Another Facebook security vulnerability? Must be Tuesday. You need to have a social media strategy as part of your branding. However, you also need to protect your company from the data risks inherent in social media activities. Social media risk management is an integral part of your IT security risk management process, but what do you need to know?

Managing Risks of a Social Media Presence

What are the primary social media risks?

You already recognize the idea that with great marketing comes great responsibility. You’re already out there creating a strong brand voice. Unfortunately, modern hackers are continuously trying to access your data using social media accounts.

User Authorization

The most recent Facebook vulnerability left 50 million accounts open to potential data leaks. If you’re using Facebook as your primary login, then your data is at risk. It’s that simple. If you want the more complicated explanation, user authentication tokens allow you to use your Facebook login as a single-sign-on option. When you start using a new application, you’ll get the “sign on with Facebook” or “Sign on with Google” options. If you’ve used Facebook to log in, then your data may be at risk based on the vulnerability. What we know right now is that Facebook closed the hole. What we don’t know is whether other applications such as LinkedIn or Google also have vulnerabilities. Therefore, you need to think about how you’re logging into your social media accounts and how you’re using them to log in to other applications.


Good ol’ phishing continues to plague us. Now, however, it’s begun targeting messenger applications. For example, maybe you’ve automated your direct messages to send discounts to your customers. Hackers enjoy taking over these automation and sending out messages that look like yours. When they put links in the messages, they use the same social engineering tactics of fake links that look real. To protect your branding, you need to make sure that you’re monitoring your messenger applications regularly for these kinds of intrusions.

Poor Password Hygiene

That’s right. If you’re using a risky password for your corporate social media account, anything shared on there becomes hacker fodder. Are you using something like “12345” or “password1”? You’re putting your corporate data environment at risk. Think about it this way: all of the information you collect as part of your social media marketing strategy is linked to those social media accounts. Any customer or potential customer information is at risk if a hacker gains control of your social media account. Are you tracking potential leads based on social media analytics and using a weak password? You’re putting everything from your information landscape to your reputation on the line. All for the ease of remembering a password.

Why Managing Social Media Risk Matters

You’ve probably focused on the importance of handling employee social media use as part of the social media policy embedded in your Bring Your Own Device (BYOD) policy.
However, as a marketer, you also need to work with your IT department to manage your own social media activities.
Sitting down with your Chief Information Security Officer gives you the opportunity to understand the ways your practices may make their job more difficult. For example, your social media accounts may not be third-party vendors, but your third-party social media tools are. Buffer, Hootsuite, and IFTTT all connect to your systems and networks. You need to be talking to your CISO to identify risks that these tools pose.
Meanwhile, if you’re using a work browser connected to your work network from a company device, then managing your social networks impacts the information. Here’s an example:
You’re sitting down to review the posts on LinkedIn. You click on something to read an article. The article, however, is a phishing attempt. Clicking on the link now downloads malware to your browser that can capture any passwords you use on the browser. You log into the web platform for your marketing database. The login information – name and password- could be compromised.
All of this happened because you were using a social media account to do your job. Now, your IT department’s security attempts are compromised.

What Strategies Mitigate Social Media Risk?

Three steps can help you mitigate the data risks inherent in social media marketing.

Social Media Policy

Create a policy specific to your social media marketing strategy. This includes making sure that you have clear expections about:
  • Password Strength
  • Content Monitoring
  • Access Lists
  • Interacting with the Public
  • Security Breaches
  • Crisis Responses
You need to talk to your CISO about how you report and handle the aftermath of a social media hacker getting into your accounts. You need to make sure that you’re working together rather than isolating yourself from a department that helps you protect your client lists.


As boring as it sounds for a social media marketer, you’re the first line of defense for protecting all the information you access. More importantly, since you focus on protecting brand identity and image, you need to make sure that you’re creating a safe place for customers. To do this, you need to make sure that you’re staying updated on the most recent threats to your social media accounts. Whether it’s another Facebook vulnerability or a Twitter hack, you have to educate yourself about how your activities threaten the whole company.


If you have multiple people working with your social media accounts, you need to make sure that you create a chain of command reviewing the activities. Any risk management process includes doing due diligence over information activities. You need to be aware that your marketing strategies also impact other areas. If you retweet or share a phishing link, you’re putting your entire company at risk.

How ZenGRC Enables Social Media Risk Management Workflows

Workflow management requires communication. With ZenGRC’s platform, you can connect your cybersecurity activities to the overarching data security requirements set out by your IT department. Your IT department can prioritize tasks that help you focus on real time tracking for vulnerabilities in your social media networks. As soon as they hear of a risk, they can tag you. If you hear of a risk, you can tag them. With our intuitive interface, you don’t even need to be an IT professional. You can easily create and follow tasks so that you work as a team. Our centralized dashboard offers the IT department actionable key performance indicators (KPIs) that help them see into the company’s information security protections. Connecting the marketing department’s data strategies to overall company policies supports your the company’s enterprise risk management strategies.
For more information about how ZenGRC can streamline your GRC process, contact us for a demo today.