Fireworks

Happy 2014! Well, it’s almost a month down, but it still feels like the first of January.

Here’s a quick list of things that are worth periodically reviewing — things everyone forgets to do, but important for account security!

  1. Enable two-factor authentication on your accounts 

    Most services now offer two-factor authentication, where they send you an SMS (or use an app like Google Authenticator) when you log in, particularly from an unknown location. Even though it can be a bit of a pain in the proverbial, it’s well worth enabling these — particularly on (all of) your Facebook and Twitter accounts. The lack of two-factor authentication is a likely factor behind CNN’s recent “hacking”  and many of the previous “hackings” that have occurred, so it’s something that is a necessity for brands.It can be a bit tricky on Twitter as the phone number you use has to be accessible to everyone logging into the account. I recommend using your social media manager’s phone, as (usually) most teams will use Twitter through a third party service like Hootsuite much of the time. On Facebook, each login has its own two-factor authentication, so make sure all of your Page administrators have it enabled.

  2. Check third party app permissions 

    Something that everyone rarely checks is which apps have access to their account. Remember signing up for that service that gave you a handy report one time early last year and clicking “accept”? They probably still have access to your account information. Review them (here’s the instructions for Twitter and Facebook you need to check your profile and Page settings [edit Page –> edit Settings –> More.. –> Apps]) and make sure that the only apps left there are the ones you actually use or need to allow access to.

  3. Change the passwords and audit who has access

    Brands usually have to share their login information among team members and occasionally others, but how often have you checked who has access? Has that community manager who briefly worked for you early last year still got the active password, or access to post on your Page? The easiest way to check who has the password is by changing it — people who need access will ask for it! You can review your admin roles on your Facebook Pages.
  4. Make sure you pass the ‘bus test’ 

    Macabre as it may be, the old ‘bus test’ is important (“What would happen if you were hit by a bus and couldn’t get to work?”). If that happened, can someone else look after your social media accounts (including having access to post on them)? Do they know what to do, or what kind of strategy in place? As with everything, it’s dangerous to have all your eggs in one basket.

  5. Review your social media policy/guidance 

    Another thing we rarely review is your policy our guidance to employees. Is it up-to-date with what your employees expect you to ask of them? Does it reflect current practice and trends online? Have new networks popped up that you haven’t covered yet? Has there been internal changes that aren’t reflected in the policy or guidance?

You should hopefully be able to do it all in an hour or so, but it definitely pays off in the long run.

Best wishes for 2014, hopefully it’ll be a great year!

(Image by patpat, Flickr)