Facebook, and so on.
Maintaining control over several accounts can be difficult and time-consuming, especially if you company includes several people who are involved in creating tweets and posting updates.
The first think you need to do is to undertake an audit of all your accounts, noting who manages them and who has access to them. Then you can close-down any accounts you don’t need and remove permissions for the remaining account from any employees who don’t need them.
Once that is done, you can consolidate these accounts within a social media management system. An SMMS will allow you:
write messages and publish them to several accounts on several social networks from a single interface or dashboard
monitor all social activities from one place (thus simplifying a time-consuming task).
Several well-known SMMS are available. Most operate on a freemium basis, ie basic services are free to users but additional services are delivered on a paid basis.
A good SMMS will have built-in malware tools to notify users when a suspect link is clicked. A secure system will also notify you if suspicious activity is taking place on your accounts, giving you a chance to shut-down a possible security threat.
Paid social media, such as Facebook’s Promoted Posts, has made the need to bring all social media under central control using an SMMS all the more urgent. Imagine a situation in which you invest tens of thousands of Euro or dollars into Promoted Tweets on Twitter and some-one who hacked your account ruins the whole campaign with an offensive tweet.
The malware tools built into an SMMS should be able to prevent scenarios like this happening. In addition, such an SMMS should also be able to monitor the outcomes of paid social media without requiring the additional passwords usually associated with paid media platforms.
A mistweet or other mistake on social media can happen easily. The only way to avoid these kinds of errors, which can seriously damage your reputation, is to set up an approval process that must be followed before a social message can be posted.
Of course, a formal approval process is only applicable if more than one person is undertaking social media activities. In these circumstances the process will probably be vital in order to ensure that the standards you expect in your social messages are achieved.
The simplest approval process is just to allow another person to review a tweet, message or update before it is posted. Good social media management systems should include an approval process for all social media messages.
As well as allowing the content of posts to be checked, an approval process means that typos and spelling errors can be corrected and links checked. The process also gives you and your employees a chance to learn from each other as suggestions and corrections are made.
An approval process will dramatically reduce the likelihood of a major social media crisis. However, it will not guarantee that nothing goes wrong.
Mistakes happen. No matter how many security measures you undertake, there is always a chance that something will go wrong and an inappropriate message will be sent, either because something was missed by accident during the approval process or a hacker gained access.
So, what can you do if the worst happens?
The only answer is the boy scouts’ motto: be prepared.
‘Being prepared’ means that you and your employees must have a specific plan on how to respond quickly and effectively when a crisis erupts. As crises tend to be unpredictable, this plan must be flexible.
You should test and evaluate your plan to ensure that it will actually work in emergency. You also need to practise the plan so your and your people know instinctively what to do.
Social media happens in real-time so you need to respond in real-time. Social media, in fact, can help you respond appropriately. This is best doing using a tried and tested social media management system.
A good SMMS will enable you to monitor how your customers, prospects and the public at large are reacting to the issue so that you can respond with appropriate messages.
Social media allows you to reach a massive number of people quickly so you can tell them about the problem and how you are working to resolve it. This can increase your credibility with customers and prospects and the public at large… which is what social media for business is all about.