How NOT to Have Your Social Media Accounts Hacked
By HootSuite CEO, Ryan Holmes
“…(Sold) to MacDonalds because the whopper flopped” is a phrase that probably still sends shudders down the spines of members of Burger King’s PR team.
After all, these were the words emblazoned across the popular fast food chain’s official Twitter profile on the morning of February 18—courtesy of hackers (yet to be identified).
With the “tweet-jacking” came a slew of irrelevant and nonsensical messages from the account, like: “Try our new BK(℠) Bath Salt! 99% Pure MDPV! Buy a Big Mac, get a gram free!” In fact, in the 71 minutes that the account was hacked, 53 tweets were sent and retweeted 73,421 times.
Although Burger King worked quickly with Twitter to temporarily shut their account down, dozens of headlines were already bringing the story into the public spotlight. Then, a mere day later Jeep’s official Twitter account was hacked (“Just Empty Every Pocket, sold to Cadillac…” read the new company “description,” while its profile photo was replaced with the Cadillac logo).
Suddenly it seemed Twitter attacks were everywhere. And the question on people’s minds became, how can we prevent this from happening to us?
Well, the bad news is that there is still no such thing as an impenetrable social media account. But the good news is that there are certainly ways to strengthen the fortress, making it much less appealing to hackers.
Here are 4 key tips that will help protect you and your brand from social media pirates:
1. IMPORTANT: Make your password bombproof. Simple—even medium-strength—passwords mean vulnerability. With your company’s reputation on the line, isn’t it worth taking a few extra measures to build a password of steel? Follow some simple steps to create company social media passwords that are complex, but easy to remember. Also, NEVER save your password on computers you share, or mobile devices you could lose or have stolen. (This means absolutely no more storing passwords on a post-its, spreadsheets or in email.)
2. Know when to hold ‘em: Keep company passwords hidden. Social media has gone mainstream—even in the workplace. What does this mean? Whole teams of staff, from interns to top executives, are now sending out messages from the corporate Twitter, Facebook, or LinkedIn account. Consider implementing a password management solution, like LastPass or KeePass to store, distribute, and manage your organization’s secrets. These systems let you and your team share passwords without actually making them visible.
Another very effective way to reduce the number of passwords floating around is with single sign-on technology, or SSO. The term ‘single sign-on’ might sound complicated, but it’s actually very simple in premise: SSO lets employees log into company social media accounts with the same username and password used for their company email account. This means access to a company’s main social media accounts is kept in the hands of one trusted central administrator, who holds the real “keys,” or passwords, to all social profiles. Similarly, putting employees into teams and giving them different levels of permissions, is another very effective way to keep your company’s social media accounts protected. This will allow administrators to give employees across an organization rights to post content on a social network—without ever giving out the password.
3. Click with caution. Are you sure you know how to spot a malicious link? Spammy links are a common way to hoax or phish in order to compromise social accounts. One sure-fire way to prepare for these potentially dangerous moments is to make sure your team is accessing social profiles through a secure third-party social media platform. Why? If a malicious link is clicked, a tool like the HootSuite dashboard will act as a buffer, giving you a warning so you can protect your valuable company Twitter or Facebook account from being hijacked. Also, this may seem obvious, but don’t click on links in emails that tell you to change your social media network’s password.
4. Get your money’s worth. Send out your paid social media messages from a secure platform. Believe it or not, paid social media (like Promoted Tweets and Facebook’s Promoted Posts) is a billion-dollar business trend that is simply skyrocketing in popularity. Why? It works. For example, Promoted Tweets have shown engagement rates that are up to 15 times greater than traditional internet banner ads. So as more and more companies dole out large sums for tweets to promote their brands, it’s essential that they are diving into these products with security as a top priority. After all, what would be worse than dumping tens of thousands of dollars into social media advertising, only to have some hacker come along and with a few inappropriate tweets, ruin the entire investment? Choose and utilize a trusted social media management tool that allows you to buy ads right from within the platform—providing all of the security features mentioned above.
Burger King and Jeep aren’t the first big names to be put through the social media security gauntlet. Remember in 2011 when Fox News’ hacked Twitter account began sending out Tweets announcing that Barack Obama had been shot and killed? Or when, a few months later, NBC’s compromised handle reported an airplane crash at Manhattan’s Ground Zero? Celebrities have also very publicly victimized, like last year’s embarrassing hack into teen pop sensation Justin Bieber’s personal Twitter profile. Twitter hacking will likely be around as long as social media is, but with more businesses than ever using social networks to promote their brands, the need for advanced security and precaution is higher than ever.
This post was originally published on the LinkedIn Influencer blog, a new resource that brings together regular insights from hundreds of thought-leaders around the globe. To find out how you can follow world leaders, educators, industry experts and others (including HootSuite CEO Ryan Holmes), read this post: “How to Follow Richard Branson, Barack Obama and…Ryan Holmes on LinkedIn“