Last week marked the first Identity Management Day – a team effort from the National Cybersecurity Alliance and the Identity Defined Security Alliance. This day’s purpose: “to educate business leaders and IT decision makers on the importance of identity management and key components including governance, identity-centric security best practices, processes, and technology, with a special focus on the dangers of not properly securing identities and access credentials.”
Obviously I’m a fan of this type of thinking. But when it comes to social media specifically, the folks at these two organizations have really put their finger on the issue for most companies. I cannot tell you how big the divide is between the people who actually manage social media for a company and people like business leaders and IT decision makers. I would classify it as a prime example of what I call “a gap in understanding.”
At its core, the reason for this gap is completely understandable and simplistic in explanation: the right people are not having the right conversations. Here’s why.
- Managing social media has become an extremely complex and nuanced thing. Unless you manage social media for a living, you probably don’t have much reason to think about how it’s done and what the risks could be. And most social media teams are under-resourced and constantly just trying to put out the fire du jour. Even though a lot of social media teams know they need to tackle this, a lot of them simply don’t have the bandwidth. It is a pretty large undertaking, especially for big companies.
- On the other side of the equation, folks like IT and business leaders have lots of other things to think about, and they are simply not even aware the risk exists to be mitigated in the first place. They do not understand the nuances of how social media is managed or even the data sets that need protecting. They usually don’t even know enough to ask the right questions, and most of them quite honestly simply don’t ask period.
I predict that companies will not be able to stick their heads in the sand much longer. There is about to be a collision of cybersecurity concerns and social media management methods for most companies, especially large enterprises with hundreds of channels to manage. Chief Risk Officers, CTOs and CIOs are going to start asking their social teams about process, protocols and security. So a day like Identity Management Day, which focuses on getting business leaders and IT decision makers to pay more attention to this space is more than welcomed.
To borrow liberally from the Identity Management Day website: Research by the IDSA reveals that 79% of organizations have experienced an identity-related security breach in the last two years, and 99% believe their identity-related breaches were preventable. According to the 2020 Verizon Data Breach Investigations Report, as many as 81% of hacking-related breaches leverage weak, stolen, or otherwise compromised passwords.
So if your company is still operating in what I call the Wild West of social media, it’s time to really dig into the process of getting out. I make this point all the time, but a major social media incident can have long-term impacts on your brand, your reputation, your identity as an employer and so much more. Make sure you take the steps to protect your social media accounts and put the right infrastructure into place to govern social media responsibly and actively.
If you’re lost about where to start, check out my four pillars of good social media governance here. Or check out some of these great resources.
- Why identity management matters
- Advice from our identity management champions
- The increasing threat of credential theft
A version of this article was originally published here.