Social Media Security Tips for Financial Advisors

Visit Heart of Advice

for expert insights on the most pressing topics financial professionals are facing today.

Social media has become a key tool for businesspeople to establish better communication with their existing clients and attract new business. While embracing social media is tremendously worthwhile, it’s important to keep some things in mind—mainly, making sure your social media presence is secure and compliant. We’ve assembled a list of security tips that every financial professional should keep in mind while establishing their social media presence.

Password integrity is key. While you may think your account’s password is secure, the odds tell us that it probably isn’t. During a risk analysis assessment, global business services firm Deloitte found that over 90% of user-generated passwords are vulnerable to hacking – and that includes passwords made up of different types of characters (numbers, letters, and symbols). While it’s nearly impossible to come up with a password that is 100% hack-proof, there are two main ways to make sure your log-in information is secure.

Try not to use any words from the dictionary or sequential numbers. Even though they’re a lot harder to remember, passwords that use random combinations of numbers and letters (“6f51Bh99”) as opposed to set patterns (“ABC123” or “password789”) are far harder to crack.
Change your password often. Changing your password frequently will greatly reduce the likelihood of your password getting cracked or stolen.

Make sure you’re adhering to FINRA social media regulations and your firm’s compliance standards. FINRA published a Regulatory Notice on social media usage in 2010. You should refer to your employer’s compliance standards first and foremost, but it’s a good idea to at the least have a working knowledge of FINRA’s regulations. Here are some key points from the Notice:

Every firm that intends to use social media to communicate must keep a record of all social media communications.
Include additional compliance disclosures with social media posts that recommend specific investment products.
Social media posts (or other spontaneous communication such as posts to online forums or chat rooms) are subject to the content requirements of FINRA’s communications rule.

Have a consistent practice-wide social media policy. Chad Pollitt at Huffington Post makes a great case for why having it’s a smart move for businesses to have a social media policy. While your practice might not want to go as far as Chad suggests and intend to promote brand advocacy through employees’ individual social media accounts, it’s a good idea for you and your coworkers to know (if you’re responsible for implementing these kinds of policies at your practice) that everyone represents the practice at all times—even when you’re not in the office. A simple rundown of things that are unacceptable to post on social media (profanity, confrontational messages, offensive content) is a good place to start. Also, if multiple people at your practice manage your firm’s social media presence, make sure they’re all on the same page as far as the tone and frequency of your account posts.

Watch what you post. Don’t be fooled by the delete button—once you post something to the internet, it’s there forever. It seems like common sense, but make sure you’re exercising caution when posting online. A good rule of thumb is to limit what you post online to what you’d be comfortable putting on a billboard outside your home.

Make sure the security settings on your accounts are enabled. Here are some things to keep in mind as you set up your business accounts on the three leading social media sites for business, Twitter, Facebook, and LinkedIn.

Twitter
- To access your account settings, click the gear located in the top right of your home screen.
- Once you’ve accessed the Settings submenu, click on “Security and Privacy” on the left sidebar. This will give you several sets of options listed under the “Security” and “Privacy” subheadings.
- Under the “Security” subheading, review your options and consider making the following changes to ensure your account is as secure as possible.
  - Verifying your log-ins will prevent unwanted people from accessing your account. The second option—“Send login verification requests to [your phone number]—adds an additional layer of security to your account, where a text messaged code is required to log in. The third option adds the same layer of security, only through the mobile Twitter app. Use your judgment to choose whichever of these options makes the most sense for your situation.
  - Click the box that will require you to provide personal information in order to reset your account’s password. This will make it far more difficult for someone to log into your account and change the password, effectively locking you out from the account.
- Under the “Privacy” subheading, there are more settings you’ll want to tinker with.
  - It’s best that you don’t allow people to tag your business account in photos. With a business account, the ultimate goal is to allow interaction with current and potential clients while controlling your brand as much as possible—not allowing people to tag you in photos makes this much easier.
  - Make sure the box next to “Protect my Tweets” stays unchecked. For a business account, you want to make sure your tweets reach the largest possible audience.
  - Leave the box next to “Add a location to my Tweets” unchecked for maximum security. Otherwise, each tweet will be marked with the name of the city or town you’re tweeting from.
  - Check both boxes under “Discoverability” if you signed up for the account with your business e-mail address and phone number. This will allow people with your business contact information to find your account and follow you. Otherwise, leave these boxes unchecked.
  - The “Personalization” and “Promoted content” settings are largely irrelevant for a business account. However, for the most secure settings, leave those boxes unchecked.
- Once you have your settings the way you want them, click the blue “Save Settings” button at the bottom of the page and you’re all done!
Facebook
- Facebook has far more robust security settings with more options to keep your page secure while allowing current and potential clients to view your content. Click the “Settings” tab in the upper right corner of your screen to get started.
  - Once you’re in the Settings tab, you’re presented with a sizable number of options for your page. For the purposes of this article, we’re going to stick with just the security options that pertain to your business’s site. Click “Edit” button next to the following options to change them from their default settings.
  - Leave both of these boxes unchecked. While social media is all about two-way communication and not one-way advertising, leaving these boxes unchecked will make sure that your page will only display your business’s posts.
  - By checking this box, you’ll be able to target specific audiences to see certain posts. While most of your posts probably won’t be targeted, it’s nice to have this option available.
  - Check the box next to this option. This way fans of your page can contact you through Facebook with any questions they might have about your practice.
LinkedIn
- There aren’t many available security options for LinkedIn, since it’s a more public social media site. There is, however, one privacy setting you might want to change.
  - You can access the “Privacy & Settings” menu by hovering over your profile picture in the top right of the page, and then clicking “Review.”
  - Choose “Select who can see your connections.”
  - This menu will then pop up. You’ll have the option of displaying your list of LinkedIn connections to everyone, or making them only visible to you.