Protecting access to your unit social media accounts is critical to protecting MSU's social media presence and brand. Here are a few best practices to follow to ensure your access to pages and profiles is maintained and secure.
Frequent Access Audits
- Check the access permissions for all your accounts on a regular basis (at least once a semester).
- Remove access from any individuals (i.e., student staff, employees who have left the team) who are no longer with your unit.
- Add removing access and updating passwords to your checklist for when employees leave the unit.
- Change account passwords whenever someone who had access leaves the team or changes roles.
Multiple Individuals with Access
- For accounts connected to an individual's personal accounts (i.e., Facebook and LinkedIn pages), ensure each page has at least two full-time employees with admin level access.
- For accounts accessed with an account-specific password and login, keep the passwords safe and ensure at least two full-time employees know what the password is for each account.
- Consider using a password locker app that allows you to share passwords to staff.
- Use a unit email address for account logins, when possible, rather than the email account of an individual staff member. Ideally, this email account is only accessible by the marketing staff or their designates (at least two full-time employees).
Multi-Factor Authentication
- Set up multi-factor authentication for all accounts. This is also known as two-step authentication.
- Set up multiple multi-factor authentication options, such as an authentication app and SMS message, when possible. You can add multiple accounts to an authentication app, and you can add the same account to multiple authentication apps. Authenticate (by Microsoft) and Okta (used by MSU for various systems) both allow you to add social media accounts.
- If you set up SMS messaging as an authentication option, document the owner of the phone number used so that your team members know who to ask for the code. Make updating this setting a part of your staffing transition checklist and routine access audit.
- If you purchase a new phone or device, be sure to transition your multi-factor authentication to the new device prior to erasing your authentication settings on your old device. Some apps also allow you to save a backup of your settings to the cloud to import on the new device.