Business are increasingly exposed to risks — cyber, brand and physical — on social media and digital channels, all of which exists unregulated and outside of the business’ infrastructure. A social media protection program perfectly complements both a social media management and listening program and provides the critical protections for where most modern businesses create a huge portion of their value: social networks.
The following 10-step social media protection program guide is relevant for anyone within an organization, be it information security, marketing, customer success, risk & fraud or corporate security. For a full dive on social media protection, download your free copy of Social Media Protection for Dummies.
Expect the kickoff meeting to be a lengthy, in-depth conversation. Marketing and information security teams generally lead this meeting, and they should plan to begin educating stakeholders about the purpose of a social media protection program before exploring possible goals and responsibilities. The key deliverable for this meeting are documented processes and policies. Consider educating these other departments or distributing resources before the task force assembles to ensure this first meeting and the task force itself can be as action-oriented as possible.
Depending on your industry, the size of your organization, and your current presence on social media, the frequency and severity of the risks you face will vary.
The organization’s active social media users (typically marketing and customer success) should come prepared with information and examples of known risks. For a full risk profile of the organization, work with a social media protection vendor to create an initial assessment.
Most social media protection task forces assess the risk to the organization based on frequency and severity of risks. Account hijacking, for instance, has a low frequency but an incredibly high severity. Assigning some comparative qualifications for risk based on your organization’s tolerance allows for prioritization of risk.
Other organizations, especially those with more resources or more robust risk management protocols, can assess desired risk levels, existing risk levels, and methods of harmonizing the two. The more rigorous the approach, the better the company will be able to implement efficient, economical tools and policies to protect the organization adequately.
At the initial meeting, the main objective is to collectively agree on roles and responsibilities. This entails identifying what risks exist for the brand, which are worth addressing, and which are the most urgent.
Based on this prioritization, it should become evident which stakeholder is tasked with identification and remediation. For example, it could be a customer success team’s responsibility to identify customers leaking PII or credit card information, but it may be up to fraud and legal to remediate the leak.
The core initial deliverable for a brand protection task force is documented processes and policies.
A critical component of a social media protection program is training for relevant staff on policies defined by the brand protection task force. When you train employees on internal policies, also include general education topics around social media protection, security and privacy.
This is especially critical for marketing and support staff who actively engage with prospects or customers. Ensuring that your support staff is engaging appropriately can be the difference between return customers or a social media catastrophe. Be sure to establish a process, update it regularly and develop an enforcement mechanism to ensure it’s being upheld effectively.
This phase is the continuous enforcement of the policies and procedures. The most involved social media protection stakeholders—generally information security, risk & fraud, marketing and customer success—should use social media management, social listening, and social media protection tools to identify risks, assess sentiment and manage & takedown threats accordingly.
The speed and efficiency of monitoring and damage control are critical, as risks can go viral in minutes. Stopping the bleeding as quickly as possible is crucial. Social media protection tools need to be set up in accordance with the priorities laid out in the initial meeting and deployed to the correct stakeholders. Content in violation of a social network’s Terms of Service can be flagged for removal or automatically requested for removal via a social media protection tool.
Assign someone to stay abreast on social media topics, including emerging threats, changes in policies and regulations and evolving attacker tactics. These should be rapidly incorporated into the existing policies and procedures. In addition, deploy a tool that will auto-update with trainings and news for all users.
Schedule regular check-ins monthly or quarterly. At these meetings, review trends, discuss wins/losses, and update goals based on feedback.
Establish a framework for metrics and reporting to be circulated to stakeholders at a consistent cadence. Work with your social media management, social listening, and social media protection vendors on analytics and reporting. These metrics will guide the review process and should show where progress is being made, where is it not, and gaps in the program.
ZeroFOX, the innovator of social media & digital security, protects modern organizations from dynamic security, brand and physical risks across social, mobile, web and collaboration platforms. Using diverse data sources and artificial intelligence-based analysis, ZeroFOX protects modern organizations from targeted phishing attacks, credential compromise, data exfiltration, brand hijacking, executive and location threats and more.
They are a valued sponsor of our annual Camp Secure Sense 2018 and will be presenting on Day 2 at 10:45 am.
Head on over to the registration page to discover other thought leadership presentations exclusive to Camp Secure Sense here.