Social Media Cybersecurity: Don’t Let Employees Be Your Weakest Link

June 12, 2024  |  Karoline Gore

The content of this post is solely the responsibility of the author.  LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Maintaining an active social media presence can be a great way to improve brand visibility and generate leads, but it also opens the door to cybersecurity risks — from phishing scams and malware to identify theft and data breaches. If employees accidentally post confidential information or click dodgy links via corporate accounts, cybercriminals can launch malicious attacks that can cause lasting damage to your business (67% of data breaches result from human error). Despite that, as many as 45% of businesses don’t have an official social media policy for employees to follow. Fortunately, by creating a comprehensive social media policy, you can raise social media cybersecurity awareness among your employees, and keep sensitive company data safe.

Creating a social media policy

A formal social media policy should outline cybersecurity best practices for employees working with your business’s social media accounts. At a minimum, the policy should prevent employees from posting things like private business plans, trade secrets, and personal details about other employees, customers, and clients. It’s also important to include guidance that helps employees avoid common cybersecurity risks — for example, they should know not to click on suspicious messages or links as these can contain worms (self-replicating malware) and phishing campaigns.

Quizzes should also be off-limits. Although they might seem like harmless fun, social media quizzes may be harvesting company and/or personal data to sell to third-parties. Hackers can also guess passwords from the information provided in quizzes, so they should be avoided altogether.

Corporate content should be posted with corporate devices, not personal ones

Your social media policy should also state that work devices (and only work devices) should be used to create and publish corporate content. When staff are free to use their personal devices, they may accidentally post personal content on the corporate account (or vice versa). So, personal devices should never be used for business purposes, so as to prevent any mix-ups. Personal devices also tend to be far less secure than corporate ones. Shockingly, 36% of remote workers don’t even have standard password protection on all their personal devices, which leaves any corporate accounts accessed on them at greater risk of compromise.

That said, it’s also important to regularly invest in new corporate devices rather than relying on old ones in order to save money. 60% of businesses hit by a data breach say unpatched vulnerabilities were to blame, and these weaknesses are often present on old devices. “Consider the fact that older devices run older software and are often prone to working slowly and freezing up” Retriever warns. “They’re also less likely to be able to stand cyber attacks. These factors put data at risk and it’s why it's recommended that computer hardware is updated every three years”.

Only allow authorized employees to publish content

You can secure your social media accounts even further by making it a rule only authorized employees can publish corporate content. However, never grant these employees full admin rights if you can help it. Doing so technically gives others the power to remove you as an admin, which would mean you’re no longer in control of your corporate social accounts. It’s also important to pay attention to which employees have page admin and editing roles. So, if/when these employees leave your company, they should then be immediately removed from these roles to keep your accounts secure.

A good password policy for your social media accounts can also help prevent unwanted access. For instance, two-step verification reinforces security by making users show a second form of ID on top of their password (usually, in the form of a code sent to their phone that they have to then enter). Also, make use of available user access logging features that can provide you with greater account transparency. With these, you can record who accesses the account and who’s responsible for what activity (including unauthorized posts).

Social media cybersecurity is essential to keep your business accounts secure. By implementing a solid social media cybersecurity policy, you can successfully improve cybersecurity awareness among your employees and turn them from your organization’s biggest security weakness into your greatest strength.

Share this with others

Featured resources


Futures Report

2024 LevelBlue Futures™ Report: Cyber Resilience


2024 Futures Report

Get price Free trial