Three Social Media Governance Must-Dos for Companies of Any Size

This week, I sat down with Spencer Mateega, an enterprising and very bright student from Wayzata High School. He wanted to interview me for a school project. As part of his project, he told me, he was interviewing experts from a variety of companies – from small mom and pops to huge companies like ours. The conversation got me thinking… regardless of the size of your business, there are some basic social media governance principles that every business should consider.

If you have not yet thought through some of these things, you probably are opening your company to unnecessary risk. You are also basically operating like a dinosaur in modern times. So whether you’re a single-location mom and pop enterprise or a huge global corporation, maybe these governance tips will help. Here are my top three:

1. Who owns your stuff?

If I had to highlight the one most important principle of social media governance, it would be this: you need to own all of your own stuff. That may seem simple but you’d be amazed at how many companies allow their agency partner or a business partner to own their social media accounts and/or their paid social media ad accounts. This is a massive mistake for a couple of key reasons.

First, if you don’t own it, you don’t control it. Companies (including ours) have had cases where a partner “held their account hostage” if business dealings went awry. If you don’t have control of your accounts, you don’t have control of your brand. Now, that doesn’t mean that you can’t outsource the managing of your accounts to an outside party. But you or your company should always be the owner of the accounts and then you grant the agency or partner access – not the other way around.

Second, especially for platforms like Facebook, it is very much a “pay to play” game. Your level of service from the platform is entirely dependent on how much you spend. For Facebook and many other major platforms, you have to spend a certain amount to even be assigned an account rep. So if you don’t own your accounts but you are funding your ad spend, someone else is getting credit and you are not. That doesn’t seem fair, does it? Get credit for the money you are pumping into your social media activity. It should benefit you or your company – not anyone else.

Finally, if you don’t own the accounts, you don’t own your data. If your agency owns the account and you switch agencies, say goodbye to your historic data. The agency is under no obligation to give it to you before you sever ties. If you own the account, this is not a problem. You revoke access for your old agency, add access to your new agency, and have a continuous data set that you own.

2. Know who has access.

Very similar to owning all of your own stuff, another key component of governance is that you must understand without a shadow of a doubt who has access to all of your stuff. Owning it all is the first step. But once you own it, if you just let anyone have access, you haven’t done yourself any favors.

I insist on knowing each individual person who has access to our accounts, whether they be a Cargill employee, an agency employee, or a vendor. I am also not a fan of permitting blanket access for our agency partners because they often have a rotating door of personnel. Under that model, it’s very possible that we could have no idea who is actually touching our accounts. I would much prefer to give each individual person on the team access. It’s more work for my team, but it is also way more secure. There are lots of reasons that someone justifiably needs access to your accounts. But you need to know at all times who has access.

This is extremely important if you are ever sued over something posted on social media. If you don’t have a clear line of sight, getting an answer to “Which individual pressed the button and posted that?” can be very difficult. If you are a large enough enterprise or have a big enough budget, you could investigate a social media management system to help with this type of record-keeping. Most large companies including ours use one of these tools.

In addition, you need to keep up with personnel changeover. It does you no good to know the list of individuals who have access if your list is entirely out of date. While no one likes negative thinking, this is really crucial when you think about scenarios like a disgruntled employee leaving the company under bad terms. If that employee has access to your accounts and chooses to “go rogue,” you could have a serious brand reputation issue on hand. Remember also that many platforms like Twitter and Instagram have a simple “username or email and password” combination for logging in. That means that anyone with the login and password can access the full administrative settings panel and could (theoretically) change the password and lock you out of your own account. Don’t think it happens? Google it.

3. Manage your passwords

It hurts my head sometimes when people don’t understand the importance of actively managing their passwords. Your password is the literal key to your brand’s reputation on social media. More than that, it may be the key to your brand’s entire online reputation when you consider how much social media now plays into things like SEO and Google search results. You have all seen the horror stories of companies that have had their accounts hacked. This has happened to some very major brands. If you think it can’t happen to you, it’s time for a reality check. A couple of really fundamental best practices for social media password management:

  • Only people who truly need to know the password should know the password.
  • Do not share passwords via text message, email, or other formats that are easily able to be forwarded or shared. (This one is hard and I will admit that sometimes we are forced to do this, but really you should try to avoid this.)
  • If you are willing to spring for it, you should invest in actual password management tools online. Employing one of these tools eliminates the issue in the point above regarding securely sharing passwords.
  • Any time anyone who knows the current password leaves the company or your agency/partner’s team, change the password immediately. This requires you to a) know when someone is leaving and b) be diligent enough to change the password on the day of their departure.
  • Do not ever use passwords that are easy to guess – so passwords that are like Cargill123 or “brand name password” should be prohibited. Also, do not use passwords that you use elsewhere in your personal life. Do NOT use the same password everywhere.
  • If you are the only person who knows the passwords, that’s a bad practice too. What if you get hit by a bus?
  • Even if you are the only person who knows the passwords, you should still change them regularly for security. The major platforms are prone to large security breaches. The longer you are on social media, the more likely your odds of being impacted by at least one such event.

Final thoughts: Social media governance has become a super complicated landscape. My prediction is that it will only continue to grow in scale and complexity. This is largely because of a few key factors:

  • The number of platforms has expanded (Snapchat, Tik Tok, and VSCO being the latest examples) and will continue to grow in the coming years.
  • The proliferation of paid social media means that you not only have to govern your social media channels and access to them, but you also have to govern the paid side of the house – ad accounts, access to ad accounts, payment methods, etc. If your operation is large enough, we are now starting to see social governance tools emerge to help with this type of work. I am a very big fan of a tool that helps us tremendously in the management and tracking of both our channels and our paid side of the house.
  • The number of people using social media across all platforms just keeps growing (the number of companies using social media therefore also continues to grow).
  • Privacy concerns and things like the Cambridge Analytical privacy scandal are all impacting how closely the platforms are controlling the data they share – which makes governing within the new rules ever more complicated.
  • Regulations like GDPR in Europe and CCPA in California add another layer of complexity – but an important one that can come with hefty fines (tens of millions of dollars in the case of GDPR). Therefore governance becomes a very high priority to ensure compliance.

So – in short, if you do not have a handle on who owns your stuff, who has access to your stuff and your passwords, you have some homework to do!

This article originally appeared on:

Sue Serna

Sue Serna is a Consultants Collective member consultant and the founder and CEO of Serna Social, a social media consulting agency focused on social media governance, risk, security and strategy. Sue is one of the nation’s top experts on social media safety and spent nearly nine years leading the global social media program for Cargill, one of the largest private companies in the United States. Sue pioneered many industry best practices that the world’s largest companies use to keep their social media footprints safe. While in that role, Sue managed Cargill’s more than 50 partner relationships with social media agencies around the world. In addition, Sue is an accomplished social media trainer and an established communicator with a passion for creating compelling content. In 2022, she was named to the Advisory Committee of the National Institute for Social Media.

Join the Discussion

Your email address will not be published. Required fields are marked *

Back to top Back to top