How to Manage Internal and External Threats to Your Brand on Social Media

Social media has long been a boon to brands — with it, brands can show sides of themselves that consumers were never able to see before, and they can carry on real 1:1 conversations with individual customers. Through that intimacy and familiarity, brands can develop meaningful customer relationships that translate into lasting brand loyalty.

But for all the opportunity on social media, the fact is that brands also face real risks there (both internal and external) every single day. We know that some brands shy away from fully embracing social media because of the inherent security risks it presents, like malicious third-parties impersonating your brand to take advantage of your audience, or a rogue employee shredding your carefully cultivated (and heavily invested-in) reputation — in seconds. We’ve all seen the examples of social media posts causing trouble for brands: family-friendly restaurants hurling insults at politicians, automakers casually dropping swear words, or kitchenware makers jumping into politics.

Social media is evolving and many brands are actively trying to figure out how to make sure their social media governance matches the maturity of the rest of their social media program, like content creation and brand amplification. To address these concerns, and to reinforce both the benefits of social media and what brands need to do to protect themselves on social, we created a whitepaper titled How to Protect Your Brand on Social Media. And, to provide concrete support to brands as they work to protect their social media, we developed Vault, our new risk management product.

External threats to your brand’s social media program are often easier to guard against because they tend to be known threats that brands can shut out completely. But internal threats can’t always be completely shut out, and are therefore more complicated. Below, we’ll explore both external and internal threats to your brand’s social media program, plus what you can to protect your brand.

Social engineering is the biggest external risk your brand faces on social media. Social engineering happens when a person outside of your company uses deceptive tactics (like download buttons, links in emails, and even phone calls) to trick people within your company into revealing personal information, downloading software, or even offering up account credentials (usernames and passwords). Additionally, third-party apps (apps that weren’t developed by the manufacturer of your mobile device) can present external threats to your brand because, with them, team members may unwittingly give outside forces access to your brand’s private information. Third-party apps that are designed to connect with social media require your credentials to sign in, which can grant the app access to your social media accounts.

Although situations involving external threats are challenging for brands to manage (and, if the wrong information gets into the wrong hands, they can certainly cause upheaval or even crisis), external risks are often easier to wrap our heads around. With external threats, brands can secure the gates (i.e., train your team to recognize fraudulent schemes) and, in the event that the walls are scaled, brands can capture the attacker and close ranks behind them (figuratively speaking, of course). Building and maintaining an effective social media governance policy will help your brand ensure malicious outside actors never enter your social media fortress.

But, when the attacker is one of your own (either due to ignorance, negligence, or malice), your strategy becomes more complicated. Your brand must work with much more nuance to ensure internal risks are managed appropriately. While protecting against internal threats is more complicated, it can certainly be accomplished with a combination of an effective social media governance policy paired with a risk management product like Vault.

Inadequate governance with credentialing and access is the biggest internal threat your brand faces on social media. Passwords and usernames were designed for individual people, not brands that likely need more than one person to access accounts. Social media management software solves some of the problems that this set up creates, but it doesn’t solve the problem of direct (native) access to your brand’s social media accounts. There will always be reasons your brand needs to grant team members native access (for example, administrative tasks like changing a cover photo or going native to use Facebook Ads Manager), and if your brand is like most, you’ve created your own ad-hoc system for managing passwords and access (do spreadsheets with passwords held by one or more manager sound familiar?).

We can’t fault brands for these less than ideal systems — social media must be protected, and before Vault, there hasn’t been an adequate software solution to manage this native access across the different models of how access is granted to brand accounts. But we can now point you towards Vault, our new software that can allow team members native access for exactly the time period they need it, all without them ever seeing or using a password.

More details on both external and internal threats, plus a detailed plan for how your brand can protect itself and reap all of the benefits of social without exposing yourselves to its risks can be found in our whitepaper — download it right here.