By: Jonathan Llovet, Identity and Access Management Consultant, SecureITsource
Just like computers have become connected through the internet, so too have people, businesses, governments, and countless organizations around the world, and one of the biggest players in making those connections has been social media. While bringing us together, social media has provided us the tools that make it possible to distribute information at speeds and scales that allow for unprecedented levels of cooperation and organization across the world. With the kind of power that social media platforms and data give to us, it’s important to keep ourselves and our organizations secure against bad actors who may have very different agendas than our own. Taking steps towards managing your social media accounts well and keeping them safe can be an investment in maintaining trust not only in your brands and organizations, but – as has become increasingly evident in the last decade – in the trust given to public discourse in general. I’m going to lay out the things you need to consider when managing social media accounts – whether you’re a leader at a large organization, are on a security team, or are an influencer trying to protect yourself as you grow your brand.
Engaging with social media is an exercise in developing reputations and fostering relationships. If a social media account is compromised by a bad actor, then the reputation of the person, organization, or government behind that account can be turned upside down in a matter of minutes.
But reputation is not all that is at stake. There are financial, legal, and political ramifications to what happens on social media. An influential account (for instance, Elon Musk’s Twitter account) can trigger large-scale emotional responses in markets, which, among other factors, makes social media an attractive target for hackers seeking illicit profits.
Any number of bad actors, ranging from current and former employees to hackers, could significantly impact a company’s revenue by posting inflammatory content on a brand’s pages, which could require significant amounts of effort from the company to recover from.
Political bad actors use the amplifying effects of social media to spread disinformation and propaganda (see this book published by Oxford University Press), which can undermine the foundation of public trust necessary for the stability of governments. These effects on public trust are currently a widespread concern for elections, eliciting public responses from social media companies themselves (for instance, see Facebook CEO Mark Zuckerberg’s post on the 2020 American presidential election).
World leaders regularly use social media to communicate with their constituents about policies and responses to events. As Dr. Alexi Drew from King’s College said to the BBC in response to the recent Twitter hack that affected many high-profile users, if a hack took place “in the middle of a crisis, where Twitter was being used to either communicate de-escalatory language or critical information to the public, and suddenly it’s putting out the wrong messages from several verified status accounts – that could be seriously destabilising.”
Privileged and sensitive accounts are ones that are able to fundamentally affect an organization – think infrastructure, other accounts, or reputation. In a typical organization, there are many such accounts, and they come in different guises.
Because of how integral communications are for modern businesses, social media accounts should be considered privileged accounts that are highly sensitive. We need to provide protections against attacks and compromise, while also allowing ourselves the ability to use the platforms effectively.
So, how should you approach managing social media accounts? What steps should you take? It depends.
Using platforms like Facebook, Twitter, LinkedIn, TikTok, and Instagram looks different depending on whether you’re an individual influencer, a small team, or a large enterprise. The steps that you need to take to secure your accounts looks different depending on who you are too.
However, there are some important hygienic steps that everyone can take to improve their security:
The first thing to do is to get the lay of the land. Doing so is an important first step towards protecting these accounts. You need to know what you’re dealing with to come up with an approach that will have a substantial impact.
Here’s a checklist of questions that can help you figure out where things currently stand.
To get the most out of this checklist, use it as a starting point, and pursue other questions that arise about your own social media use. Also, write down your answers to the questions. If you do that, you’ll have material to drive conversations about how to proceed when you reach each step that follows.
To answer these questions, you may need to interview many teams and stakeholders. In large enterprises with large online presences, there can be hundreds or even thousands of accounts to factor in.
As you gain a better understanding of the social media environment that you are going to manage, examine your needs and your resources. At this point, evaluate the risks you face to prioritize the ones that need to be addressed first. You should prioritize taking steps that will give you the most benefit with the least effort – the low-hanging fruit. After that, move on to the problems that are harder to solve.
Here’s a second checklist that will help you get started with this phase.
At this point, you should have a good sense of the environment and what problems you need to solve. The next step is determine how to adjust your practices to increase your operational security. After that, you should look at tools and solutions that will help you improve and augment your processes.
We’re here to help. At SecureITsource, we have a world-class team of Identity and Access Management and Privileged Access Management consultants who can guide you and your organization through securing your social media accounts and your other systems. Whether you’re preparing for audit compliance, figuring out how to lock down privileged accounts, or providing your workforce and customers better experiences with SSO, our team with its successful track record can help you and your organization succeed.