Employee Advocacy Program Security Essentials

All employees must understand how to keep their social media accounts secure, reducing the risk of hacking.

From setting up two-factor authentication and using a unique strong password to reviewing any apps with third-party access, make sure that your team is following social media security best practices.

Most employees know about phishing scams that occur via email, but they need to be aware that these take place on social media too.

Advise your team to never click on a link from an unknown source, and take extra caution when links are sent to them in private messages or ‘DMs’.

Employees should also be made aware that hacking can happen through social engineering, not just from not having a secure password or clicking on a suspicious link. Someone may strike up a conversation in an attempt to find out personal information, such as your mother’s maiden name or the name of your first pet.

The answers to these questions are often used as security authenticators for social media accounts, so be careful when sharing anything personal.

Whether you’re starting an employee advocacy program or your colleagues are already sharing content on social media, every participant should review their account settings and security best practices.

Below are the essential security tasks and reminders each employee should follow.

We’ve also turned this into a handy checklist to make this easy. Simply download the PDF at the end of this post and share it with your colleagues.

Two-factor authentication (2FA) is a security method to help protect your accounts from cyber criminals.

When you log in from a new device or location, your account will require a code sent to you via text message or an authenticator app such as Microsoft Authenticator.

This makes it much less likely for your social media to get hacked. Even if someone knows your password, they won’t necessarily have access to your phone or authenticator app.

Here’s how to set it up on LinkedIn:

For more guidance and troubleshooting, visit LinkedIn’s 2FA support page.

If an employee finds their social media account hacked, contacting the social media network support team should be the first point of contact. But if they’re a brand ambassador or employee advocate, your organization needs to know too.

In this scenario, the risk must also be shared with your IT and legal teams. Whether it’s potential confidential LinkedIn conversations getting leaked, or even a hacker posing as an employee, a hacked account could be a threat to your organization.

Establish a process for passing this information on, in case of any red-flag situations.

Create a communications channel for your employee advocates to share any concerns or issues they have. Make it clear that no question is too silly!

This opens a dialogue, creating a culture where employees are provided with the support they need to safely thrive on social.

It’s common practice for marketing teams to manage an executive’s social media presence, especially the CEO.

But who has access to their accounts? How often is the password changed? Where is the password stored?

You should know the answers to these questions.

Review any third-party tools that have access to your CEO’s social media accounts, and remove any that are no longer used.

Take the same approach with employees. Does everyone in your marketing team need access, or can it be limited to just the person posting and engaging on their account?

If you’re using an external marketing agency or freelancers to manage your leadership team’s social media presence, this adds another layer of risk.

DSMN8 has an ‘executive influence’ feature that makes managing your C-Suite’s LinkedIn profiles simple.

There’s no need to share your CEO’s password with your marketers or external parties – simply connect social accounts securely and post content on their behalf with ease.

Now we’ve established how employees keep their social media accounts secure, let’s move on to the content they’re sharing on social media.

While encouraging employees to share original content is great, they must be informed about what is okay to share and what isn’t.

Revealing any confidential company information is an absolute no, and any content that includes their colleagues needs their consent before posting.

A lot of this can be considered ‘common sense’, but to be sure, outline this in your social media policy and/or guidelines.

Remind employees that most security breaches are accidental, so they need to be careful with what they’re sharing.

For example, if taking a picture of their desk to share on LinkedIn, employees should check that no confidential information is visible on their computer screen.

Providing social media training also helps to alleviate this risk, and gives employees the chance to ask any questions they may have.

We’ve covered the essential social media security protocols that every employee should follow.

But security goes beyond individual employee behavior. You’ll need to evaluate which tools or platforms your organization and employees are using.

Your marketing team may be using software to schedule content on the CEO’s LinkedIn account. You should know the answers to these questions:

• What access does that tool have?
• What measures do they take to ensure the security of their accounts?
• What are they doing with your data?
• Are they following laws like GDPR?

Best practice is to get your IT team involved in evaluating all software that requires access to social media accounts, including employees and corporate channels. This way you can be confident that these tools are adhering to the laws in your region, and keep your data safe.

An employee advocacy platform serves the purpose of getting content to your employees and enabling them to share it easily on social media.

By nature, this means the platform will need to connect to employee social media accounts.

The last thing you’ll want is to put your employees in harm’s way, so a thorough audit of any employee advocacy software’s security policies is essential.

Here’s what to look out for:

• Where and how their data is stored.
• The security certifications they hold.
• Whether they regularly conduct security audits, tests, and scans.
• If they have an up-to-date privacy policy, compliant with regulations like GDPR.
• Does the company has dedicated employees focused on security and data privacy?
• Web application architecture and implementation: does it follow OWASP guidelines?

Here at DSMN8, we make security a priority at all levels of our organization.

With industry-leading compliance, DSMN8 has an ISO 27001 certification, audited by an independent body.

Our privacy & security team includes a Data Protection Officer (DPO), Chief Information Security Officer (CISO), and a Compliance Officer, who continuously ensure that DSMN8’s practices and products comply with GDPR and similar regulations.

The platform is hosted with Amazon Web Services (AWS) facilities in Europe, the most secure cloud computing environment.

Our web application follows OWASP guidelines, and our engineers participate in code security training annually. Design of all new product functionality is reviewed by its security team, and code development follows a documented SDLC process with mandatory reviews.

Additionally, we regularly conduct third-party network vulnerability scans, require strong passwords, and offer Single Sign On (SSO).

You can trust that your data and content is safe with us.

To make things as easy as possible, we’ve created a social media security checklist for employees.

It includes ‘to-dos’ for your team to make sure their account security is up-to-scratch, and some reminders for staying safe on social.

Fill out the form below to download the PDF.

• 10 Employee Advocacy Best Practices
• Employee Advocacy Training Plan
• How to Choose the Best Employee Advocacy Platform for Your Organization