Welcome to Week 2 of the Social Media Spring Cleaning Challenge!


In week one of our Social Media Spring Cleaning challenge we shared a few approaches for discovering how your agency is being represented on the most popular social channels. We also covered three options for handling unofficial accounts that claim to represent your agency. Finally, we suggested that you compare the list of official accounts you discovered with what is currently in your archive, and connect those that were left out. If you missed it, you can catch up here.

Now that you’ve taken care of the unofficial accounts, let’s turn our attention to the pages and profiles that are managed by your agency and make sure that they are secure.

In today’s challenge, we will walk through how access and permissions work on some of the more popular networks. We will also share tips and best practices for managing this access, and discuss how Facebook Business Manager can be used to protect your personal privacy. Finally, we will relate this back to your archive and explain why allowing account owners to connect and manage their own pages makes everyone’s job easier.

Let’s get started!


Part 1: Who’s behind the curtain?


To make your social networks more secure, you need to start by finding out who is running them. Take out the list of official pages and profiles you generated in week one and divide the networks into two categories:

  •  Social networks with direct access — i.e. a username/password combination allows you to post directly. Examples include:
  1. Twitter
  2. Instagram*
  3. Vimeo*
  4. Pinterest*

*You can use Facebook or Google to login to these networks, but it isn’t required

  • Social networks with indirect access — i.e. a personal profile is used to manage a page or company profile. Examples include:
  1. Facebook Pages (through Facebook Profiles)
  2. YouTube (through Google)
  3. Google+ (through Google)
  4. Flickr (through Yahoo)*
  5. LinkedIn Company (through LinkedIn Personal)

* Flickr isn’t set up for shared access, but is included in this list since you need a Yahoo account to create a Flickr account and can’t just access it directly.

For the accounts listed in the direct access group, finding out who knows the username and password for each may not be possible. A simpler approach is to determine who needs to have access, then change the password and supply it just to those individuals. We will come back to managing those passwords securely in the next section.

For the social media sites with indirect access, you will need someone with an admin level role on the page in order to see who else has access. In most cases, the creator of the page is the main admin by default. Non-admin roles are used to grant access to content creators, moderators, and advertisers. The types of roles available varies by network. Here are links to descriptions of the roles on each of the networks listed above:

Unfortunately, if your agency has a page/channel on one of the above networks and you don’t already know who the admin is, finding out can be very hard. Some networks even make it their policy not to tell you. For example, LinkedIn posts the following disclaimer in their help article on this topic:

Important: LinkedIn can’t provide Company Page admin information to members or replace or remove admins. We recommend keeping records of your Company Page admins and sharing this information with your company’s Human Resources department, in case a former admin needs to be removed or a new admin needs to be added.

In other words, if no one stepped forward as the admin when you sent out the survey in the first challenge, you will have to do some detective work. Here are two techniques you can use to uncover the communicator behind the curtain.

  • Contact the network

Even though some networks make this difficult, it is still a good place to start. This is especially true if it is an official, verified account and you can demonstrate that you are a representative of the same agency. For Facebook, try gov@fb.com, and to reach Twitter, try gov@twitter.com.

  •  Message the account

If the page is actively posting, you can simply send a private message requesting the information. Make sure to identify yourself and your reason for asking if you want a response.


Part 2: Keeping Control

Now that you know who has the keys to your accounts, it is time to make a plan to maintain control. Here are a few best practices for you to follow that will help keep your accounts secure:

  1. Schedule password changes: In Part 1 we suggested that now is a good time to refresh your social media passwords and make the right people have access. Don’t stop there! This process should be repeated on a routine basis to maintain secure access to your accounts. Don’t forget to bake it into your exit process for departing employees!
  2. Require two-factor authentication: Google, Facebook, Twitter, LinkedIn, and just about every other online service offers two factor authentication these days. This added level of security ensures that if a bad actor hacks your browser, steals your laptop or finds some other way to access your login information, your accounts are still protected. Basically, two factor authorization (2FA for short) uses a short-lived code generated by a separate device (most commonly your phone). This code is required in addition to your login credentials to access your account. Make sure individuals who have access to your social media have 2FA enabled.
  3. Use a Digital Password Locker: If you have a large team, or just want to be on the cutting edge of social media security, consider investing in a digital password locker that allows you to share a login without making the password visible. Many of these tools make it easy to control access by adding and removing members. Check out this list for more information on password lockers.
  4. Designate Multiple Admins: If a network allows for multiple admins or different roles, make sure to build in redundancy. You don’t want to get locked out if your only admin wins the lottery tomorrow and runs off into the sunset.
  5. Set Up Facebook Business Manager: We strongly recommend setting up Facebook Business Manager for your official pages. It provides a way to manage access without the awkwardness of having to “friend” your co-workers online. We wrote a full article about it here, and you can find instructions for setting up your Business Manager Account here.

One thing you should never do is require employees to provide you with the login credentials for their personal social media profiles and accounts, even if these are used to manage official pages. Not only is this illegal in several states, it’s also unlikely to help. After all, the first thing someone usually does after being asked to turn over their password is to change their password.

Part 3: Best Practices for Your Archive

If you have completed both weeks of the challenge, you should now have a complete list of accounts managed by your agency along with the primary admins/owners of those accounts. This list should correspond with the accounts and account owners in your ArchiveSocial archive. You can check these relationships by logging in to your archive and clicking on the Browse tab. Click on each name and check the accounts that individual has connected (note: this list does not include any personal profiles used for authentication of the pages).

We recommend that you allow the primary user of each social account to connect it to the archive. This saves you from having to chase down passwords (which you shouldn’t do anyway – see above) and makes it possible for social media managers to access their own records.

The alternative is to make sure your ArchiveSocial administrator is an admin on all of the pages used by your agency. Again, make sure there is more than one admin to prevent loss of access due to staff turnover.

If your archive is not set up this way or you want expert advice, your friendly Customer Success Manager is here to help. Simply contact us and we will set up time to review your account with you.

Week 3 Preview

Thanks for completing week 2 of the Social Media Spring Cleaning challenge!

Next time we will show you how to use network analytics and your ArchiveSocial archive to see what pages are working for you and which ones need to go back to content boot camp. See you next week!