It’s 2018. You have no less than a dozen complex passwords that include upper and lower case letters, numbers and special characters. You use two-factor authentication when you can. Your wireless network is secured. Your data is encrypted. You run software to prevent viruses, malware, and other fun things. Your devices are updated and patched religiously. Perhaps you’re even taking advantage of our Managed IT Services to help you with these things. You’ve even sprung for a great security system complete with cameras, visitor management – the whole works. Things are looking up – you’re protecting your business and yourself. Congrats!
Now, what about your social network? Chances are good that your organization is active or at least has accounts with several social media platforms, ranging from Facebook to Twitter, LinkedIn to Pinterest. Think about the accounts that your organization owns right now. Can you list out which of your employees (current and past) have access to those accounts? If so, are you sure?
If not, it’s time to figure it out before it becomes a problem. Remember the Red Cross employee who really liked Dogfish Head beer and shared that she was “#gettngslizzerd” on the Red Cross Twitter account? There are countless stories of Facebook pages being hijacked by former employees. Needless to say, these kinds of things can harm your reputation, your relationships, and your business. That’s why it is so important to protect your business by knowing just who has access to these accounts.
When an employee leaves your organization, no doubt they turn in their keys or keycards, their corporate log-ins go “bye-bye” and their email accounts get pushed to that gigantic trash bin in the sky… or perhaps they’re replaced with an auto-reply informing people their departure. It only makes sense, right? What about the corporate Facebook account?
Nearly two years ago, I left a position as a marketing manager in another city. It was an amicable separation. When I left, I removed myself as an admin from their Facebook page and various Google-related sites and passed along a handful of other social log-ins, suggesting that they update the passwords and email addresses associated with the accounts. This sort of thing really should be part of the exit process for any employee. I enjoyed my job and still really like my former employer, but I really shouldn’t have access to any of their social accounts at this point – even as a “really nice guy” with no ill intent, their social presence really isn’t any of my business.
What can you do to protect your organization? Here are three steps that we suggest:
- Keep a running log of exactly who has access to all of your social accounts. Check it regularly to make sure that no new unauthorized admins have been added and to confirm that former employees no longer have access.
- Change social media passwords frequently. “Ugh. Another password.” Yup, another password. Just what you need. 🙂
- Include social media as part of your company’s exit process for employees. Revoke their status as an admin for Facebook and Google. Change passwords and (if needed) email addresses associated with the accounts.