How PR Pros Help Keep Their Brands Safe From Social Cyberattacks

PR pros often focus on the “fun” side of social: the stories, images and conversations that bring a brand to life. Unfortunately, darker forces also exist. Brands now face a number of adversaries; from account hacks to bot cyberattacks. Sometimes, brands are their own worst enemy, violating federal regulations that a communicator may not have even been aware of.

Luckily, technology evolves to meet these challenges. We spoke to Roman Tobe, manager of product marketing at cybersecurity company Proofpoint, who will discuss social media crisis management during our sister event, The Social Shake-Up, May 6-8 in Atlanta. Tobe shared some of the biggest social media risks facing brands in 2019, as well as steps PR pros can take to address them.

Argue for Third-Party Support from a Reputational Standpoint

Working on Proofpoint's digital risk protection team, Tobe's tasked with monitoring and protecting against threats that live beyond a company’s internal IT network. These include social media, web domains, mobile apps and the deep and dark web.

Tobe and his team help provide "visibility into digital channels." Most brands lack the time and technology "to monitor, classify and organize all the digital threats they face," he says. "It’s simply too big of a job for a company to take on itself."

"Energy companies want to know about potential threats to their facilities. Retail brands need help identifying counterfeit websites. Banks are concerned about social media phishing scams. Across the board, companies need help identifying fraudulent executive social media profiles and accounting for any physical threats to their key people."

To that end, he says, a company might start with a specific need or threat it requires help protecting against. Arguing for a third-party cybersecurity firm to assess vulnerabilities the brand might have missed is a communicator's prerogative, as the PR team handles damage control when a breach occurs. Hence, positioning the need for a third-party cybersecurity audit from a reputational standpoint ties it to larger brand goals.

Don't Expect Big Social to Protect you from Cyberattacks

PR pros should stay active on Facebook, but not become passive or complacent to the changes and nuances that its products offer their marketing teams. "Once brands have a plan in place for their content and account protection policies," Tobe says, "they can engage on Facebook with a sense of security."

He adds that communicators ought to work with legal, social and marketing to construct a governance policy and guidelines that the marketing team can refer to when engaging on the network. Once that policy is constructed, it can be automated to screen trolls or bad actors.

"Many brands on Facebook do not know they can remove unwanted comments from their posts,"  says Tobe. In addition, content remediation can be automated. So, if  a comment—or even a post from the brand—violates content policies, it is removed. Other content that such systems can track and remove include "negative language, hate speech or, in extreme cases, the posting of regulated data such as social security numbers, email addresses and phone numbers."

Education is the Best Defense for Securing Social Channels from Cyberattacks

Tobe also believes that PR should help make sure social accounts are secure around employee turnover, especially when passwords are shared and former employees retain access to social media accounts. "Facebook links admin accounts to personal accounts," he says. "Companies must ensure corporate and personal password management policies are in place."

"It starts with education and knowing the risks," Tobe continues. "Create a social media and digital security task force, and make sure there are several stakeholders involved in proactive security measures. Social media accounts are becoming invaluable assets. Companies cannot do without them. Adding security measures to these channels helps keep brands safe, helping to ensure they make the news for all the right reasons."

Make Sure Other Teams are Good Actors

Communicators in industries like financial services, healthcare, energy and pharmaceuticals know that they must operate under many regulations. Sometimes other departments are aware of those regulations.

"Regulators look for social media communications to be fair, balanced and not misleading (FINRA 2210)," says Tobe. "Imagine a financial advisor promising big returns on investments on social media. Financial services need technology...that can act as a virtual compliance officer, so their brand and sales teams can engage and sell on social media without the worry of raising regulatory red flags."