EXPERT INSIGHTS

Nov-09-2023

The 6-Step Social Media Risk Management Plan

Khoros Staff

Participation in social media is more or less a necessity for companies today. At the same time, your brand’s presence on these platforms inherently invites risk to your business’s reputation and security. And as organizations build their presence across social platforms to engage and serve customers, the scale and complexity of their social media operations will continue to grow, as will the associated risks.

To mitigate these risks, prevent social media emergencies, and stop social media crises in their tracks, it’s important to have a social media risk management plan as part of your digital marketing strategy.

To help your brand enforce protective security measures across your social media channels, our SMM experts at Khoros have assembled a six-step social media risk management plan.

Let’s get started.

Increase engagement on social media

What is a social media risk management plan?

A social media risk management plan provides your company with a roadmap for both avoiding and swiftly addressing social media security risks and PR complications. It helps ensure that an organization is able to maintain control over its social media communications with consumers.

In particular, a social media risk management plan designates and establishes:

  • Which team members are responsible for social media risk management

  • Who has access to accounts

  • Who publishes posts and/or message consumers

  • What posts require review from your brand’s legal team

  • What steps should be taken should a social media security risk or PR issues arise

  • How to properly add new users to a social media accounts and deactivate users when they leave the company

  • What the are rules when representing the brand online (both on official accounts and employee accounts)

  • How often and to what extent the plan should be reviewed

The goal of a social media risk management plan is twofold: To prevent unauthorized, inaccurate, and inappropriate communication from a brand via its social media channels, and to have a social media risk management workflow in place to address these issues should any of them occur.

What social media risks should brands be concerned with?

There are a few overarching ways things can go awry on social media in terms of brand communication.

1. Permissions and user authorization issues

User authorization refers to what actions each particular behind-the-scenes user is able to perform on a platform. Typically, there are different permission levels within these platforms that dictate whether individuals have full or partial access to various aspects of the social media platform.

It’s important to make sure each individual with account access has the right authorization level. Letting everyone have admin privileges could enable someone to accidentally (or maliciously) edit the brand page or publish an unauthorized communication in the form of a post or message.

2. Phishing and scams

Social media phishing occurs when a malicious third-party attempts to impersonate a brand and communicate with customers to get them to reveal sensitive personal information. On social media, some individuals will create fake brand accounts and publish posts designed to look like promotional offers using the same language used by the actual organization. 

By clicking on the link, the consumer may enable the impersonator to access sensitive information such as company passwords and credit card numbers. Alternatively, some users will create fake accounts and respond to messages directed at the real brand, asking users to send personal information like in this example from a fake Verizon account.

Banner phishing and scams


Even if your brand accounts are secure, you should practice social media monitoring to quickly identify and report these scammers or risk their activities giving your brand a bad reputation.

Banner social media trends

3. Breaches in security, particularly those caused by weak passwords

Did you know that an eight-character password can be cracked in under eight hours? Meanwhile, according to LMG Security, it takes eight years to crack a 10-character password, and 77,000 years to crack a twelve-character password. 

When choosing passwords for social media accounts, it can be tempting to opt for efficiency over security, choosing short, easy-to-remember passwords that are easy to share between platforms. Unfortunately, this practice makes your brand vulnerable to hackers, and this can have serious consequences; you're placing your brand's information in harm's way. You're also putting the sensitive customer information shared in private messages at risk, too.

Adding even a few extra characters can mean a lot more security, and secure password management software can help you gain back any efficiency lost by making passwords more complicated.

5. Tarnished brand reputation

The internet can be a complicated place. And as we’ve seen time and time again, public sentiment can turn on a dime when something goes wrong. We mentioned that fake accounts are associated with phishing and scams, but they also pose a risk to your brand reputation. 

Through fake accounts, users can impersonate brands and post content that’s malicious or uncharacteristic of the brand’s beliefs. For example, a user created the following fake account for Pepsi and posted a message “Coke is better” that received more than 3,000 likes and 700 retweets.

Banner tarnished brand reputation

Should any of the above occur, your brand reputation could suffer — sometimes significantly — especially if issues are not handled quickly and professionally. That’s why it’s important for brands to utilize social media monitoring to identify impersonators before false messages go viral.

How to develop and implement a 6-step social media risk management plan

There’s no one-size-fits-all social media risk management plan that will work for every organization, but following these six best practices when building out your brand’s plan will help point you in the right direction

1. Develop a social media risk management policy committee

Unfortunately, a social media risk management plan won’t just materialize out of thin air — you need a team to make it. Because social media is a huge part of how brands operate, you will want to involve stakeholders from multiple departments, including but not limited to marketing, customer service, HR, PR, legal, and IT. 

The full committee will be responsible for developing a well-rounded strategy, but oversight and implementation should be relegated to a smaller group of individuals.

Once you have the policy committee in place…

2. Perform an audit of all social media accounts

This audit will help you know exactly what social media risks your brand is currently facing. Make note of holes in your current strategy and plan to address them as soon as possible.

Throughout this process, you should also take the time to identify all users with past or present access credentials. Ideally, you will also have user credential data. Often, credentials are siloed on an employee’s computer in an Excel document, which is all the more reason you need a governance tool and security strategy in place. Remember to also include any relevant 3rd party agencies and each agency user that has access to your social accounts. This is key to the assessment: make sure every credentialed user is accounted for.

It can be a difficult process to hunt down all this information in various locations throughout your organization, but it’s a necessary step in establishing a complete security policy.

3. Formalize objectives, create workflows, and establish responsible positions

The objectives of your social media risk management plan should clearly outline exactly how your organization will proactively mitigate risks associated with social media, including content publishing breaches, user access, and disparate credentialing documents living in various areas that pose a security risk.

Your committee should document how your brand will proactively avoid risks and establish workflows when issues do occur. You will want to formally designate what roles in your corporation handle each step in these processes, and what is expected of the employees in this role. It is essential that those who handle these responsibilities understand the goal and value of your risk management plan, so ensure language used in documenting your plan and conveying responsibilities is clear and concise.

4. Develop internal rules which will allow users access to specific accounts

Moving forward, you’ll need to decide who has access to which accounts and what access level is appropriate for each individual. Depending on what social media platforms you are using, you may be able to limit permissions. If there are technological limitations, may have to set additional organizational rules. 

For example, granting a marketing employee access to publish posts may also enable them to respond to private messages, even if you only want your customer service team to handle these interactions. Make the guidelines clear so that each person knows exactly what they are and are not allowed to post and engage on the brand’s behalf.

5. Educate your employees on their roles and responsibilities

Beyond platform access and permission levels, make sure each employee is educated on the broader social media risk management policy so they understand the big picture and reasoning behind these precautions. Doing this will ensure nobody takes a shortcut when it’s time to create a new password or share access through an unsecured method.

It's important that everyone in your organization knows they have a responsibility and role to play in keeping the brand safe on social media.

At this stage, your social media risk management framework should be in place, but note that it will require regular maintenance.

6. Outline how often you’ll formally audit your organization's social media accounts and users

You should audit your social media channels on a quarterly or bi-annual basis, depending on the size of your company, particularly if you have frequent agency engagement with your social channels. You’ll also want to perform an additional audit when significant changes occur in your organization, such as a rebrand or the offboarding of a significant player on your team, like your social media manager.

It’s also a good idea to do a social media risk assessment at least once a year. This involves reviewing your plan and identifying any new vulnerabilities so they can be promptly addressed.

Remember that you’ll have to modify your plan over time as your organization expands to new platforms and existing platforms change.

Protect your brand with Khoros social media management software

Quality social media management software is a crucial piece of risk mitigation, but it’s only part of the solution. It's just as crucial that you have the policies and processes in place that we've outlined here.

To learn more about how to protect your brand on social media, download our free, comprehensive whitepaper: How to Protect your Brand on Social Media or request a demo of our social media management software.

Protect brand on social media


    Would you like to learn more about Khoros?