The emergence and importance of social media accounts as a mouthpiece for large and small organizations alike has happened very rapidly. When combined with the nature of the services being free, external and easy to set up, you get a situation ripe for security lapses that can expose a highly-visible communication channel to hackers.
There have been several high-profile Twitter account hacks recently; two examples are the Associated Press and the Financial Times. These hacks are quite easy to perform and don’t require much sophistication, allowing any lone actor or small group to hijack accounts - often resulting in very embarrassing, detrimental scenarios. As the Associated Press example shows, the hacks can even impact global stock exchanges!
For global brands, it’s becoming more a question of when, not if, someone will try to hijack their accounts. Luckily, there are a few simple things your firm can do in defense:
- Make sure that all passwords are as strong as possible. Each social media account you have should have a different password, made up of truly random characters.
- PC Tools Secure Password Generator offers some help by creating them for you.
- It's a good practice to change your passwords on a regular basis.
- Passwords should not be written down, emailed or otherwise shared. They should only be stored in an encrypted fashion, such as a password manager would do.
- Again, don’t ever share your password with anyone. You hear this all the time, but it’s worth mentioning, as some recent attacks have taken advantage of people doing this.
- If possible, enable a two-factor authentication requirement for your accounts. This means in addition to just a password, i.e. something you know, you should also require something you have, like a dongle or phone, for login access.
- Twitter and Facebook have this as an option now, but make sure you turn it on, as it’s not enabled by default.
- Don’t use personal or even individual email accounts for social registrations. Create a separate account only for that purpose.
- It's also a good idea to use an email account outside of your firm's domain for your profiles.
For more tips on how to keep your social media accounts secure, check out these great resources:
- HBR Blog Network: Hack-Proof Your Company's Social Media
- InformationWeek: Twitter Trouble: 9 Social Media Security Tips
- HootSource: The Onion’s 4 Tips for Social Media Security
- HootSuite University Lecture Series: How to Protect Your Brand Against Social Media Hackers