Follow this guidance if you’re a security assurance subject matter expert (SME) and you're responsible for assessing security, management and usage of your social media accounts at your public sector organisation.
This guidance will help you carry out a security review of your social media platforms using the following Report Template.
Please email email@example.com if you have any questions or comments.
The Central Digital and Data Office (CDDO) developed this guidance based on the National Cyber Security Centre's protecting what you publish guidance which recommends the following.
Identify the stakeholders who are responsible or accountable for the social media accounts and have the authority to provide responses to the proposed recommendations.
In most cases, the stakeholder group includes the ‘Head of the Communications’ or ‘Head of Content and Innovation’ and ‘Communications Manager’ or ‘Social Media Manager’.
Contact the stakeholders to start your review. You can let them know you would “like to discuss with you the latest NCSC protecting what you publish guidance and help you identify and implement potential improvements to avoid potential security incidents”.
Work with the stakeholders to clearly define the scope of the security assessment. This will include identifying:
You will need to interview the identified stakeholders to understand the existing technical controls and procedures around the social media working practices and get some evidence for your assessment.
NOTE: You can use this social media assessment workbook, which includes questions to ask during the interview and allows you to document the responses in relation to the social media security controls being applied.
You may need to carry out more than one interview and follow-up discussions before you get all the information to make the findings and recommendations.
You will need to analyse and assess the information and evidence from the interviewees to develop findings, residual risks and recommendations.
Use this Report Template to record the outcome of the review and discuss it with the stakeholders. This report will help you to:
NOTE: To help you make recommendations you should cross reference your findings with the Using social media securely guidance.
We recommend discussing and iterating the report with your interviewees to agree an action plan for each recommendation.
Depending on the type of recommendations, it may be essential to set up regular checkpoint meetings with the person who is going to implement the improvement plan. This will help you to monitor the progression of these improvements and provide direction and advice.