Is Social Media Safe for My Business?

“The political economy of the internet incentivizes Big Tech platforms… to collect, analyze, and share user data with powerful institutions that operate against the interests of users,” warns Nolan Higdon, media studies lecturer and author of The Anatomy of Fake News. And it’s not just Twitter. All social media platforms pose a risk to our personal privacy — and, by extension, our personal safety. So, what is the solution? For consumers to avoid all social media platforms that share any user data with third parties? For digital businesses and online advertisers to stick to organic social media (and paid search)? No. The onus is not on us. Following the Mudgebomb dropped on Twitter in August 2022, all social media platforms need to commit now to improving user data security, following (and not merely “endorsing”) the Santa Clara Principles, and publicly sharing and following a reasonable implementation schedule. (Twitter, for instance, has never addressed an FTC order from 2010). 

Until then, consumers should consider their two options:

• Continue to use social media, and risk their data security — as they always have
• Boycott their preferred social media app in hopes of forcing quicker action; as we’ve seen, boycotts can work, but no one’s tried it with a social media platform

For those using social media to attract new customers and/or engage and assist existing ones, the answer remains the same: continue to analyze your customer and user data in real time and historically, identifying trends in social media usage/engagement, lead generation, CTR and any other critical KPI; if your target audience is still using the app, so should you. 

But where’s the proof? We know about Twitter. Are Facebook, Instagram, TikTok, Snapchat and the others all compromised, too?

Nine in 10 consumers say they’re “concerned” or “very concerned” about the privacy of their data online, and just as many disengage with any company that breaks their trust. Makes sense. Twitter’s only the latest social media platform to generate negative press over data breaches or security lapses.

Facebook Data Security Issues

In April 2021, the personal data of 533-million Facebook users across 106 countries was shared publicly on an amateur online hacking forum. The information, recently made even more readily accessible via public database, includes user names, locations, birth dates, email addresses, mailing addresses, phone numbers and biographical info — ideal for anyone looking to commit fraud. And if that wasn’t enough, company execs refused to notify the impacted parties.

Of course, this wasn’t the first time Meta’s flagship platform put its users at risk. In 2019, millions of phone numbers and hundreds of millions of illegally stored passwords were leaked, in violation of Facebook’s own terms of service. And, according to regulators, the company also conducted facial-recognition tracking on 60 million users without proper consent. As a result, Facebook was forced to pay $5 billion to the FTC for violating their agreement to protect user privacy, plus another $100 million to the SEC for “making misleading disclosures about the risk that users' data would be misused.” (Oh, and under the 2019 FTC agreement, Zuckerberg himself could face criminal penalties for continued violations — like the one in 2021; so far, he hasn’t.)

Amazingly, though, all of this pales in comparison to the Cambridge Analytica scandal of 2016, when, at the height of the US presidential race, Facebook acknowledged that, for years, the British consulting firm had been illegally collecting the personal data of millions of Facebook users and using it to assist the campaigns of Donald Trump and Ted Cruz. At the time, Facebook execs promised to crack down; clearly, they didn’t.

Over the years, Facebook has also caught the ire of the European Union for violating its General Data Protection Regulation (GDPR), and yet in an internal memo in 2021 the company told staff not to worry — the company would “frame this as a broad industry issue,” and the media attention would die down.

Facebook was right. And despite its bad rep, particularly with the younger crowd, the original social networking site for college kids remains the most popular platform worldwide, gaining about 500-million users in the last three years.

Instagram Data Security Issues

Instagram’s got stories, highlights, reels , “lives” (live streaming), fundraisers, hashtags, a shop, an algorithmically delivered (nameless) ‘for you’ page and, of course, so many style, fashion, wellness and cultural influencers. Nevertheless, it, too, is passé — if you ask Gen Z. And with every new imitation of TikTok, the once future heir to the social media throne digs its own reputational hole deeper.

Of course, the data breaches haven’t helped. And Instagram — owned by Meta, like Facebook — has fared no better than its yearbook-inspired predecessor. 

The most recent security lapse, as far as we know, occurred in 2021, when Chinese data management firm SocialArks exposed the private personal data of nearly 12-million celebrities, influencers and other users on Instagram. The result of another scraping mishap, a misconfigured database and unencrypted data, the breach revealed users’ biographies, phone numbers, email addresses, follower counts, comments, most used hashtags, and more — along with information that was never shared with Instagram, let alone a third party.

The year before, a Comparitech security research team reported an unsecured database with a cache of info easily accessible to and fully readable by anyone. The information had been collected by Deep Social, a self-proclaimed “influencer ranking, discovery and AI-driven analytics” platform that ceased operations in 2018 after Facebook threatened a lawsuit and banned the company from Instagram; since, the database had been administered by a different company, Social Data, leaving many uncertain about the extent of the risk. The database included users’ full names, genders, ages, profile photos, email addresses and phone numbers.

In 2019, April showers did not bring May flowers:

• On April 18, “Facebook chose one of the busiest news days in American politics… to admit that millions more Instagram users were affected by a security lapse than it had previously disclosed”
• On May 20, TechCrunch reported that a “massive database” of the account info of tens of millions of Instagram influencers, celebrities and brand accounts had been “found online” by security researcher Anurag Sen; the database, hosted by Amazon Web Services, was traced back to an Indian influencer marketing agency, Chtrbox (Cheater?), which “pays influencers to post sponsored content” — and illuminated for the decreasingly trusting public how influencer marketing works, revealing not only the users’ personal info (including location!) but also their influencer ‘score,’ or how valuable the company had deemed the accountholder

Shortly after TechCrunch notified Chtrbox, the company pulled the database offline — and took to Twitter to downplay the risk (to very little fanfare; the post has accrued fewer than 25 likes and retweets in three-plus years). But, unfortunately, the damage had already been done, at least to Instagram/Meta, as “video killed the Instagram star” and top influencers fled for TikTok (and other alternatives).

In 2019, TikTok had yet to even create its revenue-generating Creator Fund, but in less than four years the Chinese audio-video app amassed more than three-billion downloads, capturing a third of all social media users; it took Instagram nearly a decade to achieve similar results (without an income-earning option, until 2022).

Not only that, within its first five years of operation, Instagram was already fielding criticism; in 2015, Apple and Google discovered that InstaAgent, a “malicious app” with access to IG’s API, had been stealing and posting Instagram usernames and passwords without their permission.

TikTok Data Security Issues

Needless to say, TikTok isn’t immune to security lapses; the social media platform, controlled and monitored by the Chinese government, has been accused of “aggressive” data harvesting as recently as July 2022 — two years after finding itself in the crosshairs of then-President Donald Trump’s attack on the world’s most populous country.

Indeed, according to a recent report by cybersecurity firm Internet 2.0, the fastest-growing social media platform collects “excessive amounts of information from its users,” including contact lists, calendars, nearly real-time geolocations, and info scraped from in-app private messaging; completely unnecessarily, TikTok, scans user harddrives hourly.

“If you tell [old-man] Facebook you don’t want to share something,” for instance, “it won’t ask you again,” explains Robert Potter, co-CEO of Internet 2.0. “TikTok is much more aggressive… When the app is in use, it has significantly more permissions than it really needs,” by default — and when a user doesn’t give permission, TikTok “persistently asks.” 

Since TikTok “can and will run successfully without any of this data being gathered,” the Internet 2.0 report suggests “the only reason this information has been gathered is for data harvesting,” or data mining, a practice often followed unethically by fraudulent organizations looking to extort our grandparents and the other most vulnerable members of our families and communities.

Although TikTok has an “approach to keeping U.S. data secure” and despite a TikTok exec’s sworn Senate hearing testimony to the contrary, leaked audio from 80 internal TikTok team meetings prove US user data has been “repeatedly” accessed from China, as recently as 2022. 

Specifically, Buzzfeed found, China-based employees of ByteDance, TikTok’s parent company, have regularly accessed nonpublic US user data — “exactly the type of behavior that inspired former president Donald Trump to threaten to ban the app in the United States.” Meanwhile, TikTok’s “world-renowned, US-based security team” have had to “turn to their colleagues in China to determine how US user data was flowing;” US-based staff have not had the permissions or knowledge necessary to access the very data they’re supposed to be managing.

This is why Washington Post columnist Josh Rogin warned 72 hours after US Independence Day in 2022 that “TikTok is running into fresh trouble on Capitol Hill” (sorry, gated). And yet, Gen Zers (and millennials and members of Generation Alpha) are sticking to their guns, some even doubling down against “stupid” emerging apps like BeReal.

My daughter, a Gen-Z college freshman and TikTok influencer, for instance, told me TikTok is “the best social media platform,” because “it’s the easiest to grow your account.” The Instagram algorithm is “really hard to work with,” and Snapchat “doesn’t really have the same ‘grow your social media’ rep.” 

According to my daughter, Gen Z is so accustomed to online life, its members “don’t really take the digital footprint into consideration.” On any social media app, she says, “your personal information isn’t safe because whatever you post, no matter what, will always be up forever — and it’s extremely easy for people to find your information.” 

An older TikTok user, Stephen Roach-Knight, a nonprofit director of communications and former special assistant to Rev. Dr. William J. Barber II, co-chair of Poor People’s Campaign, seems to agree, pointing to other, more pressing issues.

“I’m aware that the federal government has expressed concerns about TikTok’s data privacy… Is TikTok stealing user data? I don’t know, but if recent history with Facebook and Cambridge Analytica is any indication, I don’t think TikTok users should blindly trust or use the platform,” Roach-Knight told me September 2, 2022. “I am concerned about data privacy on any social platform. But on TikTok I’m more concerned with how the algorithm hooks people and sends them down some really dark rabbit holes; research has shown that users can be driven to more and more extreme content over time.”

The same is even true of Snapchat, where online bullying runs rampant and, as my daughter puts it, “users can always screenshot what you post,” even if it’s only intended for friends. “What’s the point of abandoning TikTok, Snapchat, or any of your favorite social networks,” she asked, “if there’s almost nothing any of us can do to stop any of the apps from stealing and selling our info?”

Another TikTok user with 30,000-plus followers across two accounts, Nathan Dimoff, a father and retired hacker, takes a similar approach. “I have received ads on TikTok for things I’ve talked about verbally or mentioned in Facebook Messenger, sometimes within the same hour,” he reported, but when asked whether this discouraged him from using the platform or trusting the advertisers, he said he understands “ads are one of the ways the app makes money” and “know[s] what I signed up and the risk I’m taking.”

Snapchat Data Security Issues

Unfortunately, there are security risks to Snapchat, too. In May 2019, we discovered that Snapchat employees had been spying on users for years, viewing and sharing messages, location data, phone numbers, email addresses, and more; ironically, the Indian third-party ‘spying’ tool, SnapLion, was used for spam and abuse tracking.

Thirteen months earlier, reports emerged of a 2017 phishing attack that produced the private passwords of 55,000-plus users; the attackers used a tactic similar to what’s been happening on Twitter.

The hackers created a fake site, designed to mimic the Snapchat login screen, and used a compromised account to send other users the link. Whenever a user entered their credentials, those credentials were collected, stored and published, giving the general public full account access.

Back in 2016, Snapchat employees were the victims of a cyberattack, when a hacker impersonated CEO Evan Spiegel and requested and received payroll data on current and former employees. The Snappening took place in 2014, when 200,000 Snapchat photos and videos — including underage nudes! — were leaked in a hack of a third-party app “used to save people’s otherwise disappearing photos.” As it turned out, SnapSave, or SnapSaved, had been collecting every single photo and video file ever sent through the app, giving everyone access to a 13GB library of media that users thought had been deleted. 

While some argued whether Snapchat or the other app was ultimately responsible, for the victims (and all Snapchat users) the source didn’t matter: 

• This hack, according to 4Chan users, was “far bigger” than the Fappening, the iCloud celebrity photo leak earlier in the year 
• This hack revealed the private, often risqué media of everyday users
• The private files were downloaded and added to a searchable database, allowing the public to search for stolen media by Snapchat username
• The collection of Snaps was downloaded by thousands of unique IP addresses
• The “fake competition website” used to host the database, viralpop.com, installed malicious software on the computers of every individual who tried to engage with the files, expanding the reach of the attack

The blame from Snapchat didn’t sit well, either.

“We vigilantly monitor the App Store and Google Play for illegal third-party apps and have succeeded in getting many of these removed,” read the 2014 company statement. “Snapchatters were victimized by their use of third-party apps…, a practice that we expressly prohibit in our Terms of Use” (emphasis and link added). 

The company’s apology arrived more than a week later: a poor decision from a brand that Business Insider said already had “a poor history when it comes to the security of users’ data.” 

Earlier that year, hackers used Snapchat to send photos of fruit smoothies to thousands of people. In 2013, the company was forced to apologize after 4.6-million Snapchat usernames and phone numbers leaked online to ring in the new year.

In other words, Snapchat’s advertising and word of mouth may have worked, but both our kids and our business accounts are no safer with 24-hour photos than your organization is advertising on Twitter or trendjacking on TikTok.

OK, then what about LinkedIn? Isn’t it best for B2B anyway?

LinkedIn is indisputably best for businesses looking to partner with or sell to other businesses and business leaders. But, unfortunately, that hasn’t made my personal favorite immune to cyberattacks either. In a span of three months in 2021 alone: 

• An archive with data from 500-million LinkedIn accounts was posted for sale on a popular hacking forum, with another two-million records leaked as proof of concept
• A security breach exposed the private personal data of 700-million LinkedIn users, or 93% of the platform’s total user base

And, like its competitors, LinkedIn has typically responded to security concerns by skirting responsibility. Which means:

• LinkedIn is no better and no worse than Snapchat, TikTok, Instagram, Facebook or even Twitter
• If marketing or advertising to other businesses and biz execs is the right social media marketing strategy for your business, LinkedIn is the app you should (continue to) use

Oh, and LinkedIn offers an advantage its competitors won’t ever even consider: an entire online learning portal tailored to employee training and professional development (78% of Fortune 100 companies use LinkedIn Learning; extraordinary L&D is one of the top seven ways to enhance employee experience and retention).

And the other apps? Do we stay on social media? Or do the risks outweigh the benefits?

The answers to your questions — and the social media solution for your organization — have to come from within. And they won’t be the same for the random company across the lot or even necessarily your closest competitor (that you’ve ideally already identified via your online competitive analysis tool). 

So, lean on your experts, and hold them accountable. In a series of simple steps, the trio of your social media marketing manager, marketing technologist and marketing data analyst should be able to determine: 

• The effectiveness (or lack thereof) of your organic social media marketing and paid social media advertising campaigns and strategies
• Whether your brand belongs on social media
• Which social media platform(s) your brand should prioritize (if any)

How? By:

1. Measuring your performance on each app against standard social media KPIs and benchmarks
2. Comparing the apps based on each’s metrics

17 Social Media KPIs You Should Be Tracking

1. Follower count: the number of accounts following (or subscribed to) your account
2. Audience growth rate: The rate at which your follower count is growing, calculated by dividing your new net followers by your total audience and multiplying by 100
3. Impressions: the number of times your post is visible in a feed or timeline
4. Reach: the number of people who see your post
5. Potential reach: the number of people who could see your post, calculated by multiplying your total number of mentions by the number of followers of each account that mentions you
6. Likes: The number of times users interact with your post by liking/loving it
7. Shares: The number of times your post is shared, on and off the app
8. Comments: The number of public responses to/on your post (which, of course, does not determine sentiment)
9. Engagement rate: The measure of the effectiveness of your post, calculated by dividing all the engagement the post receives (including likes, comments, saves and favorites) by your total number of followers and multiplying by 100
10. Applause rate: The rate at which your post receives positive engagement, whether via likes, saves, retweets, favorites, etc., calculated by dividing the total of your ‘approval actions’ by your total number of followers and multiplying like 100
11. Amplification rate: The rate at which your followers and other users share your posts, calculated by dividing your total post shares by your total number of followers and multiplying by 100
12. Click-through rate (CTR): the percentage of users who click on your post, calculated by dividing the total number of clicks on the post by the total number of post impressions and multiplying by 100
13. Conversion rate: the percentage of users who take you up on the CTA associated with your post, whether it’s visiting your website or landing page, completing a form, making a purchase or some other action, calculated by dividing your total number of conversions by the total number of post clicks and multiplying by 100 (on social media, a conversion refers to converting an app user to a website user, a lead, or a customer)
14. Bounce rate: in opposition to the conversion rate, the percentage of users who click on your CTA link but quickly leave the destination without taking any action, calculated by dividing the total number of conversions by the total number of clicks and multiplying by 100
15. Cost per thousand impressions: the amount you pay each time your sponsored post or ad is served 1,000 times, calculated by dividing the total spend devoted to the post by the total number of impressions and dividing by 1,000, providing a glimpse into what you’re paying for brand awareness
16. Cost per click (CPC): more important than cost per thousand impressions, the amount you pay for each sponsored post or ad link click, calculated by dividing the ad spend devoted to the post by the total number of post clicks
17. Social share of voice: the percentage of people who mention your brand versus your competitors, calculated by dividing your brand mentions by the total number of mentions (your mentions + your competitors’ mentions) and multiplying by 100

11 Steps to Picking the Right Social Media Platform(s) for Your Brand

While analyzing your social media performance, ask yourself the following questions for each app you currently use or have used in the past:

1. Do we adhere to [app name here]’s safety guidelines? Do we have any internal safety measures in place to protect our organization and/or our customers from social media spam, hacks, etc.? What about a policy and process if an account is lost? 
2. Who is responsible for our social media strategy, content creation and organic implementation? Are they subscribed to Customer Engagement Insider? Are they keeping an eye on industry trends? Have they tried the top seven social media marketing strategies listed here? What about our seven must-haves for optimal social media marketing performance?
3. What is our [app name here] strategy, and how might it need to be adjusted based on increasing consumer and regulator attention on social media user data security?
4. Do we advertise on social media? If so, who is responsible for determining who we target, along with how, when, at what cadence, and on which platform(s)?
5. How much money do we spend on [app name here], per campaign, per quarter, and per lead? How does this compare to other social media platforms and other forms of digital marketing (e.g., email or text messaging)
6. Who is responsible for our social media data analytics? How does recent performance compare to historical performance? How does our performance on each social media platform compare to our performance on the other platforms? Were there specific organic or paid campaigns that performed particularly well (or poorly)? How does our social media performance compare to our performance using other digital marketing strategies and tactics?
7. Do we rely on [app name here] for third-party data? Have we begun to prepare for the retirement of tracking cookies? Do we use a CDP to facilitate responsible data usage by gathering, consolidating, standardizing, validating and deduplicating user, lead and customer data?
8. Is there anything we do from a digital marketing, sales or CX perspective that specifically requires [app name here]? If not, what might be the impact of closing our account or only using it for certain, narrower purposes?
9. If leaving [app name here] would create gaps in our digital marketing, sales or CX, how could we best turn them into opportunities? Are there other strategies or tools we haven’t yet tested? 
10. Do we use a third-party social media management platform? If so, can we calculate the ROI? Is it worth the investment? What are the pros and cons? And if we haven’t yet tried one, why not?
11. Before creating our social media accounts, did we refer to the Electronic Frontier Foundation’s guide to which apps we can trust, and in which ways?

Who Has Your Back?: An EFF Chart

7 Social Media Marketing Strategies You Should Try

Even though everyone now hates Instagram and already hated Facebook, there’s always TikTok, Snapchat, Pinterest (which only works for certain, ‘aesthetic’ brands), YouTube (which has terrible social networking capabilities), and using influencers to do all the work for you (hmmm…).

These are the seven best social media marketing strategies I’ve implemented wherever I’ve gone:

1. Use social media influencers to spread your message and influence Gen-Zers, millennials and even Gen-Xers and members of Generation Alpha to become customers and eventually brand ambassadors themselves (nearly 90% of Gen Zers and millennials initially learn about things they want to purchase on social media — and four in 10 teens trust influencers more than their friends) 
2. Create and nourish communities (literally, and via groups, Spaces and live streaming) to develop loyalty and generate more leads and ROI
3. Run polls to showcase your morals, values and vision
4. Share behind-the-scenes footage to demonstrate your commitment to employee experience
5. Leverage trending topics to create buzz (also known as “trendjacking”)
6. Respond ‘on main’ (and in DMs) to customer complaints and compliments to provide — and publicly demonstrate — optimal customer experience
7. Use each social media platform for what it does best, like the industry groups and in-app/RSS newsletter on LinkedIn, the spaces and communities on Twitter, or the duet feature and ‘for you’ page on TikTok; as my friend Lance, founder of Rainbow Youth Project, LGBTQ+ influencer and TikToker with 30,000-plus followers, tells me, “While many mature adults have large accounts with thousands of videos, Gen Z truly runs TikTok, and they enjoy clapbacks, snark and arguments; I post a ‘good gesture’ video and get maybe 2,000 views, but I post a clapback and see 700,000 views”

7 Must-Haves Before Implementing Your Social Media Marketing Strategy

To achieve your social media marketing goals, you’ll need someone on your team who can:

1. Operate your influencer marketing platform, manage and utilize your relationships with influencers (and customers), and develop your influencer marketing program (e.g., an affiliate program manager, partnerships program manager or digital marketing manager — and a digital marketing, social media or PR strategist)*
2. Operate your social media marketing platform, manage all the day-to-day social media coordination, and moderate and facilitate engagement (i.e., your social media coordinator and community manager)*
3. Develop innovative polls based on the company mission and cause(s) (e.g., a social media manager or brand manager)
4. Create and disseminate compelling custom content, video and otherwise (i.e., your social media content creators)
5. React quickly to capitalize on changing trending topics — on brand, and authentically (e.g., a social media strategist, digital marketing strategist or brand strategist)
6. Not only deliver a positive CX but publicly demonstrate that commitment under the increased pressure of performing in an open forum (i.e., a team of CX professionals, with some help from a leading social media automation tool)
7. Monitor all the social media apps (and social media management platform) to prevent — and, if necessary, respond to — security breaches (e.g., an indefinite working group consisting of your marketing analyst, marketing operations manager, marketing technologist and social media manager, in addition to at least one representative from your IT and/or global security department(s))

* CEI partners and subscribers have exclusive access to our guides to mastering influencer marketing and social media, which feature lists of the apps I most highly recommend for each; click the appropriate cover image to download:

Image Credits (in order of appearance)

1. Photo by Ümit Yıldırım on Unsplash: https://unsplash.com/photos/Ass0DusYDk4
2. Photo by Solen Feyissa on Unsplash: https://unsplash.com/photos/iurEAyYyU_c
3. Photo by Hans Vivek on Unsplash: https://unsplash.com/photos/Ex8y5KfgBNI
4. Photo by Solen Feyissa on Unsplash: https://unsplash.com/photos/Yaw9mfG9QfQ
5. Photo by Souvik Banerjee on Unsplash: https://unsplash.com/photos/PQXlYuQeX4c
6. Photo by Greg Bulla on Unsplash: https://unsplash.com/photos/auITmXWF3Qw
7. Photo by Jenny Ueberberg on Unsplash: https://unsplash.com/photos/kWeA7AD0LNA
8. Photo by John Cameron on Unsplash: https://unsplash.com/photos/-_5IRj1F2rY