When developing policies, it is important to build a team of policymakers with individuals from multiple departments. These could include HR, Marketing, Public Relations, Sales, Business Development, Legal, and Customer Service. Each of these areas of the company should have a say in policies that may directly affect them, reviewing each operational aspect of the response plan accordingly.

At a minimum, the social media monitoring that should be agreed upon needs to include HR, IT, Legal, and the Community Manager or similar position, team, or board. These departments need to come together to develop a baseline of monitoring points, such as tracking industry trends and influencers, especially those relating to your brand. Monitoring and reporting what different communities are saying about your company online. Monitoring other organizations’ activities in your industry. Deciding what tracking tools will be used to monitor employees on social media, as well as how lenient to be in this monitoring. Tracking sites that mention the company most often as well as any changes in interactions based on the training being done within the company. Defining how necessary the monitoring of social media usage is, as well as who should take part - the community management team or a larger pool of employees? Lastly, and likely most important, is updating any and all security threats to social media platforms that the company uses while monitoring employee activity on these platforms. 

Due to the constant evolution taking place in the social media realm, it is important for companies to stay up to date with this policy. However, it also depends on how strict the company is. If a company is very lax on its social media policy, it could get by with reviewing the policy every other year. For companies that have a broad social media presence, it is more worthwhile to revisit the social media policy on a regular basis, such as quarterly, while recognizing the necessity to revisit the policy when the company looks to expand to a new social media platform. This updating should involve the same departments that took part in the development of the policy to begin with.

Conducting a risk assessment is a sure way to protect the company, especially when it comes to prioritizing the threats that could affect the company. During this assessment, the company looks at the threats on hand and determines the level and priority of these threats, as well as the risks they offer if not dealt with properly.

Proper risk assessment can be completed via the threat management lifecycle that does just that. This identifies and collects the threats, assesses the risk involved with each of these threats, analyzes the company's ability to respond to these threats, and creates action plan approaches that identify how threats will be discovered and monitored for activity. This also includes planning for future threats and how the company will respond.

Training in social media security is extremely important to protect the company. Companies should look into training community managers and employees alike. This training would be best delivered via a mix of training seminars and interactive informational sessions. In order to ensure community managers and employees stay up to date with the endless changes surrounding social media security and properly prepare for social media catastrophe, it would be best to hold training at least once a year. This would be mandatory for both parties on a yearly basis with optional refreshers available throughout the year.

The training would be different for each party, however, both would be required to review applicable policies. For community managers, it would cover social media disaster recovery, how to go about reporting in the event of an emergency or technical issue, defining and revisiting communication principles that fit with the online worlds’ everchanging mood, and refining security practices in partnership with the company’s IT and HR departments. For other employees, it would cover a variety of the basics - protecting sensitive information, implementing email safeguards, recognizing and reporting phishing attempts, reinforcing safe web-browsing practices, and detecting and avoiding social engineering attacks. While this seems like a lot, it is of utmost importance for companies to ensure their employees are properly trained to handle the wide variety of attacks out there, all of which could compromise the company both on social media and via hackers.