With these five simple steps, learn how to secure your social media accounts and keep your brand safe from security threats.

How often have you found yourself in a labyrinth of password resets and 2FA verifications, especially when handing the keys to new team members or revoking access as collaborations end? If you're nodding along, you're not alone. The breach of the SEC and Mandiant X (Twitter) accounts put even more pressure on marketing teams, making the issue of securing social media not just a marketing problem but a board-level concern.
Despite lacking shared login support, organizations use social media applications because they create new business opportunities. A solid social media presence helps organizations increase brand awareness, cultivate loyal customer communities, and generate new sales. However, social media apps can introduce significant security risks into an organization, from cyberattacks and regulatory compliance costs to reputational damages. 

Securing social media is essential for businesses

For attackers searching for the lowest-hanging fruit, social media applications quickly became too tempting to ignore. Attacks on social media are widespread because they often exploit the same opportunities social media applications create for organizations. For example, increased brand presence and business-to-consumer interactions are big bonuses for businesses, but they also make social media the ideal environment for spreading sensitive or false information.
There are several steps organizations can take to secure social media applications better.  We highly recommend all organizations take the following five steps while also understanding that these steps alone won’t be enough to completely protect your organization from the risks associated with social media applications. 

5 steps for securing social media applications

Here are five steps every organization should take to secure social media applications:

  1. Inventory your social media footprint: List all your organization's social media applications and close unauthorized or inactive accounts.
  2. Review third-party applications: Check which third-party applications can access your social media accounts and remove any you’re no longer using, e.g., Sprout Social, Loomly, etc.
  3. Set strong passwords and enable 2FA: Set strong, unique passwords for each account and update them regularly; enable 2FA and ensure it stays enabled.
  4. Use unique email addresses: Make a new email address for each social media account, so if the credentials are compromised, attackers can’t access all your emails (and get into your other social accounts) or farm your data.
  5. Regularly review access: Create a process for periodically reviewing access to social media accounts, including rotating passwords, verifying user activity, and identifying third-party apps.

Why securing social media applications isn’t enough

Although effective, marketing and PR teams must execute the above steps manually. Most of the time, this means more tedious work. Under pressure to crack down on cybersecurity risks, many employers force marketing and PR teams to use painful security tools that significantly hamper productivity.
Understandably, non-security employees resist these decisions and, in some cases, may rebel against them. Our research found that 92% of employees and managers want complete control over the applications they use for work, and 51% of employees would continue using an application, even if blocked by their employer.

When employees use applications without permission from employers, they often assume the responsibility of securing them, even if they’re ill-equipped to do so. Our research found that 42% of employees are responsible for managing their passwords, and few use a consistent method (which often leads to account breaches). 

 

How passwords are managedCerby's research from State of Employee Choice, 2022

 

A look at common approaches to password management 

To better understand why most common practices for password management fall short in the face of social media applications, let’s take a closer look at some of the pros and cons of some of the most common methods:

Sticky notes or passwords printed on paper:

+ Cheap
+ Secure when stored appropriately
- Not secure from a physical security perspective
- Difficult to share with agencies

Collaboration platforms (i.e., Slack or SharePoint):

+ Convenient
+ Easy to use
- Anyone with access can see passwords
- Doesn’t help with 2FA

Spreadsheets (i.e., Google Sheets or Microsoft 365 Excel):

+ Easy to share access
+ Can be secured using 2FA
- Anyone with access can see passwords
- Hard to organize and keep track of

Enterprise password managers (i.e., LastPass, Dashlane, or 1Password):

+ Considered one of the most secure methods
+ Only need to remember one password
- Difficult to scale
- Hard for multiple users to access without disabling 2FA
- Does not allow the use of corporate credentials, i.e., Okta or Entra ID.

Privileged identity management (PIM) or privileged access management (PAM) tools (i.e., JumpCloud, CyberArk, or BeyondTrust): 

+ Mature technology with strong access controls in place
+ Offer widespread integrations for existing security tools
- Painful from a user experience perspective
- Doesn’t integrate with social media platforms

Although each of the above methods has merits, none offers a complete solution for securing social media applications. Organizations should consider new approaches for managing social media applications–one that brings employees and users into the fold and leverages automation to handle tedious but important security tasks like setting strong passwords, enabling and enforcing 2FA, and securely sharing access to accounts internally and with agencies.

If this is a challenge in your organization, learn more about how Cerby can help it secure its social media accounts with a new, automated approach.