I've asked around at work and done some research online too, and I saw that there are set procedures that outline what to do when an employee leaves a company. However, there's no checklist that tells social media managers what to do when one of their employees/colleagues suddenly leaves. On a good case scenario, the departure is amicable and nothing else happens.
However, due to circumstances, these departures aren't always amicable...
These are just a couple of examples of what can happen are some of the most memorable ones. However,this seems to be happening too often for it to be left unnoticed by other social media managers.
So, here's a checklist you can use if anyone who's dealt with your social presence leaves your company/brand:
- Change the passwords to your social accounts: while this is self-explanatory, the fact that there are more and more cases of (ex) employees easily hacking social accounts after they've left their companies clearly shows that this easy step is still ignored by many.
- Change the passwords to the emails that belong to your social accounts: even if you change the passwords to your social accounts, it's easy to reset your password if someone has access to the associated email address = all you need is just a click on "forgot/reset password".
- Change passwords to any social tool: whether you're using Hootsuite, SproutSocial, Adobe Social or any other social tool - if it's linked to any of your social profiles, change the tool's password. These tools can be used to access your social profiles without having to log in to those profiles.
- Do the same for other social tools, e.g. analytics tools. Unless you're comfortable with the thought of personal stats related to your social profiles being outed online (e.g. how much you're spending for ads, your reach), change the password for those tools.
- Revoke access from any social tool: some social profiles allow you to link your personal profile to a brand page. For example, before you can manage your Facebook Page, you need to link it to your Facebook Profile. Make sure that you revoke access to any social accounts that work in the same way.
- Don't use the same passwords for all your accounts: use a password generator if need be. There are several resources out there (free and paid) that can help you with this. One website I always recommend is Wolfram Alpha - it's free, efficient, and you can choose your parameters, such as password length and strength.
- Don't reuse passwords you've already used: this applies to any profile and account that needs password authentication. While some social profiles won't allow you to reuse old passwords and will prompt you to create a new one after a certain amount of days (e.g. Facebook), it is best practice to apply that to any account you use.
- Check for any inactive accounts: whether they're inactive because you're planning to use them in the future, or they're inactive because you don't need them anymore, keep a list of these accounts and change their password.
To conclude, here's one thing I definitely recommend: two-step authentication. This involves using two forms of authentication (e.g. a password and a code). Most banks, government websites, and local authorities use this form of protection (e.g. having to insert your password and a time-sensitive code generated from an app). Social tools are starting to do the same too: some of the first platforms to embrace this were Google+, YouTube and HootSuite (you can learn more about HootSuite two-step verification here). This high level of security can prevent "hacks" from outside sources, since knowing only the password to such an account would not be enough to log people in.
It's worth checking whether the social platforms you're on allow two-step authentication, and if they do, it's time to switch that option on, for your own security.