If your brand is what people say about you when you’re not in the room, then your brand’s level of social media security is the extent to which hackers can control that conversation.

Social media accounts are a juicy target for criminals and pranksters who are seeking attention at the expense of your brand’s trustworthiness. Account hijacking is on the rise–companies and celebrities whose social media accounts have recently fallen victim range from Mark Zuckerberg to the NFL. Indeed, social media security is “something companies cannot afford to ignore.” Here’s a quick rundown of how you can secure your brand’s online presence and prevent someone from stealing your audience and damaging your reputation.

1. Secure your Humans

The human aspect of internet security is becoming more important as phishing attacks grow in popularity. Phishing is a class of online scams that try to fool someone into giving away sensitive information, and it’s how most data breaches happen. Guessing passwords and breaking into accounts is a lot of work compared to picking up a phone and saying, “Hey, this is Steve from I.T. Can you please log in to FakeNewHRsystem.com with your usual password? We’re rolling out a new HR system.”

Generic scam emails and phone calls tend to be less imaginative and easier to spot than xxxxxx, but it gets tricky when the communications look exactly like those you normally receive from trusted colleagues or companies. These targeted scams are on the rise, and they are called spear phishing attacks. Attackers personalize their fake emails and phone calls so that they appear more authentic and believable to the chosen target. Email addresses can be spoofed to look as if they are coming from someone you know. So can phone numbers. Profile photos, personal details, and language styles can be lifted from someone’s public social media profiles (or scammed from private ones).

Ironically, this trend toward targeted scams echoes current trends in targeted marketing. Authenticity is key. As the saying goes, “people trust people,” and hackers aim to abuse that trust. So before you lock down your branded social media accounts, it would be a good idea to raise awareness throughout your organization of the threat of phishing attacks, with a particular focus on what spear phishing looks like. Make sure your organization’s Chief Officers also know about the increasingly common “whaling” threat–phishing attacks that target executives and people with the most access to an organization’s sensitive information.

Once your team is familiar with the human threats involved with securing your brand’s online presence, it’s time to protect against the technical threats.

2. Audit Your Brand’s Online Presence

How many social media accounts does your company own? Answering this question is often surprisingly hard. Did someone in marketing create a branded MySpace account ages ago that has been left unattended? Do multiple company Facebook accounts exist that have administrative access to your Facebook page? Facebook scams are common, so each account floating around that has access is a potential risk.

Spend some time searching for your company on each platform and compile a list of all your company’s social media accounts, from Facebook and Twitter to Vine and Snapchat. Remember to also look for blog and content management accounts like WordPress, Medium, or Blogger. A clever way to discover long-forgotten accounts is to search your company’s email inboxes for “registration” or “confirm your account” emails. While you’re at it, add those email accounts to the list of accounts to secure–if your email gets compromised, then an attacker can use it to reset passwords and gain control of other accounts.

3. Ensure you Have Access

Who in your organization can log in to your social media accounts? Which email addresses were used to sign up for each of these accounts, and who has access to those email accounts? Take the time to gather this information so that you can log in to each account. If you have trouble logging in, reset the passwords. These steps are necessary to secure the accounts.

If you find the number of accounts and passwords overwhelming, you might consider using a password manager, a software application that allows your computer to “remember” your passwords for you. Do some research into which password manager will best meet your company’s needs. If you share account logins across teams in your organization, search for a team password manager. Or if one person is managing all of your social media accounts, an individual password manager like LastPass, KeePass, or 1Password would suffice. Choose whatever solution seems best for you and your budget. Any password manager will be much more convenient (and more secure) than managing your logins yourself. As you log in to each of your brand’s social media accounts, have the password manager remember the details and keep things organized.

4. Update your Social Media Passwords

Now that you can log in to all of your brand’s social media accounts, it’s time to lock them all down. If you saw identical or similar passwords recurring among different accounts, change them so that they are unique (because password reuse is dangerous). Manually creating and remembering multiple unique passwords is impractical, so having a password manager generate and remember strong passwords for each of your brand’s social media accounts is a lifesaver. A good password management solution also helps with access control and account transfer. If your brand’s social media staff ever leave the company, the accounts they managed can be easily recovered from the team’s password manager.

5. Don’t forget Email

Your email accounts are your last line of defense. They allow you to reset passwords for any accounts you signed up for with each email address. Even if you create strong, unique passwords for your brand’s social media accounts, an attacker who accesses your email can reset passwords for accounts connected to that email address. So, you must secure them as well. Create strong, unique passwords for each email account you can find, and set up two-factor authentication on them as soon as possible for an extra layer of defense.

6. Create an Extra Layer of Defense

Passwords are often a weak point in the security of online accounts. They can be leaked, scammed, shared, cracked, or easily guessable, so you shouldn’t rely on them entirely. Instead, you should add another layer of defense: two-factor authentication. That means you need two things to log in to an account: your password (something you know), and your phone (something you have).

Apps like Google Authenticator let you connect online accounts to your phone, which then generates single-use tokens that you use to log in with alongside your password. That means if an attacker guesses your password or tries to reset it, he will be unsuccessful since he doesn’t have access to the phone in your pocket. If you need more flexibility, you can take advantage of services like Authy, which lets you share two-factor authentication tokens between devices within your organization.

7. Chill?

Enjoy your new digital safety net, but remember to stay vigilant. Security threats to your brand won’t stop when you leave the room.

And now that your content channels are locked down, why not confidently display the conversation with TINT? Our content display technology’s enterprise-grade security tends to make hackers sad, compliance teams happy, and marketers even happier. Just be sure to use a strong password or sign in with one of your newly-secured social media accounts when you sign up 😉


Developer Intern at TINT. CS Student at the University of Waterloo. https://joeyrideout.com/