Security for social media
Take action to limit the risk of losing control of or access to your channels.
On this page
General security
To protect your social media accounts:
- set expectations of device and platform security for staff, contractors and agency members (at a minimum, this should include items listed in the “technical security” section)
- only provide access to your accounts to people who are actively managing them
- allocate different permission levels (such as admin, editor and advertiser), where possible
- establish processes to remove:
- staff from accounts in offboarding
- agencies from accounts when contracts expire
- review apps, people and agencies that have access to your accounts at least every 6 months
- never store passwords in a shared document
- never share passwords via email or a messaging platform (give them verbally instead).
Technical security
At a device or platform level, we encourage you to:
- turn on two-factor authentication, where possible
- use strong passwords (consider using password generator)
- use a password manager
- use unique passwords for each platform
- lock devices when you leave them unattended
- frequently change passwords
- delete, close or unpublish pages that have fallen into disuse
- link your accounts to a secure email
- only link your pages to legitimate accounts (for example, on Facebook, a user given access to a page shouldn't be using a nickname, fake name or account designed for multiple staff members to share).
Social platform risk and security
Social media platforms come with some inherent brand safety risk, mainly due to their user-generated content-driven business models.
As with most media channels, it’s always worthwhile comparing your desired platform to some of the other social platforms in reaching your target audience.
For specific advice on risk for a certain social media platform please discuss with your media agency.
Alternatively, email the NSW Government Brand, Digital and Communications team at: