Social media account security: what IAM teams are missing

TL;DR: Social media accounts sit outside standard IAM and IGA controls, so organizations fall back on manual provisioning, shared credentials, and weak recovery practices that drive orphaned access and poor visibility, according to Cerby. The control gap is structural because these accounts were built for consumer identity, not enterprise governance.

NHIMG editorial — based on content published by Cerby: securing social media accounts and the identity problems they create

By the numbers:

• More than half of companies (56%) have experienced social media hacking at least once.

Questions worth separating out

Q: How should organisations govern business social media accounts that sit outside IAM?

A: Treat social accounts as governed business identities, not informal marketing assets.

Q: Why do social media accounts create so many offboarding problems?

A: Because access is often tied to personal profiles, contractor credentials, or shared recovery methods rather than a durable enterprise identity.

Q: What breaks when teams rely on manual social account administration?

A: Manual administration breaks accountability first and scalability second.

Practitioner guidance

• Inventory every business social account Create a complete register of platform accounts, owners, approvers, recovery methods, and business purpose so no account exists outside governance.
• Eliminate shared password administration Replace credential sharing with individually attributable admin access wherever the platform allows it, and document exceptions where it does not.
• Test social account offboarding Run periodic offboarding checks for employees, contractors, and agencies to confirm access removal, recovery transfer, and account ownership reassignment.

What's in the full article

Cerby's full analysis covers the operational detail this post intentionally leaves for the source:

• Practical examples of how disconnected social platforms frustrate enterprise authentication and provisioning workflows
• The access patterns that lead to shared passwords, weak recovery, and ghost accounts in real organisations
• The operational model for bringing marketing-owned accounts into a more controlled access and audit process

👉 Read Cerby's analysis of why social media accounts sit outside IAM control →

Social media account security: what IAM teams are missing?

Explore further

View Full Forum →  |  NHI Foundation Course →