Menu
Blog

How to build a social media protection program: a 10-step guide

How to build a social media protection program: a 10-step guide
6 minute read

Building a social media protection program is a must have in the modern age. Business are increasingly exposed to risks -- cyber, brand and physical -- on social media and digital channels, all of which exists unregulated and outside of the business’ infrastructure. A social media protection program perfectly complements both a social media management and listening program, and provides the critical protections for where most modern businesses create a huge portion of their value: social networks.

The following 10-step social media protection program guide is relevant for anyone within an organization, be it information security, marketing, customer success, risk & fraud or corporate security. For a full dive on social media protection, download your free copy of Social Media Protection for Dummies.

1. Assemble a Task Force

Expect the kickoff meeting to be a lengthy, in-depth conversation. Marketing and information security teams generally lead this meeting, and they should plan to begin educating stakeholders about the purpose of a social media protection program before exploring possible goals and responsibilities. The key deliverable for this meeting are documented processes and policies. Consider educating these other departments or distributing resources before the task force assembles to ensure this first meeting and the task force itself can be as action-oriented as possible.

2. Assess & Prioritize Risks

Depending on your industry, the size of your organization, and your current presence on social media, the frequency and severity of the risks you face will vary.

The organization’s active social media users (typically marketing and customer success) should come prepared with information and examples of known risks. For a full risk profile of the organization, work with a social media protection vendor to create an initial assessment.

Most social media protection task forces assess the risk to the organization based on frequency and severity of risks. Account hijacking, for instance, has a low frequency but an incredibly high severity. Assigning some comparative qualifications for risk based on your organization’s tolerance allows for prioritization of risk.

Other organizations, especially those with more resources or more robust risk management protocols, can assess desired risk levels, existing risk levels, and methods of harmonizing the two. The more rigorous the approach, the better the company will be able to implement efficient, economical tools and policies to protect the organization adequately.

3. Decide on Roles & Responsibilities

At the initial meeting, the main objective is to collectively agree on roles and responsibilities. This entails identifying what risks exist for the brand, which are worth addressing, and which are the most urgent.

Based on this prioritization, it should become evident which stakeholder is tasked with identification and remediation. For example, it could be a customer success team’s responsibility to identify customers leaking PII or credit card information, but it may be up to fraud and legal to remediate the leak.

4. Establish Processes & Policies

The core initial deliverable for a brand protection task force is documented processes and policies.

  • Processes describe workflows for each risk, stakeholder engagement, remediation and takedown, and review.
  • Policies provide guidelines for key stakeholders and for active social media users at the company. They also lay out game plans for executive social media usage, training programs, and regulatory guidelines where applicable.

5. Train Relevant Staff

A critical component of a social media protection program is training for relevant staff on policies defined by the brand protection task force. When you train employees on internal policies, also include general education topics around social media protection, security and privacy.

This is especially critical for marketing and support staff who actively engage with prospects or customers. Ensuring that your support staff is engaging appropriately can be the difference between return customers or a social media catastrophe. Be sure to establish a process, update it regularly and develop an enforcement mechanism to ensure it’s being upheld effectively.

6. Monitor & Address Risk

This phase is the continuous enforcement of the policies and procedures. The most involved social media protection stakeholders—generally information security, risk & fraud, marketing and customer success—should use social media management, social listening, and social media protection tools to identify risks, assess sentiment, and manage & takedown threats accordingly.

The speed and efficiency of monitoring and damage control are critical, as risks can go viral in minutes. Stopping the bleeding as quickly as possible is crucial. Social media protection tools need to be set up in accordance with the priorities laid out in the initial meeting and deployed to the correct stakeholders. Content in violation of a social network’s Terms of Service can be flagged for removal or automatically requested for removal via a social media protection tool.

7. Watch for Trends and Update Policies & Processes Accordingly

Assign someone to stay abreast on social media topics, including emerging threats, changes in policies and regulations and evolving attacker tactics. These should be rapidly incorporated into the existing policies and procedures. In addition, deploy a tool that will auto-update with trainings and news for all users.

8. Schedule Recurring Check-ins

Schedule regular check-ins monthly or quarterly. At these meetings, review trends, discuss wins/losses, and update goals based on feedback.

9. Report & Review

Establish a framework for metrics and reporting to be circulated to stakeholders at a consistent cadence. Work with your social media management, social listening, and social media protection vendors on analytics and reporting. These metrics will guide the review process and should show where progress is being made, where is it not, and gaps in the program.

10. Regularly Complete the Ultimate Business Social Media Protection Checklist

    See ZeroFox in action