3 Simple Ways for Enterprises to Manage Risk on Social
There’s no doubt about the fact that social can make a big impact to your brand. In fact, I’d argue it’s the most impactful weapon you have in your marketing and customer care arsenal. Yes, for all the exciting reasons—connecting with your customers and driving brand love—but also because social can be a big risk when it comes to your brand and to your business.
We’ve all seen it go wrong, and let’s be honest. When it’s not you, it can be really funny. There are the family-friendly restaurants hurling insults at politicians, the brand posts that can only be described as total gibberish, the completely off-brand marketing campaigns, and the tone-deaf care responses. Again, it can be really funny stuff...unless it’s you.
When it’s your brand, though, it’s not a joke. It’s a crisis. The questions start coming fast. Who hacked into your account? Which one of your employees accidentally posted natively to your brand account thinking it was their personal account? Why weren’t your care and marketing teams more in sync? Do you have an audit trail for the piece of content or response in question to figure out what happened?
This isn’t just a challenge facing regulated industries. It’s not something that only financial services or pharmaceutical companies are seeing when it comes to social. Security is a fundamental need that any enterprise executing social needs to be thinking about and solving for across their channels and user base.
Here are the three things every best-in-class enterprise organization does to protect themselves on social:
Best-in-Class Security Tip #1: Control who has access to your social properties and content
Every organization is unique. Every brand, company, and business has different needs and requirements when it comes to security. First and foremost, you need rigorous social access management that’s flexible enough to meet your unique organizational needs—whatever they may be.
Enhanced Password Management
Special characters, numbers, caps lock, length—there’s no shortage of variables when it comes to strong passwords. Chances are your company already has standards and best practices around password strength outside of social. These standards likely span across all of your employees and all of your technology, and you need to be able to ensure the same rigorous compliance in social. That’s why we offer customizable password management that allows administrators to set the requirements for what is considered a strong password. On top of this, Spredfast allows for configurations like inactivity timeouts, password logouts, and password history.
Single Sign-On (SSO)
The best way to ensure security compliance is to make it as easy as possible on your end users—and one of the best ways to do that is by providing Single Sign-On. Spredfast supports Single Sign-On using the SAML 2.0 protocol. That means that instead of forcing you to use a specific identity provider, you can use your existing identity provider for centralized security and SSO.
IP Restrictions and Forced SSL
Operating at a global scale almost always means decentralized teams. Your employees and your agency partners aren’t located under the same roof. They might not even be in the same country. Spredfast allows customers to restrict access to whitelisted IP addresses or ranges, and even choose to require that all user interactions be executed over SSL for extra protection. With this level of control you can define exactly which locations and employees can access the Spredfast platform, which is a critical control for companies with employees and partners distributed all over the world.
Best-in-Class Security Tip #2: Build in compliance because you want to, not just because you have to
Compliance doesn’t just mean legal compliance and it doesn’t just mean compliance with industry standards. It also means compliance with your company or brand best practices. It means making sure that your content adheres to brand guidelines and that the right channels have seen, approved, and had visibility into the activity around your social content and responses. Compliance can be as simple as getting another set of eyes on your content or as complicated as auto-routing to multiple teams. The trick is having a platform flexible enough to cover your needs, no matter how complex your workflows and no matter your social use case (across marketing and care).
Have a platform flexible enough to cover your needs, no matter how complex your workflows.
For some social teams, it’s a simple single-approval layer before you push your content out to the social networks. For other teams, compliance means multiple approval layers; some within your social team, some outside of your social team like Legal, PR, and Communications. Meanwhile, some teams only approve outbound social content while others approve both outbound posts and response messages. There’s no shortage of variations of how enterprises choose to handle approvals as a part of larger compliance efforts, and that’s why Spredfast has flexible approval workflows. Whatever your needs, Spredfast offers extremely configurable approval paths to help ensure that your content is properly vetted and on-brand.
Some social teams engage with hundreds of people on social every day. At that volume, it becomes really hard to maintain governance over the conversations that you’re having, let alone visibility into those conversations. For this reason, it’s important to have a central repository for your social engagement. Spredfast provides just this: a detailed record of each post’s conversation history, including insights not available from the social channels alone, including a full audit trail, internal comments and classifications, and more.
Best-in-Class Security Tip #3: Keep your customers safe by protecting your data (after all, it’s not all about you)
Protecting your brand is important, but protecting your customers and followers on social is just as important. A big part of that is keeping your data safe and secure from hackers and accidental leaks. This is especially important for regulated industries, which are often handling secure personal information like financial and healthcare information, but it should be a key consideration for any security savvy enterprise in any industry.
Protecting your brand is important, but protecting your customers and followers on social is just as important.
Virtual Private Cloud and SOC-2 Certification
Investing in a technology is fundamentally risky to the security of your data. Hosting information outside of your organization and in the cloud means that you’re not 100% in control all the time. You know how important it is to make sure that your technology partners, including social platforms, adhere to strict data storage standards and have the highest security certifications (i.e. SOC-2 certification). We take our commitment to keeping our customers’ data safe extremely seriously. That’s why we adhere to the highest standards and best practices when it comes to data storage and certifications. Spredfast is hosted within Amazon Web Services (AWS) using a logically isolated cloud, and both Spredfast and AWS are SOC-2 certified.
Part of securing your data to the fullest also means encrypting that data no matter where it is, whether it’s at rest or in transit. Spredfast encrypts all data in transit using TLS 1.2 and at rest using AES 256. We can also provide backups encrypted in transit using SSL and GnuPG.
Data Exports for Regulated Industries
Many industries require data security on top of what’s provided through a best-in-class platform such as Spredfast. Financial Services firms, for example, need to meet FINRA compliance. That’s why Spredfast customers have the ability to integrate their secure social media data into their existing security infrastructure to capture, archive, and export social media business activity and communication as required by such regulations.
While social is an ever-evolving landscape, one thing has been constant from the start: the need to make it safe for your brand to execute social at scale. At Spredfast, we’ve been making it safe to scale social in large enterprises since we were first founded in 2008. Security is a fundamental pillar of our platform strength and allows us to serve some of the largest enterprises around the world. Learn more about Spredfast’s secure social solutions.