If you’re not using social media in your organization, you’re missing out on an important opportunity to connect with the community you serve. However, when you become active on social media, you can significantly increase your liability risk.

At Church Mutual, we have created a list of 11 social media security best practices that nonprofits and businesses can use when training their employees and volunteers and expanding their social media reach.

Social media security best practices

So, how can you protect your organization on social networking sites? Try following these tips:

1. Create a policy that addresses how you minimize social media threats.

Should you experience an incident in which your organization’s data is exposed by a hacker, you will want to show investigators that you made every good-faith effort to protect your data. That starts with a social media policy, which includes:

• Guidelines for what kind of content you will post and share.
• Specific information about who is permitted to manage your accounts, and how you will transfer management if someone leaves the organization.
• Standards for the tone your organization wants to convey through its social media, and rules for your branding.
• Legal and ethical considerations, such as how you will handle copyrights and privacy issues.
• Protocols for how you will address crisis management, and who will be responsible for speaking for your organization.

2. Assign a staff member or volunteer to check your social media sites every day and respond to inquiries, comments and messages.

If you aren’t checking your sites, you won’t know if someone posts a negative or untrue comment that requires addressing. Similarly, when people send you questions or messages, you need to respond in a timely manner. Ignoring a concerned member of your community could cause major problems.

3. Limit access to your organization’s social media profiles.

Only those employees who need access to your accounts (such as the above staff member who is posting regularly and responding to inquiries) should have administrator privileges. If you grant access to a large group of people, you not only create a security issue, but you also make it harder to pinpoint who did what. When there are cases of social media hacking, the hacker often gains access through an individual—and the fewer the individuals who are involved, the better.

4. Make sure the images and videos you use are not protected by copyright.

Don’t just copy and paste an image from another organization’s website. Use websites that offer free images, such as pexels.com, or purchase a subscription to use images from a specific website. If you want to use material from another organization’s website, contact that organization to ask for permission first.

5. Be cautious of outside applications.

It happens more often than you might think—the staff member who is running your organization’s social media accounts comes across an app that they feel would greatly benefit your social media profile. But instead of thoroughly vetting that app, they install it without a second thought. Before you know it, you’re dealing with the aftermath of a data breach. Pay close attention to the permissions you give to these outside applications.

6. To avoid libel, double check to make sure everything you publish is true.

The last thing you need is for someone in your organization to post an inflammatory comment that leads to a lawsuit. In defamation cases, truth is always a defense—so stick with the facts.

7. Before publishing any personal information or pictures online, obtain permission first.

If you publish someone’s picture without permission, they may sue you for invasion of privacy. Pictures of children, in particular, are very tricky territory: You should have a signed release form for any child who is pictured on your social media site. You don’t necessarily need a signed form for every adult, but adults should be aware their image may be used and have the opportunity to opt out.

8. Set up a monitoring plan to identify social media threats.

Assign someone in your organization to monitor all available social media channels—not just those you use. There’s a danger that someone outside your organization may decide to set up an imposter account using your name. The person who is monitoring social media should have a copy of your content calendar against which they can cross reference what they’re seeing online.

But it’s not just potential imposter accounts you should be monitoring—also look for negative conversations about your brand or inappropriate mentions of your brand by employees, volunteers or anyone else associated with your organization.

9. Regularly review social media platforms’ privacy practices.

At least once a quarter, someone from your organization should be reviewing each platform’s privacy settings. These companies frequently update these settings, which can impact your account and affect how users can interact with you and each other.

10. Create a strong password policy.

There should be nobody in your organization who uses the passwords “123456” or “password.” Ideally, passwords should include a complicated combination of uppercase and lowercase letters, numbers and special characters. They should avoid using passwords that could be guessed, such as birth dates or pets’ names.

11. Use two-factor authentication.

Any employee or volunteer who wants to access your social media account should have to prove their identity through two-factor authentication. This helps lessen the dangers that go along with compromised passwords. If a hacker somehow obtains a user’s password, they still cannot use the password alone to gain access to the account.

It’s important that you partner with an insurance provider that offers comprehensive coverage—including cyber security insurance. Your provider should also be able to help you protect your organization and the people who use it from social media threats. Learn more on Church Mutual’s cybersecurity page.