This is an old revision of the document!
Table of Contents
Securing your firm's social media accounts
Key points:
Enable two-factor authentication
Enable two-factor authentication on all your firm's accounts.
That way, if your username and password are compromised, you should still be protected against someone being able to post to your firm's account, or changing the settings on your account.
Delegate access; do not share your password
Do not share the password to your firm's social media accounts. If you give someone your password, they can lock you out.
If you want someone to post to the firm's account, delegate access to them, in a way which you can readily revoke.
If you cannot do this directly through the platform's own systems, you'll need third party software or a service to do this (which comes with its own risks).
Be careful about what you post
Aside from regulatory or ethical rules, think carefully before posting on your firm's behalf.
Does the photo of the office give away information useful to an attacker?
Does the photo of you all at an awayday or retreat suggest that your premises are unoccupied?
Being careful what you post: do you really want to announce when you are away?
Decide if you want to auto-delete posts
Once something is posted online, you lose control of it. You cannot stop someone taking a screenshot and circulating it, and you cannot rule out a system caching everything.
You may be comfortable with this, but still not want an everlasting history of posts to be showing on your account.
For Twitter, Semiphemeral (not from an app store) can automatically delete tweets older than whatever age you specify.