The Cybersecurity and Infrastructure Security Agency (CISA) has released Capability Enhancement Guide (CEG): Social Media Account Protection, which details ways to protect the security of organization-run social media accounts. Malicious cyber actors that successfully compromise social media accounts — including accounts used by federal agencies — could spread false or sensitive information to a wide audience. The measures described in the CEG aim to reduce the risk of unauthorized access on platforms such as Twitter, Facebook and Instagram.
CISA encourages social media account administrators to implement the protection measures described in CEG: Social Media Account Protection:
- Establish and maintain a social media policy
- Implement credential management
- Enforce multi-factor authentication (MFA)
- Manage account privacy settings
- Use trusted devices
- Vet third-party vendors
- Maintain situational awareness of cybersecurity threats
- Establish an incident response plan
Note: although CISA created the CEG primarily for federal agencies, the guidance is applicable to all organizations.