So who has access to your social media accounts? It\u2019s a question that many CIOs probably don\u2019t ask themselves very much or at all. However, we just experienced one of the most highly publicized and bizarre social media gaffes during the 2016 NFL Draft. Someone might say this is simply an isolated incident in the sports world, but a strategic CIO, thinking about the long-term security of his or her company or organization, should be looking long and hard at this event and reading between the lines.\nLaremy Tunsil, a talented offensive tackle out of Ole Miss, was touted in the months leading up to the NFL Draft as a potential Top 5 pick, if not in fact, the No. 1 overall draft pick. Thirteen minutes before the draft started, a video of Tunsil smoking marijuana through a gas mask surfaced on his Twitter account. The news spread quickly, and it was reported that many teams who were thinking about drafting Tunsil went in another direction. He went from a potential top pick, to being drafted at No. 13. He wasn\u2019t even the top player taken at his position. And it cost him millions in potential salary.\nNow you might say that he didn\u2019t fall that much; he\u2019s still a first-round pick and at the end of the day, he\u2019s still going to make millions of dollars.\nBut hypothetically, let\u2019s change the scenario from a football player to a high-profile executive, and instead of the NFL Draft, the event is a product announcement or merger or acquisition. Right before that executive goes to speak to the press, a nefarious personal video appears online from one of the company\u2019s social media accounts. The company\u2019s reputation is negatively impacted.\u00a0 It is also possible that losses in company value can occur. The Board and shareholders are not happy. There may also be reputational damage to the executive and more importantly to the brand.\nWe\u2019re also talking about a major piece of good company news turning into a PR nightmare.\nIt\u2019s now being reported that the person who posted the Tunsil video had access to Tunsil\u2019s Twitter account. But insider threats are often greater than external threats. CIOs need to be proactive about laying out a strong executive internal social media governance plan so this scenario doesn\u2019t happen.\nBefore laying out a company-wide plan, a CIO should first look to the top and take these immediate actions:\n\nUnderstand which executives at the company are actively engaging in social media on behalf of the company and see what social media sites they post to, what social media identities they use to do the posting, what platforms they post from and what type of content they post.\nDetermine who have access to these accounts. For instance, does someone in the marketing department run the CFO\u2019s LinkedIn page? Do their teams or assistants have any passwords to their devices or accounts?\nDetermine how regularly passwords have been changed.\nFor people who have access to these accounts, determine whether any team members have left the company and whether the passwords have been changed.\nDetermine what social media identities may be out there purporting to be the executive or the company and assess whether they are valid or whether they were set up by someone with an anti-company agenda.\nTo the extent possible, understand the non-company related (i.e., personal) social media presence of senior executives. Ensure policies are clear on the use of personal social media accounts to disclose company business.\n\nThis isn\u2019t a sports problem: it\u2019s a general business problem. When reputation, revenue and jobs are on the line, regardless of the scenario, the outcome needs to be the same: locked down.