With the increased reliance on social media as means of communicating and interacting with customers, business owners now face the additional issue of restricting unauthorized access to their social media accounts and controlling how such social media accounts are used.
Rogue Vendor Hijacks Account: Employer Held Hostage
Similar to the nightmare on Wall Street example discussed in the first article in this series (where an employee claimed personal ownership of a Twitter account developed at the request of a business), countless stories exist about social media accounts being hijacked by the very professionals hired to manage them.
A quick survey of business owners will turn up at least one story about a vendor hired to manage a business’ social media account going rogue, holding the account hostage, and then demanding money in exchange for its return.
This is a situation that no business owner ever wants to be in and yet it is happening more and more often as business rely on social media to promote their businesses and third-party vendors to manage their social media presences. Below are several steps that can be taken to help restricting unauthorized access to the social media accounts created by your business.
Identify Social Media Accounts (Existing and Anticipated)
As a first step, every business owner needs to identify all of the social media accounts associated with their business. To avoid potential issues, it is recommended that a list be created of the accounts both currently being used by the business (or to promote the business) and those that were created previously and are no longer being used. Identifying all of a business’ social media accounts (and then restricting access to such) helps to eliminate the possibility of someone using an old account and causing trouble.
Confirm Ownership of Social Media Accounts
Once all of the applicable social media accounts have been located and identified, the next step is confirming ownership. This means confirming that the business actually owns and controls all of the accounts and that none of accounts (or any portion of them) belong to the employee or other individual who is managing them on behalf of the business. Please see the next articles in this series titled regarding how to secure ownership of the social media accounts created for your business and how to properly document the transfer of a social media account.
Audit Access to Social Media Accounts
Between the time when all the business’ social media accounts have been identified and a message is sent to those who have access to such confirming ownership of the accounts by the business, an audit should be conducted to determine who (and what) has access to the various social media accounts.
It is important to remember that both people and computer programs may have access to a business’ social media account (or certain components of it). This step is extra important if a business is working with third parties (ghost writers, scheduling programs, etc.) or if the business uses multiple devices to access its’ social media accounts.
Besides determining who has access, it is important to determine what level of access each individual or program is given to the social media account. It is best to minimize the level of access granted to any individual, whenever possible, to limit the chance of misbehavior. If an individual, program, or application no longer has a reason to access a social media account, their ability to access the account should be terminated; access can always be re-established later, if needed.
Require Use of Business Email Address and Multi-Factor Authentication for All Access-Related Modifications
As an initial measure to protect against unauthorized access (and show ownership), business owners should make sure that the logon credentials and other means of accessing the social media accounts linked to the business are tightly controlled and that access is limited to only those individuals chosen by the business.
A quick and easy way of addressing this issue is to require that a business-owned and controlled email address be linked to each social media account and that such address be used as the only method of accessing the account. If the social media account is already established, business owners can either attempt to change the email address associated with the account to a business-owned address or obtain ownership of the currently associated email address.
To add further protection a two-step verification process should be established for each account which requires approval by the business’ owner or management prior to any password change or other access-related modifications. This will help to eliminate those situations in which an employee accidently gains access to a business’ social media account (or refuses to relinquish control) and then attempts to change any of the login credentials or modify any parties’ access rights.
It is equally important to establish a policy of creating strong passwords and updating them on regular intervals (e.g., every 90 days or so) or whenever an individual who previously had access to the social media account is terminated. Changing the password frequently helps to avoid those situations in which an unauthorized individual (e.g., an ex-employee) sneaks back in and takes over a social media account (whether temporarily or permanently).
Now that you are familiar with process of restricting access to your business’ social media accounts you are ready to move on to the items considered by the court when determining ownership of a social media account and the steps that can be taken to secure ownership of your business’ social media accounts. Please read the following articles in this series available at: Who Owns Your Business’ Social Media Accounts? How to Secure Ownership of your Businesses’ Social Media Accounts, and Steps to Take to Document the Transfer of a Social Media Account
Social-media-and-your-business-how-to-secure-ownership-of-your-businesseshould you have any questions about the process of restricting access to your business’ social media accounts, securing ownership of your business’ social media accounts, or how to properly transfer (and document the transfer of) a social media account, or would like to schedule a free initial consultation, please contact Navigant Law Group, LLC at (847) 253-8800 or contact us online.
Navigant Law Group, LLC is a full-service law firm with various areas of service to assist your business, including: Employment Law, Intellectual Property, Commercial Real Estate, Litigation, and general Business Law services. Individual services include Estate Planning, Wills and Trusts, Probate, and Guardianship.
This article constitutes attorney advertising. The material is for informational purposes only and does not constitute legal advice.