How Should We Be Securing Our Company Social Media Accounts?

How Should We Be Securing Our Company Social Media Accounts

When it comes to cybersecurity, social media accounts aren’t typically part of the conversation. Companies are focused on cloud security, network security, and other safeguards related to remote logins and data leakage.

But social media accounts are an increasingly important part of a company’s digital marketing strategy. With most people now online, companies are using social media for both lead generation and customer service.

64% of people say they’d rather message a company than call them. 

Services like Facebook Messenger and LinkedIn Mail are being used more often by consumers to contact businesses they know, even if that business hasn’t specifically noted it as a contact method. It’s not unusual for an employee to get a message on social media out of the blue asking about at their employer’s products/services.

With the rise in credential theft and account takeovers, having company social media accounts compromised is both a growing risk and area of digital security that companies need to be focused on.

Best Practices for Securing Your Business Social Media Accounts

Approximately 1 in 5 small and mid-sized businesses have had their social media accounts hacked. 

What could a hacker want with a SMBs social media account? They’re often used to perpetrate social phishing attacks because followers will tend to trust a link that they receive from a business they know.

Hackers can also glean information from customer messages in social apps and potentially use them add other admin users to the account.

Here are several best practices for securing your company’s social media accounts so you don’t get hacked.

Use Multi-Factor Authentication

Adding an additional sign-in step through multi-factor authentication can help prevent a hacker from compromising your Twitter, LinkedIn, YouTube, or Facebook account. 

According to Microsoft, adding MFA to a login can help prevent 99.9% of fraudulent sign-in attempts.

Users that are attached as admins of your company profiles should also use MFA on their accounts. 

Regularly Review Who Has Admin & Posting Access to Your Account

Platforms like LinkedIn and Facebook have you assign existing users to a company page or group as an admin. This means that you could possibly have people who are no longer with the company that can post on your company social accounts.

Companies also often use 3rd party apps like Hootsuite or Loomly for social media post scheduling, and those apps also need authorizing to post. If you’ve changed from one platform to another, you may have some older accounts still authorized, which could be a security risk.

It’s important to regularly review (perhaps once a quarter) every account you have authorized with admin access or access to post and remove any that should no longer be authorized.

Make Sure Mobile Devices & Laptops with Access are Secured

Once you’re signed into a social media account on a phone or computer, you rarely need to sign in again. These services keep people signed in to make it more convenience to use their services. But this also means that any thief that steals an employee’s laptop or smartphone can easily access their social profiles. 

Make sure that devices have security set up on them, such as:

  • Screen lock with passcode
  • Find My Device feature
  • Ability to remotely lock/wipe device 

Post Through Legitimate Third-Party Applications

Most companies find it easier to administer a social media account through a 3rd party application that allows you to schedule posts in advance. This is also a good security best practice.

Instead of having several different individual accounts that are admins on your social platforms, you only need to have one. Then that account is the one used for the 3rd party social posting platform, and all employees that need to, can access that 3rd party platform to schedule company posts, reply to followers, etc.

Create a Dedicated Email Address for Social Accounts

The more logins an email address is used for, the more risk there is of that account being compromised. You can use a tactic that follows the same logic as Microsoft 365’s dedicated admin account, which is to create a dedicated email address on your company domain that is not used for any other user email.

That email address is then used to sign up for your company social media accounts (or transfer ownership). Because the email address is not being used for anything else, your social accounts will be less likely to get hacked.

Don’t Sign Into Social Accounts on a Public Wi-Fi

Free, public Wi-Fi is a prime target of hackers that conduct man-in-the-middle attacks to spy on traffic of other users connected to the same Wi-Fi.

You never want to enter passwords or sensitive information of any kind online when you’re connected to a public Wi-Fi, this includes logging into social media accounts.

Get a Full Cybersecurity Review With Recommendations

Haxxess can help your Northern Ontario company ensure you haven’t left any vulnerabilities in your company’s security strategy by doing a full review and providing helpful recommendations for any weaknesses.

Contact us today to schedule a free consultation! Call 705-222-8324 or reach out online.

stay in touch

Subscribe to our newsletter and we'll keep you informed about latest IT news.