You’ve Got the Risk Management Tools...Now What?
So you’ve made a business case and educated your organization on all the reasons governance also applies to your brand’s social media strategy. You’ve invested in a strong social media management platform and maybe even invested in a specific social media risk management product. You’ve shown the risks associated when social accounts are vulnerable due to a lack of process or credential governance. No brand wants to be involved in a reputation management crisis due to an employee error or, even worse, a person with intent to publish something that has a negative brand impact—and your brand is on board to avoid this.
Once you’ve proven the value of social media risk management to your organization, you might wonder, now what? Don’t panic: you tackled the first hurdle by successfully proving how vulnerable your social media strategy is without governance in place to protect your brand, and now it’s time implement the process by which governance will occur, while continuing to educate your organization. You can do it! This post will outline six policy and process steps that will ensure your success in protecting and enforcing the security you’ve identified as important for your business.
Step One: Develop a policy and distribute it the right people within your organization.
Don’t waste time, as this is important and should be a priority. The policy will be something you’ll work on or get insight and approval from the committee you worked with to select your security tools. If you didn’t have a committee in your tool selection process, don’t panic. It is more important at the policy process stage, so make sure to include the right people to comprise a well-rounded committee that reflects (but not limited to) digital, IT, marketing communications and public relations users. The committee can be active participants in the policy development or can be influential leaders who are only policy approvers. Either way, it’s important to make sure to have at least one Sr. leader on the committee who can help influence and drive policy engagement.
Once you have the policy committee in place…
Step Two: Formalize the policy objective and communicate it to everyone company-wide.
Ensure everyone understands the goal and perceived value. The better people understand, the more prone they are to evangelizing your message, so ensure the language is clear and concise. The goal should closely mirror your objective for your web security; in fact, often they are tied together and part of a broader, formally documented IT security strategy. The objective should clearly outline how your organization is proactively mitigating risks associated to social media, including content publishing breaches, user access and disparate credentialing documents living in various areas that pose a security risk. Importantly, you will want to formally outline what everyone in the organization’s role is, their corporate responsibility, and what is expected of them.
Now that you’ve formulated the security committee and its goals…
Step Three: Perform an audit of all social media accounts and identify all users with past or present access credentials.
Ideally, you will also have user credential data. Often, credentials are siloed on an employee’s computer in an excel document, which is all the more reason you need a governance tool and security strategy in place. Remember to also include your agencies and each agency user that has access to your social accounts. This is key to the assessment: make sure every credentialed user is accounted for. This can be a difficult process to hunt down all this information in various locations throughout your organization, but it’s important and a necessary step in establishing a complete security policy. At this point, you will have the foundational information for a successful social media security policy.
Step Four: Formally outline how often you will provide a formal audit of your organization's social media accounts and users.
Best practice is to perform an audit quarterly, especially if you have a lot of agency engagement with your social channels. Some organizations do this twice a year, it really depends on how large your organization is and how many users you have globally. You should also always factor in the internal changes that occur within your organization. The goal of the tool should be to update administrator rights as needed, but a formal audit is important because it also tells you if anyone is working natively.
At this point, you have the governance tool in place, the committee has been formed and you’re developing a policy that defines governance around usage, which essentially means the committee is putting in place a who, why and when do various users need access to specific social media accounts. This is a huge step forward, and you’re well on your way to achieving success.
Step Five: Develop the internal rules which will allow users access to specific accounts.
Things to consider include: identifying use case instances for users, define the timeline for access, explore agencies unique needs and discuss with your agency contact that you have a policy that defines usage for users across specific social channels.
At this stage, your policy framework should be in place.
Step Six: Educate each user on what channels they have access to and the timeline to access associated.
Make sure to educate them on the broader social media security policy so they understand the big picture and reasoning behind the approach. Once this is done, start educating your organization and ensure the social media security policy is incorporated into broader security strategy for the organization that incorporates all security efforts across the digital ecosystem. It's important that everyone in your organization knows they all have a responsibility and role to play in keeping the brand safe on social. Software is a crucial piece of this, whether it's social media management software or a risk management product like Spredfast Vault. But software is only part of the solution. It's just as crucial that you have the policies and processes in place that we've outlined here.
To learn more about how to protect your brand on social, [CTA]