Staying Safe on the Internet

Social Media Safety

Last Updated: July 2022

Your organization can reveal a lot – and sometimes more than it intends – by posting and commenting on social media. Whether it is Facebook, Twitter, Instagram, YouTube or region-specific social media sites such as VKontakte and Odnoklassniki, you should always think carefully about what you post, and properly configure any privacy settings that may be available. This is true not only for your organization’s official pages, but also in some cases for staffs' personal accounts and those of their family and friends too.

Social Media Security and Political Parties

Cellphone image

Social media accounts are a common target of harassment and hacking. If not properly protected, compromised social media accounts can pose a risk to your party’s reputation or the integrity of information being communicated to potential supporters and voters. For example, in the lead up to Ecuador’s 2017 presidential elections, the social media accounts of members of the country’s Creating Opportunities (CREO) party were targeted and hacked. The hackers broke into the Twitter accounts of two CREO members of Congress, and used the accounts to spread rumors in the middle of the presidential election campaign. The unauthorized access to the official accounts created confusion and damaged the campaigns not just for those members, but for the party as a whole.

Develop an organizational social media policy

Assume that anything posted on social media could become public knowledge, and craft an organizational social media policy accordingly. This policy should answer questions such as: Who has access to your social media accounts? Who is allowed to post and who needs to approve posts? What information should/should not be shared on social media? If you post photos, location information, or other identifying information about your staff, partners, or event attendees have you asked for their permission, and have they considered the risks?

In addition to developing your policy and making it clear to staff, be sure to properly configure your privacy and security (often referred to as “safety”) settings. Some key questions to ask yourself as you decide what privacy and safety settings make the most sense for your personal and organizational accounts, include:

  • Do you want to share your posts with the public, or only with a specific group of people internally or externally?
  • Should anybody be able to comment, reply, or interact with your messages or posts?
  • Should people be able to find you or your organization using your email address or (personal or professional) phone number?
  • Do you want your location shared automatically when you post?
  • Do you want to block or mute hostile accounts?
  • Do you want to block specific words or hashtags?

Each social media site will have different privacy and safety settings, but these general concepts apply universally. As you consider these questions, take advantage of helpful privacy guides from the major platforms: Facebook, Twitter, Instagram, and YouTube. For Facebook in particular, be cautious about your privacy choices regarding Groups. Facebook Groups are a popular spot for engagement, advocacy, and information sharing, but unrestricted groups can be joined by anyone. It is not uncommon for “fake” accounts to pose as real people in an effort to infiltrate private social media groups or pages. Therefore, accept “friend” and “follow” requests carefully. Remember that your organization’s social media accounts are only as secure as the accounts that are “linked” to it. This is especially important to remember for Facebook, where your organization’s page may be managed by someone’s linked personal account.

Online Harassment

Unfortunately, many organizations face significant harassment online, especially on social media. Such harassment is often directed with even more intensity at women and marginalized populations. Online violence against women in particular can create a hostile environment that leads to self-censorship or withdrawal from political or civic discourse. As identified in NDI’s Gender, Women, and Democracy team’s Tweets that Chill report, when attacks against politically active women are channeled online, the expansive reach of social media can magnify the effect of harassment and psychological abuse, undermining women’s sense of personal security in ways not experienced by men.

As your organization develops its social media policy, it is important to be cognizant of these dynamics. Build into your security plan structured support for staff who face negative messages, insults, and threats on social media (both as part of their jobs and in their personal lives.) Develop an anti-harassment infrastructure within your organization, including surveying your staff to understand how online harassment impacts them and create a rapid response team to help staff face challenging situations. PEN America’s Online Harassment Field Manual also provides detailed recommendations on how you can support staff who face such harassment. You might consider, if your staff are comfortable doing so, reporting incidents of harassment and/or problematic accounts directly to the platforms as well.

When engaging with staff who have been the victim of harassment online (and in the physical world as well), it is important to be sensitive. As outlined by the Association for Progressive Communications’ Women's Rights Programme’s Take Back the Tech, understand that a survivor may be dealing with trauma, and recognize that violence (online or offline) is never the fault of the survivor. Ensure such issues can be raised and discussed (if staff are comfortable doing so) in a confidential and safe environment, with the option of anonymity. And include in your organization’s security plan a list of local professionals, organizations, and law enforcement agencies that you can connect staff to for legal, medical, mental health, and technical assistance if needed. For additional ideas, check out Feminist Frequency’s Online Safety Guide.