Anyone who manages their company’s social media for a living operates every day in fear of being the one at the helm when the company Twitter account is hacked. But most of them don’t really do much to mitigate that fear. This is a critical error of epic proportions.

Let’s state the obvious: Social media governance is not the sexy side of social. It is about as exciting to most social media managers as getting a tooth pulled. But focusing on it is the number one way to avoid your company being in the headlines because criminals hacked your account and something terrible was posted. View it as job security if you have to.

At its core, social media governance equates to one thing: eliminating risk. And there are a lot of risks. You tackle these by putting proper processes and procedures in place and managing your social media accounts in a centralized manner.

If you still need convincing that focusing on governance is worth your time and energy, or if you need help making the argument for the resources you need to do governance well, let me help. Here are the top seven risks of not focusing on social media governance for your operation:

1. Risk to your brand

Obviously, if hackers gain access to your social media accounts, they’re not there to be nice. Ask yourself how much damage would be done if criminals gained access to your social media accounts and Tweeted something nasty, changed your account to look like your primary competitor’s account or converted it over to make it look like it supports terrorist groups (note: all are real examples). How much would your credibility be damaged? And what about your brand?

2. Compliance and regulatory risk

Depending on your industry, you may have additional rules guiding what your company can and cannot say publicly. Companies in the financial, medical and pharmaceutical industries all have additional considerations. If I pull out my crystal ball, I’d predict other industries like travel and energy are not out of the woods yet.

Industry aside, all companies have to worry about violating government regulations regarding social media. If you have trouble getting budget to do some of this governance work, tell your leaders this could cost them $50 million, or more. Not paying attention to governance can land you in hot water with a number of regulatory agencies, from the FTC to the governing body in Europe that hands down GDPR fines. Some of these fines are whopping amounts in the millions (and they’re in Euros!) And, be extra aware if you manage a major brand. Regulatory bodies love to make examples of big companies that will get big headlines.

Again, sitting with my crystal ball, I predict it is only a matter of time until we have a U.S. equivalent of GDPR. Individual states including California and Virginia already have instituted their own versions.

3. Legal risk

As companies rely more on social media as a form of customer service and communication, chances are higher that lawsuits based on social media will emerge. If you cannot say definitively who had access to your accounts at a given time or who posted a specific item or comment, you may find yourself unable to defend yourself to your supervisors, your legal team or a court of law.

4. Human risk

To err may be human, but if the human happens to be a social media manager, forgiveness is a hard thing to come by. Bottom line, people absolutely make mistakes. But the proper tools and procedures make it a lot less likely that someone will accidentally post from the company account instead of their personal account or that they will do something else that causes you a self-imposed PR “incident.” It also saves you from having to fire someone.

5. Risk from your own people (internal risks)

A lot of companies do not have firm rules about what employees are allowed to do on social media. Employees may accidentally share items that include confidential information (such as financial or HR data) or air personal grievances against the company or coworkers in a very public forum. Not having official policies and rules makes it hard to hold people accountable, and it makes it hard for employees to know what is and is not OK.

6. Security risks

Criminals gonna criminal. That’s the bottom line. But hackers and cybercriminals like easy targets. They go for the ones with terrible security and no tools in place. So don’t make yourself an easy target. And if you are a Fortune 500, you are most definitely being targeted.

Make sure you know all of your account passwords (or better yet, are using a password management tool). Make sure you’ve turned on two-factor authentication (2FA) for all accounts where available. Know who has access to your accounts at all times, including partners and agency teams. And ensure there is a process and standard operating procedures for starting new accounts, maintaining existing accounts and shutting down retired accounts.

7. Third-party apps risk

Many times, criminals find their way into your systems via a less-secure third-party app or tool that you’ve connected to your main account. View it as a kind of unsecured back door. Make sure that you are regularly evaluating any third-party tools you have connected to your social media accounts, and make sure you are vetting their security as well as your own.

With all of these risks out there, the smart bet is to take the steps needed to master social media governance. Do this with process, protocols and the right tools. In the end, it will save you much more grief than it causes.