If you’re in a regulated industry, there’s a pretty good chance you’ve been there, done that, and gotten the t-shirt when it comes to understanding social media risk. Regulatory compliance – check. Reputation management – check. But there is one more shadowy figure not often discussed: cybersecurity. Even though security breaches aren’t necessarily associated with social media use, adding any element that introduces a third party can be a potential threat. In 2014, large-scale breaches at JP Morgan Chase and several big box retailers resulted in financial firms pledging to increase cybersecurity budgets by $2 billion. In 2015, FINRA released its Report on Cyber-Security Practices, which offered risk management practices for financial firms.
While the risk (and the price tag to avoid it) might be scary, it’s much scarier to avoid social media out of fear. Forty-four percent of affluent consumers engage with financial institutions on social media, and 90 percent of people would recommend a brand after interacting with them online. Avoidance is not an option. Your best course of action? Prevention. Having a social media policy and risk management program in place is a great start, but you also want to mitigate human error through password protection, controlling social media account access and brand monitoring.
Several years ago, Russian hackers executed what is probably the largest-scale breach to date, nabbing 1.2 billion username and password combinations, and 500 million email addresses from 420,000 web and FTP sites. It seems so simple, but maintaining a tight hold on passwords can make all the difference. Here are a few tips to avoid password problems:
- “Password” is not a password. They should be 6 to 8 characters, include a mixture of numbers and letters, capitals and lowercase, and characters.
- Passwords should change a minimum of every 3 months, and after an employee with access leaves the company.
- Only grant access to your social media accounts through a secure social media management tool like Gremlin Social Guardian™.
Social Media Account Access
We've all heard stories of corporate accounts being hacked, sometimes by internal sources. In January 2013, entertainment company HMV’s mass layoffs were chronicled on Twitter by an intern who had access to the company account. Messages detailing the layoffs were sent to the company’s 70,000 followers before the marketing director managed to regain control of the situation, but the damage had been done. Rule #1 to securing your social media accounts is - Don't share your social media passwords with your employees. Only high-level employees should have the keys to the social media castle. With Gremlin, you can register your social media accounts and assign access to your team. Set permission levels and filtering rules, and revoke access with the click of a button.
There is no better way to know if your brand has been compromised than by keeping an eye on your social networks at all times. Using Gremlin Social's dashboard, you can easily search for your brand name, hashtags and other relevant information to see who is saying what. The sooner you know your account has been compromised, the sooner you can implement your social media crisis plan and regain control of the conversation – and your reputation.
At the end of the day, a security breach can happen just by opening an email – it’s a sign o' the times. But you can make sure your data, and that of your customers, is protected with something as simple as unique passwords. And don’t forget - having a great tool to control social media access and monitor your brand name is a crucial part of your risk management program.