Social Media for the CIO, Part 2: Security

Blog   /   Social
September 25, 2013

CIO-headerIn Part 1 of our five-part series, “Social Media for the CIO”, we looked at how a CIO can consolidate governance over the hundreds of social media accounts that have been created throughout an enterprise. By taking ownership of those public-facing assets, the IT organization can ensure that the same rigorous security standards are followed in every business unit. In Part 2, you’ll learn 4 keys to effective, enterprise-level social media security.

Download Secure Your Social Organization With HootSuite Enterprise to find out why HootSuite Enterprise is trusted by CIOs for social media security.


The Social Media Security Challenge in Context

Free Guide: Secure Your Social Organization with HootSuite EnterpriseAn information security regime is only as strong as its weakest link. Unfortunately CIOs and CISOs have had to contend with a growing number of potential weak links, thanks in large part to the consumerization of IT. The bring-your-own-device (BYOD) phenomenon and the explosive growth of social media have combined to provide no shortage of headaches for information technology organizations.

Much like consumers want technology to cater to their individual needs, employees at large enterprises now expect to use services of their own choosing, on their own devices, inside or outside of the corporate firewall. As they bring social media into the workplace, they often bring lax consumer attitudes toward security with them. They may create weak passwords for social media accounts and share them with coworkers. Password sharing becomes exponentially more dangerous as the number of accounts and users required to manage them increase.

Today’s CIO has an opportunity to create a secure business environment for social media across the entire enterprise, while working with business units to integrate their related SaaS solutions within a common framework. The key to this transformation is an enterprise-wide social relationship platform (SRP). Here are the top four security benefits of an SRP:

1. Centralized Password Management

In Part 1 of this series, we discussed why centralized, corporate ownership of social media accounts is so important. There’s simply no reason why these brand assets should be directly accessible by low-level employees, interns or contractors. Anyone who has the password to a Twitter profile or Facebook page can effectively hijack that account. And while the vast majority of workers have no reason to be malicious, their possession of social account passwords is just one more loose end that the IT department has to worry about. Because employees can be compromised by phishing or malware, the amount of people with direct access to social accounts must be kept to an absolute minimum.

After conducting a full audit of which employees have access to which account, your IT organization can change account passwords and then bring them under the auspices of an SRP. Next, they can provision access to the managers or workers who need it, at the appropriate permission levels.


2. Single Sign On

By acting as a secure layer between users and the numerous social media accounts they need to access, a social relationship platform can dramatically reduce the number of passwords any worker needs to know and keep track of. However, if your enterprise uses a social relationship platform that supports Single Sign On (SSO) technology, the number of passwords can be reduced even further.

SSO allows enterprise users to sign in once to gain access to multiple systems, such as their email and social relationship platform accounts. This not only eliminates the security complications that stem from additional passwords, but also cuts down on the time that IT organizations have to spend on helpdesk tickets related to those passwords.

The most effective SSO extends across desktop applications, web and mobile and isn’t limited to logins within the physical confines of your enterprise’s office space. That’s why any enterprise that supports Security Assertion Markup Language 2.0 (SAML) can extend user authentication for HootSuite’s web dashboard, HTML5 mobile web and mobile apps alike.

3. BYOD Security

Mobile SSO can help your IT organization maintain a secure environment for social media activity when your workforce is using their own devices. But even without SSO user authentication, a social relationship platform will significantly reduce the risks of data leakage and brand damage through mobile mishaps.

Most of us are more vulnerable to phishing attacks when we’re using our mobile devices than when we’re on our desktops. Even IT security professionals admit to being susceptible to “spear phishing” attempts that are targeted at mobile users. Because phishing, malware and other malicious attacks are becoming as mobile-centric as the rest of the technology landscape, your organization should extend the protection of a social relationship platform across every device. If users don’t have native access to social network accounts, they can’t be vectors for hackers to gain control of those accounts.

4. Secure Profiles

A social relationship platform can also protect your enterprise’s brand from careless user mistakes. When an employee accidentally sends a personal message through a branded account, the outcome can be a full blown brand disaster. These mishaps can easily occur when users have to sign in and out of social media accounts on their mobile devices as they switch between personal and professional communications. HootSuite Enterprise eliminates these unnecessary logins, and also provides an additional level of brand security. Since even the most attentive employee can send a personal message through the wrong account, HootSuite Enterprise allows administrators to designate Secure Profiles; when users attempt to publish messages from a Secure Profile, the user is prompted to manually confirm or cancel the message.

5. Real Time Security Alerts and Profile Lock

If one of your enterprise’s social media accounts is compromised, you need to know immediately. Therefore, HootSuite Enterprise can provide your IT organization with a security notification within seconds of any suspicious changes to your static profile information on Twitter or Facebook accounts, or when suspicious posting activity is detected on your Twitter accounts. If those suspicious activities remain unauthorized, HootSuite Enterprise can revert your profiles back to their prior state, locking hackers out and containing the damage to your brand.


The full guide, Secure Your Social Organization with HootSuite Enterprise is available for download. To learn more about how HootSuite Enterprise is an effective solution for your social media security and IT requirements, request a demo today.