Protecting Your Brand from Employee Sabotage

Unfortunately, malpractices happen all the time with employee sabotage being a particular issue in the digital marketing world. Why? Because disgruntled staff no longer just moan about their boss down the pub. With access to social media platforms many employees drag businesses through the mud, tarnishing reputations that can be hard to fix. So, how can you start protecting your brand from employee sabotage? Here are my top tips.

Types of Employee Sabotage

There are many different types of employee sabotage, such as:

  • An online smear campaign caused by an employee with a grudge
  • An employee with a very competitive side hustle trying to damage your digital reputation in order to gain an advantage
  • An employee going off-brand, posting non-compliant content, being rude or simply not obeying company guidelines
  • An employee stealing company leads or a prized database

For the purpose of this article, we’re looking at employee sabotage from a marketing angle and how to preserve your digital marketing presence.

Help! An Employee has Gone Rogue on Social Media

More than one billion people are active on Facebook and there are 145 daily active users on Twitter. Corporations such as LEGO have over 13 million likes on Facebook while Gucci has 5.9 million followers on Twitter. Social media is huge in 2020 with brands relying heavily on an airtight social media strategy to attract and engage followers while maintaining a strong identity. So, it’s easy to see how a series of rogue posts, can throw a business into disarray and get people asking questions. Admittedly it can be funny to view, like this recent example from a British government employee that went viral in May.

But as a company owner, this is obviously a concern.

Employees acting out on business social media accounts has happened time and time again. From HMV employees taking over the company’s official Twitter account to express their anger at being sacked.


…to the London Underground letting their patience slip with regards to customer care – which of course received immediate backlash – it is clear social media is a place to vent and let off steam. Which, in turn can expose terrible company HR and exploit social media loopholes.




New York Daily News (NYDN) also got stung by a fired social media manager looking for the last laugh with scenes from Pulp Fiction splattered over Twitter…


Note: This is a screenshot as the tweets were swiftly deleted.

And, so did the British Milk Council when a fake Twitter account was set up by a former employee, which got picked up and laughed at by a multitude of followers

Indeed, just this month (July), a Twitter hack which compromised a number of high-profile accounts was thought to have been made possible by insider involvement – showing how it’s not only fired or ex-employees that can cause trouble. According to reports, more than a thousand Twitter employees and contractors had access to internal tools that could change user account settings and hand control to others, making it hard to defend against a hack.

Hackers repeatedly tweeted from the verified accounts of Democratic presidential candidate Joe Biden, Bill Gates, Tesla Chief Executive Elon Musk and former New York Mayor Mike Bloomberg. Twitter announced that perpetrators “manipulated a small number of employees and used their credentials” to log into tools and turn over access to 45 accounts. Oh my! Accounts were temporarily suspended to sort the issue rapidly.

How to Prevent Employees Stealing Company Assets

When you think of what employees might want to steal, expensive equipment might come to mind. But with regards to employee sabotage, it’s often company assets such as your social media accounts or customer contacts that people want. Running off with a laptop is one thing. But taking over Twitter, Facebook, Instagram, Medium and other social platforms can cause maximum damage to a company’s reputation and marketing efforts. So, how can you prevent this from happening? Let’s look…

#1 Limit Account Access

In light of the recent hacking event over at Twitter HQ, Edward Amoroso, former Chief Security Officer at AT&T said, “That sounds like there are too many people with access.” And he has a point. “In order to do cyber security right, you can’t forget the boring stuff” and this means:

  • Thinking carefully about page admin

Admins can administer your Business Page and must be added so they can make the necessary changes. Many business owners lose their social pages because they gave a single admin too much control. This admin can then vanish entirely leaving the social account stagnant, post unvetted content for malicious purposes or kill the page completely. Page admins can also remove other admins on Facebook, so it’s really important to think carefully about who you’re giving power to.

There are many different kinds of admin statuses on Facebook. Manager admins can do anything on your business pages from posting updates and comments to banning users and sending messages to fans. Content Creator admins can also post to your page while Moderators can create ads and view insights. These roles require extreme trust and should be given to professionals with a proven track history of correct social media management at the very least. To minimise the risk of problems down the line, think about the employment process. When looking for social media candidates, be sure to:

  • Suss out their LinkedIn
  • Check their personal social pages to make sure they’re not bashing their current boss
  • Ask for references and follow them up carefully


  • Keeping log of who can access accounts

Accountability is crucial when it comes to protecting your social media accounts from employee sabotage. People are more likely to do something malicious if they won’t get caught, so always keep a log of who can access accounts and check in with these individuals on a regular basis to ensure they know they’re being monitored. If you’re not sure who has access or you recently took over as social media manager, change them all. Then only inform the relevant people.

#2 Prioritise Password Security

All social accounts should be secured via a password to protect your digital marketing campaigns. If an employee leaves the company, change the passwords immediately so they can’t access and sabotage your accounts remotely. While most employees will leave quietly and have no desire to do you harm, others might want revenge. Particularly if they’ve been fired. Never write passwords down, share them or leave them viewable on Google Docs or other software with open access.

Top tip: Make the most of professional password manager systems for your business such as Dashlane or RobotForm. These are designed to keep company passwords safe, secure and away from prying eyes.

You can also…

  • Use two-factor authentication

On platforms like Twitter, you can use two-factor authentication as an extra layer of security. Instead of only entering a password to log in, you’ll also enter a code or use a security key. This additional step helps make sure that you, and only you, can access your account. After you enable this feature, you will need a password, along with a secondary login method – either a code, a login confirmation via an app, or a physical security key to log in to your account.

How to Keep Your Content Marketing on Track

Employee sabotage often involves infiltrating your content marketing strategy and posting things you’d never normally say as a brand. So, how can you stop bad content getting out?

#1 Implement a Social Media Policy

Building a social media policy will hold employees accountable for their social media behaviour and tighten the reign on business activity online. Strict guidelines issued to all social media personnel will ensure staff:

  • Stick to your brand vision and voice
  • Respect social media goals for the organisation
  • Know which departments/titles/office can and cannot post
  • Comply with industry regulations
  • Understand the consequences and legal risks of going astray

By having a solid structure, you give employees less wriggle room to bolt and run free with their own digital rhetoric.

#2 Create a Hub of Shareable Content

As part of your social media policy, you could create a hub of sharable content pre-approved by a team of content moderators. This can be shared by employees and will guide them on what content they should be using, preventing malpractice and sabotage. Anything miscellaneous will stand out like a sore thumb.

#3 Implement Social Listening

Content marketing is a fast-paced world. It’s important to stay on the ball just in case you have to handle negative PR. This could come from an outside source – or someone in-house. Social listening tools such as Agorapulse will keep track of @mentions as well as comments on your posts to ensure negativity doesn’t slip through the net.

With such tools in place, disgruntled employees will have a more difficult time slipping in malicious posts – even from their own private accounts – without them being noticed.

#4 Have a Crisis Plan

Marketing is all about staying in the public eye – preferably for the right reasons. PR disasters can occur due to  employee sabotage.

So, what should you do when this happens? Well, refer to your crisis plan of course. Tips include:

  • Knowing exactly who can and should respond from the marketing/social media management response team
  • Drafting pre-approved and compliant statements to put on your social accounts while you research what happened. This should include a template for individual consumer comments as well as something more general as a status update.
  • Acknowledge the incident and be as honest as possible.
  • Limit further damage by contacting Twitter, Facebook or Linkedin to report a hack or to report a fake account impersonating your brand.

How to Avoid Theft of Leads and Marketing Data

Many employees leave a business to set up their own companies. So, your leads and data might look extremely tempting. As a business it’s really important to protect your own back – here’s how:

  • Create account checklists

Take note of all systems used by every single employee. When they leave, block access immediately. Don’t sit on it for a few days as a lot of damage can be done during this time.

  • Avoid group logins

These are often cheaper, but if an ex-employee decides to log in from home, they could steal confidential company information. Additionally, be selective about who has access to certain logins. For example, when I was social media manager at a large finance company it was just me and my boss. when he left, I changed the passes. It’s essential.

  • Say no to personal devices

Marketing data can be stored on personal devices. So, it’s best to have a strict company only storage space accessible only via company devices. Similarly blocking USB sticks and setting up system detection for emailed files can prevent theft.

  • Add your name to the company email list

Adding your own name and email to the company email list will tell you immediately if the data has been sold to another company. But of course, by then it is too late.

Treat Employees Well to Prevent Sabotage Attempts

Happy employees are less likely to cause damage to your business. So, be sure to look after the wellbeing of your staff. This could mean everything from staff incentives and bonuses to providing an effective stream of communication between employees and managers. Employers need to feel respected and listened to, so you could also do social media shout outs for good work, acknowledge staff that have taken part in corporate responsibility initiatives and so on.

If you have to fire an employee, even if they were at fault, it’s essential that you do so in a sensitive and legally correct manner. And make sure you maintain control of the accounts afterwards.

The risk of employee sabotage is less of an issue with an external agency who is not an employee. At my agency Contentworks, we ensure upmost protection for our clients and offer compliant content for all industries. If you do choose to outsource to an agency, keep an eye on who is being added as admin on your accounts and be sure to remove them when you part ways.

For more information about social media management, click here to contact me.

Share Article