This is both a how-to post and a cautionary tale. One of clients recently fired an employee who had access to both the company website and social media accounts. My client didn’t immediately change some passwords, and, while nothing bad happened, it could have been a disaster.
Here’s what the employee had access to:
Admin on Facebook
Twitter password
Client’s admin password for the website (still not sure how that happened)
Because I’m in the habit of asking nosy questions, we figured it out fairly quickly and were able to take action. The ex-employee caused some minor mischief on the website, but it was easily fixed. Stop for a moment, however, and think about what could have happened. The ex-employee could have, for example, deleted the entire website. While it was backed up, that could have taken many hours and much frustration.
So what should my client have done, both in advance of the firing and afterwards?
Before turning social media over to an employee, here’s what you need to do:
1. Setting up social media and website
The owner of the company is the best person to create social media profiles. If you do outsource the project, make sure you receive all user names and passwords. Once you’ve received them, immediately change the passwords. There are ways to allow others to post on your behalf on most social media platforms without giving someone full access to the profile. It might cost a small amount (like upgrading to the Premium version of Hootsuite to allow team members to post to Twitter), but it’s worth it.
When setting up your website, create different levels of user access and only give employees the minimum rights they need to do their job. Never give an employee your login information. If an employee needs administrator rights to the site (and consider carefully before deciding they do), give them those rights under their own account, but don’t give out your information.
2. Implement a company-wide password policy
Using a tool like LastPass is a good habit to establish in your company. It allows you to create secure passwords without forcing employees to work with impossible-to-remember passwords. LastPass can be set up to automatically change passwords on a scheduled basis. This won’t cause disruption because LastPass is remembering the new passwords, not your employees.
3. Create a social media handbook
Clearly define social media roles and expectations. Do you want employees to post about your company on their personal social media profiles? Great, but decided in advance what it acceptable and what is not.
If you delegate social media updates to one or more employees, provide guidance. What is the purpose of each social media profile? What kinds of posts are desired? What’s acceptable? What’s not? How often should they be updated?
It takes a bit of work up front, but it will save you time and hassle later. Not sure how to create a handbook? Contact me. I can help.
Those steps will give you a good foundation before turning social media over to an employee. But what should you do immediately after (or before) an employee leaves?
First, remember you’ll want to follow all the steps, whether the termination was voluntary or involuntary. It doesn’t matter how cordial was the parting. You still want to protect yourself.
1. Close employee accounts
Does your employee have an account on your website? Delete it. If it’s needed for some reason, change permissions to the minimum access. That limits the amount of damage an employee can potentially cause.
Is your employee an admin on Facebook? Remove them. A team member in Hootsuite? Delete them.
2. Change all social media account passwords
Even if you are certain you never gave an employee login information to your Twitter or other accounts, change the passwords anyway. You never know what employees can dig up.
Keep a master list of all accounts and which employees have access to them and at what rights level. Use that as your guide.
3. Monitor accounts closely for a few weeks
If you’ve changed passwords and removed accounts, there should be no way a disgruntled employee can post inappropriate content on your accounts, but I still recommend caution. If you have multiple social media accounts, it can be easy to forget one. Keeping track of what’s being posted to each account is another level of safeguarding. Most employees will move on in a week or so, so you won’t need to be extra vigilant for long.
Those are my suggestions? Have you had a problem with an ex-employee on social media? Feel free to share your stories and suggestions in the comments.