This document outlines key components that should be included in a social media policy to manage risks for organizations. It discusses how the COVID-19 pandemic has increased risks of misinformation spread on social media. A social media policy should clearly define roles and responsibilities, security protocols, crisis management plans, and expectations for employee advocacy. It provides examples of what to include under each of these sections, such as password protocols, privacy settings, content banks, and separating personal and business posts. The goal of a social media policy is to protect brand reputation, prevent security breaches and PR crises, and increase employee advocacy while using social media.
2. Covid-19 and Social Media
The COVID-19 pandemic has demonstrated how the spread of misinformation,
which is intensified on social media and other digital platforms, is proving to be
as much a threat to businesses and organisations.
Advancements in technology and social media create opportunities to keep
people safe, informed and ultimately connected. It has become difficult for
organizations to resist the use of social media as a core part of their
communication and marketing strategies.
However, these organisations need to ensure effective systems are put in place
to prevent – and resolve – risks that may arise as a result of using social media.
3. Social Media risks
Reputational Risk (PR disaster):
▪ unattended social media accounts
▪ human error
▪ imposter accounts
▪ hacked accounts
Security Risk:
▪ vulnerable 3rd party applications
▪ phishing attacks and scams
▪ unsecured mobile phones
4. Social Media policy
A social media policy basically spells out how an organization and its employees
should conduct themselves while navigating the web. It helps protect the
organization’s online reputation and encourages employees to also get involved in
sharing about the organisation with their online connections.
This should be simple, clear, accessible, and continually updated.
It is not meant to stifle employees but to ensure no negative surprises are
encountered in future.
5. Why have a Social Media policy?
A social media policy accomplishes the following:
Clearly sets expectations Protect brand reputation Increase employee advocacy
Prevents security breach
Prevents possible PR crisis
6. Components of a Social Media policy -1
Roles and responsibilities:
1. Who owns the organization’s accounts?
2. Specify duties: advertisements, security, strategy, social listening
Security protocols:
1. Passwords to Social Media accounts must be changed frequently. Employ 2FA. Do not use the
same password for all accounts.
2. Tighten privacy settings
3. Monitor SM postings/accounts, especially when you outsource it
4. Update of software and devices
7. Components of a Social Media policy -2
Crisis management plan:
1. emergency contact list
2. internal communication guide
3. ensure responses to negative posts/mentions, or queries are handled by authorized individuals.
You can add a contact to be reached in such cases.
Enhanced employee advocacy
1. develop a content bank for them to choose from
8. Components of a Social Media policy -3
1. Employees who are let go should not continue having access to company’s Social
Media accounts
2. Keep an open mind when engaging in online conversations. Always remember
cultural differences and ideologies.
3. Separate business with personal posts. When in doubt, DO NOT post. Be aware
that whatever you share is permanent.
4. Be transparent when engaging online. If you’re part of the social media team, do
end every post with your assigned intitials/name, or an official hashtag.
5. DO NOT use official device to log in to a personal account
9. What to do in drafting SM policy
1. Research the systems your organization interacts with
2. Which roles would mostly be relevant in drafting the policy? Set up a system to
approve posts.
3. Bring in auditors to show how to control the management of Social Media
4. Where would the policy be hosted? Intranet? On local PCs?