Luke joined RWA from July 2022 - July 2023. He has 10 years of graphic design experience creating marketing material and 7 years of direct marketing experience, most recently working as a freelance social media marketing manager. Luke’s role at RWA involved overseeing RWA's social media channels and assisting with the creation of e-learning and blog content.
Social Media – Protect Your Reputation
An unauthorised individual or party, creating inappropriate or malicious posts or sharing personal opinions on company social media channels, can break trust and cause serious reputational damage. In 2020, with just a 6-word tweet, Tesla CEO Elon Musk wiped $11 billion off Tesla’s value. In 2013, disgruntled HMV employees took over the official Twitter account and posted tweets criticising and mocking the company, as it turned out the account had been set up by an unpaid intern.
Without a system of protection in place your business is open to risks, such as attempts to spread misinformation or fake news, hijacking for malicious purposes, internal staff with a grudge posting damaging content, and incomplete or inaccurate messaging being published.
Make sure that only authorised staff have administrative access
During one of my previous roles, I worked as a social media manager for a government run leisure centre. Upon starting my position, I went to the company’s Facebook page to check which individuals had administrative access. I saw a name I didn’t recognise, so asked the General Manager who this individual was. He informed me that this person had left the organization and had started up his own gym in the area, making him a direct competitor. At any point, this person could have uploaded damaging content and even deleted the Facebook page altogether.
If a member of staff with access to your social media channels is leaving your company, make sure access is revoked. Ideally, this should be done before they leave, in case there is any animosity due to the circumstances of their departure. Passwords should also be changed if the individual has been given access to these.
There may be several people within your business who need permission to access company social media channels. In these cases, you can take several measures to help protect your company from damaging content being published:
- Ensure post logging is enabled; channels such as LinkedIn and Facebook allow you to see who has uploaded to the pages and will provide a trail for unauthorised posts.
- Make sure passwords are stored securely and if possible, use a password manager. NEVER store passwords in plaintext files, unencrypted documents, or on servers that can be accessed by unauthorised people.
- The master password for a password manager, should be shared with only the minimum necessary amount of people. Similarly, passwords for email accounts that social media accounts are registered with, should remain confidential. Ensuring this will mean you always have a way of accessing social media accounts and changing their passwords.
Even if these steps are followed, social media is a fast-moving and ever-changing environment, so it is important to have an individual who is tasked with keeping up to date with the associated risks.
Have a system of reviews and checks in place before publishing
There is pressure to create new content quickly on social media, especially as mediums such as short-form video and AR & VR (Augmented Reality & Virtual Reality), become more popular. This increases the risk of potentially damaging and misleading information being uploaded, especially if multiple people are tasked with creating and publishing content. It is important to implement a content workflow to review and approve the publication of content. If a member of staff is more knowledgeable in a subject area, the content should be sent to them for fact-checking and approval before publication.
Only use company devices to create and publish content
Staff members tasked with the creation and publication of content should always use work devices. This lowers the risk of staff inadvertently posting content intended for their personal channels or interacting with posts in a way that is not in line with the company's views.
Have an emergency recovery plan in place
Don’t wait until you are in the middle of an incident before finding out what you need to do to regain control. If someone is publishing damaging content, the emergency recovery plan should lay out which steps to take; often, these steps will also be part of a wider social media crisis plan. The priority should be regaining control of social media accounts and removing access from the malicious party as quickly as possible.
Access to password management software should first be revoked from all but essential staff members and passwords should be changed for all social media platforms and any other services stored in the password manager. Once the password is changed, administrative access should be revoked from all but essential staff members, damaging content should be removed, and if necessary, a statement can be released on the affected social media platforms. After the social media accounts are secured, you can begin an investigation to identify the malicious party.
If the email account registered to the social media account is also compromised, this increases the risk of the malicious party being able to change the password and completely lock access to the social media channels. Email accounts must be set up with 2-factor authentication. If the email accounts and social media have been compromised and completely locked, the only recourse is to contact the email provider and social media platforms directly. However, in this case, there is no guarantee that you will be able to regain access to the email and social media accounts.
To learn more about using social media safely, Development Zone users may want to explore the following courses:
- Social Media 1 - Introduction to Social Media
- Social Media 2 - Considerations for Employees
- Social Media 3 - Considerations for Employers
- Social Media 4 - Setting a Social Media Policy
If you’re not already signed up to the development zone, these courses and over 500 more are waiting for you. See what e-learning can do for your firm by visiting https://mydevelopment.zone/free-trial for a 14-day free trial.