Skip to content

Illustration by Security Technology; iStock

Managing Digital Risk with Social Media Governance

Improving social media governance is crucial for organizations to effectively manage their online presence, protect their reputation, and ensure compliance with relevant regulations

Yet, many organizations struggle to do this because an ever-evolving social media and technology landscape makes it challenging to adapt their strategies and policies. New platforms, features, and trends emerge regularly, making it challenging for organizations to keep up and evolve accordingly.

In some cases, limited budgets may make it impossible to allocate the necessary resources for training, monitoring tools, and dedicating personnel to manage social media governance effectively. And for some industries, navigating the complexity of varying regulations, such as the EU’s General Data Protection Regulation (GDPR), the U.S. state of California’s Consumer Privacy Act (CCPA), or the U.S. Health Insurance Portability and Accessibility Act (HIPAA), and other regional compliance requirements related to social media use, can be challenging and demand legal expertise.

The security ramifications of ineffective social media governance can be hefty. According to the Hiscox Cyber Readiness Report 2022, a single attack can cost a U.S. company a median of $18,000, which is up from $10,000 in 2021. And of course there have been numerous notable attacks via social media to a number of globally recognized brands: HBO saw several of its Twitter and Facebook accounts hacked, and culprits took over Burger King’s Twitter account and issued posts favoring rivals McDonald’s and Wendy’s before it was taken down.

While these examples resulted primarily in reputational damage to both brands, other attacks have been more financially damaging—and not just to the brand itself. In 2013, the Syrian Electronic Army (SEA) compromised the Associated Press Twitter, posted that the White House had been attacked, and that U.S. President Barack Obama was injured. This led to a temporary drop in the stock market and sent Wall Street into a frenzy.

The security ramifications of ineffective social media governance can be hefty.

Should all social media be banned at an organization? Not necessarily. Numerous companies have successfully improved customer engagement, real-time crisis management, proactive issue resolution, and brand monitoring through social media, demonstrating that well-managed social media can be a valuable asset in building and maintaining a positive brand reputation and improving customer relationships.

There are best practices that organizations can take to effectively manage and enforce social media policies. There are also best practices that organizations can follow when it comes to social media.

  • Implement employee training and cybersecurity awareness. You must know who has access to your accounts at all times, including partners and agency teams. Robust, continuous security training will ensure that users and employees recognize and respond to potential social media crises and cybersecurity threats.

  • Develop comprehensive social media policies and guidelines that outline acceptable behavior, content, and usage of social media platforms by employees and the organization. These guidelines should also detail the security measures that both the organization will maintain, as well as the measures that users themselves must maintain as individuals, such as strong passwords and multi-factor authentication that should be maintained, reviewed. and updated regularly.

  • Invest in strong technology that can help enforce social media policies. Social media management and analytics tools can be useful in monitoring the organization's online presence, track mentions, and assess sentiment. More importantly, cybersecurity solutions are critical. Solutions such as network defense platforms (NDP) can provide visibility into the activity for each application by device, which is a key ingredient to effective enforcement. NDPs can also provide a means of unifying governance in real time via customized dashboards. This can provide teams with a level of granularity that makes it possible to limit usage of X (formally known as Twitter), Facebook, LinkedIn, TikTok, Instagram, Reddit, and Tinder.

  • Conduct regular audits that ensure compliance with policies and guidelines. This allows the right teams to address any violations promptly and implement corrective actions before any breaches occur.

Should all social media be banned at an organization? Not necessarily.

These practices are just a few of many that can enhance an organization’s social media governance, mitigate risks, and maintain a positive online presence while complying with relevant regulations. But these practices do not exist in a vacuum. Teams must regularly assess and update their social media governance framework based on feedback, incidents, and changing industry trends.

Is it possible to eliminate the risks posed by social media entirely? Probably not, but there can be a happy medium. NetOps, SecOps, and compliance teams can—and should—partner to ensure that the right processes, procedures and solutions are in place to mitigate, manage, and minimize risks to an acceptable and manageable level.

Matt Wilson is the vice president of product management at Netography. In prior roles, he has worked to steer strategic direction for network and application security products, blending technical expertise with strategic foresight.

© Netography