Preventing a Social Media Hack
Hacks happen and sometimes the damage cannot be undone.
Sony Music's Twitter account, for instance, was recently compromised with the hackers falsely claiming Britney Spears had died - causing speculation in the Twitterverse about whether the news was true (it's not) and, of course, embarrassing the Sony brand.
Similar to a website hack, brands will want to be transparent about the event and immediately apologize and provide any steps necessary on the end-user's behalf (particularly if the hacker posted links to pages where customer information could be stolen). Before brands get to the aftermath of a hack, however, there are some ways to protect credentials such as:
• Do not share the actual login credentials to the networks with employees (who may leave the company or be irresponsible with their care). Rather, use a single login within a social media management platform (with access to all the accounts they are responsible for accessible through the platform).
• Remove employees who do not need admin access any longer due to job change, responsibility changes, etc. Likewise, change passwords during these "events."
• Do not use the same password or similar letter/character combinations for multiple corporate accounts, which makes them easy to guess by employees with malicious intent or, worse, when hackers get into one account they can easily access other accounts.
• Instruct all employees to avoid unsecure Internet connections (like when traveling or working remotely) when logging into corporate social media accounts or management platforms.
• Constantly monitor brand mentions and set a social media management platform’s inbox to include “sent” messages (or risk not seeing outbound messages that may be malicious and warn of a hack).
• Use two-factor authentication whenever possible.
• Limit the use of third-party applications to manage social media as apps with poor security measures can be a point of entry for hackers.
• Leverage a solution that reduces the risk of social media account takeovers like a monitoring solution such as Proofpoint, which locks down accounts when it detects malicious intent.
• Avoid making enemies with competitors, staff or other people who may wish to do your brand harm.
• Establish protocol to change passwords after a certain amount of time.
• Consider social media account credentials as critical and as sensitive as financial, operational or other high-risk areas of a business.
• Educate employees (whose personal social media accounts are tied to corporate Pages) to avoid using their social credentials to sign into Web pages.
• Require that employees with access to social media accounts, protect their personal devices with a password or Touch ID and that accounts do not to remain signed in.
• Have a plan in place when credentials are compromised to immediately regain access.
Even with the above precautions, hacks still happen but limiting who has access to a company's social media credentials (whether it's a third-party app or multiple employees) is a critical step to take when securing a brand's social accounts.