Security Guidelines for Social Media Accounts

Guide to social media security

Security Guidelines for Social Media Accounts

Will you know how to regain access to your company’s Twitter profile if your social media manager suddenly leaves? Protect your social media assets with these guidelines:

  • Change passwords every year at a minimum.
  • Social platforms should be linked to one generic email, usually a Gmail account, because a Gmail account is required for G+ and YouTube anyway. Do not use a personal email or a specific employee’s email account.
  • Change passwords immediately after an employee leaves the company, and change admin statuses accordingly.
  • Each platform should have a strong unique password.
  • When two-step authentication is an option, use an employee’s email and the phone number from an outside agency if one is retained. This provides an internal and external person access.


  • We recommend three full admins for the page, at least two employees and one from an outside agency if possible.
  • Use two-step verification.


  • Ensure Facebook Business Manager is set up and used. This is the best way to ensure security and permissions.
  • Outside of Business Manager, make sure there are three full admins for the page; at least two employees and one from an outside agency if possible.
  • Do a sweep to make sure all old and unnecessary admins have been removed every quarter.
  • Research the third-party apps being used: SSL encryption, segregated databases, cloud-based redundancy, expiring passwords and expiring data purges. Look for these precautions from your third-party apps.


  • The phone number should be from the associated agency or whomever oversees social media.
  • Again, use the master generic Gmail account for Twitter.
  • Using Hootsuite or Tweet Deck avoids having to give the password to multiple associates, yet still allows associates to have permissions.


  • Use two factor verification, which will need to be activated every time account is accessed from a new device.
  • Every quarter, check authorized third party applications to see what apps are accessing your Instagram.


When securing the Gmail account, it is important to note that it also secures the Google + and YouTube accounts. This is also the email that holds all the other social platforms, so it is important to ensure the following steps are implemented:

  • Use an employee’s account as the recovery account.
  • The recovery phone number is that of an associated external agency.
  • Pull account activity reports every three months and act accordingly.



Pinterest does not offer two-step verification; it’s important to have a strong password as well as limit the number of users with access to this account.

Social media security infographic

Michelle Tresemer

Michelle is the owner and founder of Tresemer Group, creating and implementing effective, data-driven digital marketing strategies for our clients. Michelle brings expertise in SEO/SEM, web analytics, social media, lead generation, and conversions. Connect with me on LinkedIn