Social Media Account Security and Policies
Social Media Account Security
In an effort to further protect Vanderbilt’s digital identity and online reputation, and to strengthen the security related to Vanderbilt social media accounts, it is recommended that social media account managers update the passwords for all of your area accounts at least once a semester.
The password to the social media profiles that you manage for Vanderbilt is the only protection available for these accounts -- accounts that allow immediate communication with prospective and current students, faculty, alumni, parents, and community members. Protecting the security of these accounts is a very important part of ensuring they are not overtaken for malicious purposes.
To increase security, we recommend changing social media passwords at the beginning of each semester.
- Multiple people should have access to all of your department's social media accounts. At least two people per department should have access to that department's social media accounts; at least one of these people should be a full-time faculty or staff member. Students should not be the only people with access to official university school or departmental accounts.
- If someone who has access to the account leaves Vanderbilt, passwords should be changed immediately.
- When the admin of a Facebook account leaves Vanderbilt, they must transfer the admin role to another Vanderbilt person before they leave.
- All passwords should be reasonably complex and difficult for unauthorized people to guess.
- Choose passwords that are at least eight characters long and contain a combination of upper- and lower-case letters, numbers, and punctuation marks and other special characters such as !@#$%^&,*).
- Do not include words related to your department or school.
- A password should be unique, with meaning only to the employee who chooses it. That means dictionary words, common phrases and even names should be avoided. One recommended method to choosing a strong password that is still easy to remember: Pick a phrase, take its initials and replace some of those letters with numbers and other characters and mix up the capitalization. For example, the phrase “This may be one way to remember” can become “TmB0WTr!”.
- Do not re-use passwords you have used previously. Do not use your e-password.
- Passwords should not be shared via email. When possible, share the password verbally with shared account managers. If this is not possible, you can share the file securely using VUIT’s secure file transfer website.
The email address associated with the account should be a Vanderbilt email account.
- Like other schools and departments at the university, student organizations should follow the guidelines set out in this handbook.
- Before starting a new social media account for your student organization, check to see if one already exists; if it does, you should gain access to that account rather than creating a new one.
- Only student organizations officially recongized by the university should refer to themselves as official accounts.
- The person creating the social media account for the student organization must be affiliated with the organization.
- At least two people should have access to update the student organization social media accounts; when it makes sense, one of those people should be a full time faculty or staff person.
- When one of the managers of the student organization social media account graduates or leaves the organization, they must add another person to the account, and remove themselves as manager.
Platform-Specific Additional Security Options
- Twitter login verification
- Facebook login approvals
- Snapchat login verification
- LinkedIn two-step authentication
Important University Policies
Social media usage at Vanderbilt is governed by the same policies that govern all other electronic communications. Read the policies below before engaging in any social media campaign as part of your official duties at Vanderbilt and if you use social media for personal purposes.
Advertising on behalf of external vendors is prohibited on Vanderbilt websites and social media presences (with the exception of Vanderbilt Athletics, through their media rights provider ISP).
- Electronic Communications and Information Resources Policy (HR-025)
- Acceptable Use Policy
- Conflict of Interest Policy
- Technology Policy
If you identify yourself as a Vanderbilt employee -- for example, through a bio or comments -- you should include the following language in your bio or account description:
The views and opinions expressed here are not necessarily those of Vanderbilt University, and they may not be used for advertising or product endorsement purposes.
For Twitter or other similar platforms with restrictive word count:
Tweets my own. Or Opinions my own.
If you do not identify yourself as being affiliated with Vanderbilt University, you do not need to include this language.
Vanderbilt University Medical Center Social Media Policy and Guidelines
Vanderbilt University Medical Center faculty and staff must also read and follow this policy and these guidelines before creating a social media presence in which they engage in online discourse and identify themselves with VUMC.
Social Media Channel-Specific Policies
All social media sites, such as Facebook, have policies about how they will or will not use your content, what is and is not allowed, etc. Be sure to familiarize yourself with these policies before you launch your channel.
If you have any questions about social media best practices, or need guidance when problems or issues of concern arise, contact the Social Media Team.