by special guest author Statton Hammock, Principal of ASHnet Legal Services, PLLC
Non-profit organizations leverage social media platforms to organize grassroots campaigns, solicit donations, mobilize volunteers, and connect with constituents who support their charitable mission and purpose. A non-profit’s reputation and effectiveness heavily depend on its social media identity and therefore protecting and securing social media accounts is crucial. Non-profit organizations can benefit greatly by following these eight simple best practices for securing their social media accounts.
Create Strong Passwords. Social media accounts, like all digital accounts, are vulnerable to compromise by bad actors. Organizations should have different, strong, passwords for each social media account. Additionally, if the platform offers two-factor authentication (2FA), the social media administrator should choose the option to add this security feature. 2FA requires a user to provide a second piece of information in order to gain access to the account (for example, a password plus a phone number, or an email address plus a special generated code). Strong passwords and 2FA can greatly reduce the risk that someone can hack social media accounts and spread misinformation.
Limit Staff Access. Many non-profits operate with a small staff and because organizations need to maximize operational efficiency, everyone in the organization is often given access to social media accounts. However, providing everyone with access to an organization’s social media accounts greatly increases the risk that a staff member inadvertently deletes an account or posts something inappropriate to the organization’s mission or message. An organization should designate a single person to be the manager of its social media presence, solely authorized to make changes to the account, and create and post official organizational announcements.
Create Unique Email Addresses. It is advisable to use only one specifically-designated email address when creating each social media account. This best practice ensures that if any account is compromised, other financial or operating accounts that use the same email address won’t be at risk for hacking and hijacking. For example, an organization should create specific email addresses like SOCIAL1@NONPROFIT.ORG, SOCIAL2@NONPROFIT.ORG, etc. for each of its respective social media accounts, and use different email addresses for bank accounts and other important business accounts.
Close Unused Accounts. Unfortunately, the popularity of social media platforms rises and falls. Changes in user behavior cause popular social media sites to go out of fashion or shut down altogether (Does anyone remember MySpace, Vine, Kik, or Tumblr?). Hackers can use old social media accounts to create new accounts by linking to them, so it is important for non-profits to close all social media accounts that are no longer in use.
Monitor Social Media Content. If a non-profit frequently reviews and posts content on its social media sites, there is little risk that unauthorized posts will be undetected. However, if posts are infrequent, it is advisable to check the organization’s social media feed regularly to make sure the account has not been compromised resulting in unapproved content being posted by bad actors.
Keep Social Media Apps Current. Always download the most recent version of the mobile application of the social media platform that has bug fixes and security patches to protect against the most recent software vulnerabilities. Using an older version of the social media platform exposes a non-profit organization’s account to risks of hacking or hijacking.
Have Clear Social Media Guidelines. If there is one best practice that stands above others it is having clear, express, written guidelines regarding social media use and publication by staff, organization partners, and volunteers. These guidelines should not be lengthy or stuffed with legalistic sounding “do’s and don’ts.” Most guidelines should simply emphasize good judgement and common sense. There are hundreds of articles and templates available online to help an organization craft a good social media policy. Choose one and make the necessary modifications to ensure that it strikes the right tone with the non-profit’s staff and volunteer base.
Volunteers, donors, partners, and benefactors all look at a non-profit’s social media accounts to keep track of its charitable mission and to gauge its impact. Making sure all social media accounts remain trusted and secure is a critical objective for both non-profit and for-profit organizations. Having clear internal policies regarding use and protection of social media accounts will greatly reduce the risk that a non-profit’s online reputation will be compromised.
ABOUT THE AUTHOR
Statton Hammock is a recognized expert in Internet-related law, policy, and brand protection. Statton advocates for regulations, procedures, and industry best practices that promote the security, trust, and safety of the Internet and use of online platforms. Statton has worked with the world’s most recognized brands and non-profit organizations to develop and protect their intellectual property rights online and enhance their digital presence.
