How to Do a Social Media Audit: A Complete Guide

A social media audit is a systematic review of what is publicly visible across your social media accounts. It is the starting point for understanding your digital exposure — and for most professionals, the results are surprising. The gap between what you believe is visible and what is actually accessible to a determined searcher is consistently wider than expected.

This guide walks through the major platforms used in the UK, explains what is public by default on each, and outlines the steps you can take to assess your own exposure. It also explains, candidly, where a self-audit reaches its limits — and where professional screening becomes necessary.

If you have never conducted a social media audit, the time to do so is before someone else conducts one on your behalf. Employers, investors, journalists, and regulatory bodies increasingly treat social media screening as standard due diligence. The question is not whether your social media will be examined, but whether you have examined it first.

LinkedIn: The Professional Profile That Reveals More Than You Intend

LinkedIn is the platform most professionals consider when they think about their online presence. It is also the platform where the false sense of control is strongest.

By default, LinkedIn profiles are public. Your headline, summary, experience, education, skills, endorsements, and recommendations are visible to anyone — including people without LinkedIn accounts, via search engine indexing. Your activity feed, including posts, comments, reactions, and shared articles, is visible to your network and, depending on your settings, to the broader platform.

The audit points for LinkedIn are specific. Review your activity feed for the past twelve months. Every post you have liked, every comment you have made, and every article you have shared is part of your public professional record. Political commentary, controversial opinions, engagement with divisive content — all of this is visible and attributable. For senior professionals, a single intemperate comment on a political post can become a liability during a board appointment process or media inquiry.

Check your connections list visibility. By default, your full connections list is visible to your connections. This reveals your professional network — which, in competitive intelligence terms, discloses your relationships, potential clients, and strategic associations. Consider whether that visibility serves your interests.

Review your endorsements and recommendations. Endorsements from individuals whose own profiles are problematic — whether through controversial content, legal issues, or reputational concerns — create association risk. Recommendations you have written for others are equally visible and equally attributable.

Finally, search for yourself on Google with the query "your name" site:linkedin.com. The results show you what Google has indexed from your LinkedIn activity, which may include content you have since modified or removed from the platform but which persists in Google's cache.

X (Twitter): The Archive That Never Forgets

X presents a particularly acute audit challenge because of the platform's architecture: it is designed for rapid, informal, and often reactive expression. Content posted in the heat of a moment — a political reaction, a frustrated reply, a joke that aged poorly — persists in the archive with the same permanence as a considered professional statement.

If your account is public (the default setting), your entire post history is searchable. Advanced search operators allow anyone to filter your posts by date range, keyword, and recipient. This means that a journalist, employer, or adversary can search your account for specific terms — political figures, controversial topics, competitors' names — and retrieve every instance where you mentioned them, regardless of when the post was made.

The audit process for X begins with your own advanced search. Use the platform's search function with the filter from:yourusername combined with keywords relevant to your professional context. Search for terms related to your industry, competitors, political figures, and any topics that could be construed as controversial. Review the results not through your own eyes, but through the eyes of a hiring manager, a journalist, or an opponent in a commercial dispute.

Review your media tab. Every image and video you have posted is aggregated in a single view. Images that seemed innocuous at a social gathering may present differently when viewed in the context of a professional screening. Review your likes tab as well — on X, liked posts are public by default. Liking a controversial post creates the same association as sharing it, from a screening perspective.

Check whether your account is indexed by the Wayback Machine. Even if you delete posts, archived snapshots of your profile may preserve them. This is a particularly common issue for accounts that were active during election periods or significant public events, when archiving activity increases substantially.

Facebook: The Personal Life Made Professional

Facebook is where most social media audit failures originate. The platform's history as a personal social network means that many professionals have accounts containing a decade or more of personal content — photographs, status updates, group memberships, event attendance records, and comments — that was never intended for professional scrutiny.

Facebook's privacy settings are more granular than most platforms, but they are also more complex and have changed repeatedly over the platform's history. Content that was posted under one privacy regime may have been re-categorised under subsequent updates. The audit requirement is therefore to check the current visibility of historical content, not to assume that past privacy choices remain in effect.

Use Facebook's "View As Public" feature to see your profile as a non-friend would see it. Check your profile photo and cover photo (always public), your bio information, your friends list visibility, and your timeline posts. Review your tagged photos — images in which you have been tagged by others. Unless you have enabled tag review, these tags may have been applied without your knowledge and may associate you with content or events you would prefer not to be publicly linked to.

Check your group memberships. Facebook groups you have joined are often visible on your profile, and the names of those groups constitute an association risk. A group membership in a political, ideological, or special-interest group creates an inference about your views — regardless of whether you actively participate.

Review your comments on public pages and posts. Even with a locked-down personal profile, comments you have made on public posts — news articles, brand pages, political figures' posts — are visible to anyone who views those posts. These comments are often overlooked in self-audits but are readily discoverable through systematic screening.

Instagram: Visual Content and Location Data

Instagram's visual nature creates a distinct category of audit risk. Photographs communicate context, association, lifestyle, and behaviour in ways that text cannot. A photograph at an event, a location tag at a venue, a story highlight from a holiday destination — these visual fragments construct a narrative about your life that may or may not align with your professional positioning.

If your Instagram account is public, your entire photo grid, stories highlights, reels, and tagged photos are visible to anyone. The audit process involves reviewing not just your own posts but the posts you are tagged in, the accounts you follow (visible by default), and the comments you have left on others' content.

Location data deserves particular attention. Instagram posts and stories frequently include location tags that disclose your movements, travel patterns, and the establishments you frequent. For individuals with personal security concerns — and for any professional subject to surveillance by competitors or adversaries — this location data represents a significant operational security vulnerability.

Examine your stories highlights. These curated collections persist on your profile indefinitely (unlike ephemeral stories) and often contain content that was originally shared as transient but has been inadvertently preserved. Review each highlight for content that presents risk in a professional screening context.

TikTok: The Platform You Forgot You Used

TikTok presents an emerging audit concern, particularly for younger professionals and those who created accounts during the platform's rapid growth. Even if you no longer actively use TikTok, a dormant account with historical content remains discoverable.

TikTok's default privacy settings make accounts public. Videos you posted, even experimentally, remain visible unless specifically set to private or deleted. The platform's algorithmic distribution means that content you created for a small audience may have achieved wider visibility than you realise — and may have been downloaded, re-shared, or screenshotted by others before any retrospective privacy adjustment.

The audit for TikTok is straightforward but often neglected: search for your name, your username, and your known email addresses on the platform. Check whether an account exists. If it does, review its content and privacy settings. If you have forgotten the account's credentials, the content remains publicly visible regardless.

The Google Layer

Beyond individual platforms, the most important audit step is to examine what Google shows for your name. Google is the default research tool for anyone conducting due diligence, and the results it returns define the first impression of your digital footprint.

Search for your full name in quotation marks. Search for your name combined with your employer, your city, and your industry. Search for your name combined with terms like "controversy," "court," "tribunal," or "complaint." These are the searches that a journalist or screening analyst would conduct. The results — including cached pages, image results, news articles, and social media profiles — constitute your discoverable digital footprint as seen by the outside world.

Google Image Search is equally important. Images associated with your name — whether from social media, corporate websites, event photography, or media coverage — appear in a single aggregated view. Review these results for images that present risk: informal photographs, images from events you would prefer not to be associated with, or photographs that have been taken out of their original context.

Check Google's "People Also Ask" and related searches for your name. These algorithmically generated queries reveal what others are searching for in association with your identity — and they can surface unexpected connections or concerns that you may not have considered.

The Limits of Self-Auditing

A self-audit is a valuable exercise. It surfaces the most obvious exposures and provides a baseline understanding of your digital visibility. But it is inherently limited by three structural constraints.

First, you cannot see what you do not know exists. Archived content, deep web references, data broker profiles, and cross-platform correlations are not visible through standard search. A self-audit finds what Google shows you. Professional screening finds what Google does not.

Second, you cannot assess your own content objectively. A post that seems unremarkable to you may be interpreted very differently by a hiring manager from a different political perspective, a journalist looking for a narrative, or a regulator applying a strict interpretation. Professional screening applies risk classification frameworks that evaluate content against defined categories — not against the subject's own assessment of their intent.

Third, you cannot audit at scale. A thorough screening of a single individual's digital footprint across all platforms, public records, archived content, and metadata requires tools, access, and methodology that are beyond the scope of a browser-based self-review. The volume of data, the number of sources, and the analytical framework required to assess risk systematically make professional screening a fundamentally different exercise from personal searching.

A self-audit tells you what the surface looks like. Professional screening tells you what lies beneath it.

Frequently Asked Questions

How long does a social media audit take?

A thorough self-audit across five major platforms, plus Google search review, typically takes three to four hours for an individual with moderate social media activity. For professionals with extensive posting histories or multiple accounts, the process may take a full day. Professional screening, which applies automated tools and structured methodology across a broader range of sources, is typically completed within 48 hours.

Should I delete old social media posts I find during an audit?

Deletion removes content from the platform, but it does not remove it from search engine caches, web archives, or screenshots taken by third parties. Before deleting, consider whether the content is likely to have been archived. For high-risk content, professional advice on remediation — which may include takedown requests, de-indexing, or contextual content creation — is more effective than deletion alone.

How often should I conduct a social media audit?

For most professionals, an annual audit is a reasonable baseline. Audits should also be conducted before specific events: a job application, a board appointment, a media appearance, or international travel where digital screening may be conducted at the border. Any change in your public profile — a new role, a public statement, a media mention — should trigger a review.

Can an employer conduct a social media audit on me without my knowledge?

In the UK, employers can view publicly available social media content. However, the ICO recommends that employers inform candidates if social media screening forms part of the recruitment process, and that any screening is proportionate, documented, and conducted with a lawful basis under GDPR. The use of third-party screening providers adds a layer of compliance and defensibility that internal, informal checks lack.